by Greg Graves
February 2021 Update: Since original publication, there have been numerous instances of attacks on industrial control networks. Major attacks include Ukraine and Florida. If you’d like to read more about how these attacks occur and how you can defend yourself, see our newer blogs below:
https://www.reverecontrol.com/2020/07/07/keeping-your-control-systems-and-your-data-secure/
https://www.reverecontrol.com/2019/08/20/scada-basics-cybersecurity/
Imagine: You are the operations manager for a utility with multiple plant locations connected by a network system with a variety of configurations. A new managed switch is installed at one of the plants, and PLCs at another plant location immediately fault, causing process operational issues. Could this have been prevented?
In today’s world, conversations are taking place as to how information technology (office/business) networks interact with operations technology (plant floor or process control networks) to ensure performance, reliability, and security. As technology and data availability have progressed, events like the above are not uncommon and emphasize the need for IT/OT convergence initiatives with attention placed on the control system network.
Ransomware Threats
We are very engaged at the forefront of this discussion, and we have seen the network convergence issue from various perspectives. Recently, we were talking with Brett Brune, Editor-in-Chief of Smart Manufacturing magazine, about how we have responded to past cybersecurity ransomware attacks on our own networks. Fortunately, we were prepared to contain such attacks with minimal disruption and without paying the ransom. You can’t close every possible hole, but a weak network architecture can create major vulnerabilities and lead to significant damage and cost, and the true risks are just beginning to be revealed.
A recent study from Georgia Tech revealed the ability of hackers to directly access PLCs themselves. While there has yet to be a publicly reported attack on an industrial control network (Note: this is now untrue; see above), the researchers demonstrated how hackers could place sample ransomware on a water treatment plant’s network and “command the PLCs to shut valves, increase the amount of chlorine in the water, and display false readings.” Unless IT and OT are sufficiently segregated, hackers can use the business network to take hostage the control networks of public utilities and private corporations, and have full control of the PLCs while they do. This is a serious security threat that researchers expect to become commonplace; they also estimate that the current design of most industrial control systems makes them vulnerable to these ransomware attacks.
Not all threats are malicious. In the example above, the utility’s IT professionals performed the work but were unaware of the need for IT/OT convergence. Luckily, there were no environmental or health impacts of this plant suddenly going down, but many other plants may not be so lucky.
Digital Plant Services and Convergence
Our focus on digital plant services includes the task of network assessment that can reveal significant deficiencies with a network system infrastructure or configuration. The need to implement VLAN strategies and layered security are two ways to build a robust network system while converging the information technology with operations technology. We can further engage with a wholesale redesign and upgrade of both technology networks while offering NIST 800-25 compliance and develop a long-term support strategy to prevent IT/OT crossover issues in the future.
IT/OT convergence is happening, and the threats are real and growing. Fortunately, with some proactive planning and effort, most issues can be easily identified before they become problems.
If you would like to learn more about proactive assessment, let us know at inquiries@reverecontrol.com