Intel estimates that 85% of industrial system devices are not networked today. But that’s changing for very good reasons.
Industrial control systems are part of the rapid evolution to exploit connectivity, big data and cloud computing. Manufacturers are designing in new capabilities as their customers pursue advances in automation, and gateway devices are proliferating to connect legacy systems. Numerous business benefits are driving this transformation.
Factory floors, utilities and other industrial installations are becoming more and more intelligent with instrumentation to collect data about the equipment and the environment. This data can be analyzed both locally and in the cloud to trigger maintenance, optimize production or meet regulatory requirements for data logging. Cloud computing is particularly well suited for analytics that are not real time. As examples, monitoring the performance of a device over time enables failure prediction and maintenance ahead of a potentially costly downtime event. Similarly, utilization can be measured and tuning done to optimize energy efficiency. The surrounding facility can be monitored and analyzed for EHS (environmental, health and safety) issues. And, of course, operational insights come from analyzing production data.
All powerful motivators for connectivity and compute.
But security must be designed in as these systems are connected, for this new access to operational data and systems also creates new business and EHS vulnerabilities.
Historically, many industrial control systems have been perceived as secure because they were separate from IT networks and the Internet. This separation is sometimes referred to as an “air gap”. But in the words of a Siemens executive, “Forget the myth of the air gap – the control system that is completely isolated is history.” *
We must assume that industrial systems ARE vulnerable to attack and protect them adequately. And good solutions are available. Many of these systems ship from their manufacturers with predetermined functionality – i.e., they’re not general purposed computing platforms like PCs or smart phones. That means we can “white list” the software that runs on them. Many ICS vendors around the world utilize McAfee Embedded Control to lock down fixed function devices. Firewalls should also be installed on industrial networks, and solutions such as McAfee’s Next Generation Firewall are evolving to support many industrial protocols such as OPC. Operators should also implement good physical security including mechanisms on equipment that disable I/O facilities such as USB ports. At Intel, McAfee and Wind River, we’re working to make it as easy as possible to design in robust security by building pre-integrated stacks and tools into our processors, software and security solutions that can be deployed by both manufacturers and industrial system operators. For more details check out: http://www.mcafee.com/us/resources/brochures/br-seriously-powerful-solutions.pdf
Clearly there are many benefits to cloud connected industry – let’s be safe about it!
*Stefan Woronka, Manager for Industrial Security Systems, Siemens at AusCERT, 2012