Automation IIoT

Fend Off Intruders

EP Editorial Staff | August 1, 2018

By Russell Dietz, Chief Security Officer, GE Digital

In the past five years, we have witnessed dramatic increases in cybersecurity risks relating to industrial-control systems (ICS) and operations environments. Much of this surge has come from the external and chaotic global internet and IT (information technology) world connecting to a hyper-controlled OT (operational technology) climate.

As these disparate worlds have come together, there has been an ever-increasing need to improve all aspects of industrial operations, in addition to a push toward the digital transformation of operational automation. While additional information can enhance the effectiveness of production operations, connecting something to an unbound digital world should never be an objective for an orderly design goal on industrial-control-system networks.

Why are so many external risks exposed when digitizing our factories and production environments? We see many of the same dangers formed by the “shadow IT” world when inappropriately connecting traditional internal IT systems directly to the internet and cloud systems. They were never designed to “live in the wild.”

For operations environments, this truth exacerbates the orderly and expected method our systems use in production networks. Unlike systems designed for the internet, our control systems do what they are told and don’t ask questions. The open digital world on the internet is designed with “trust but verify” as a mantra, increasing the potential for shadow OT systems to be exposed to collateral-damage attacks that designers never anticipated.

This collateral damage is illustrated through two current examples. Governments are investing in nation-state actors—cyberattackers formed into digital armies to gain a defensive or offensive advantage in the new digital cold war. While these digital-weapons tests may not be pointed directly at operations environments, they have proven to affect them quickly and on a large scale.

On June 27, 2017, a major global cyberattack using a new variant of Petya malware began. That day, France, Germany, Italy, Poland, the United Kingdom, and the United States all reported infections. Most of the attacks, however, targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. The following day, many cybersecurity experts estimated that 80% of all infections were in Ukraine, with Germany the second-hardest hit with about 9%.

Over the next several days, it was discovered that this attack was aimed specifically at Ukraine, where radiation-monitoring
systems near the Chernobyl site went offline, and large numbers of Ukrainian ministries, banks, and metro systems were attacked. While the impact was massive, the most concerning devastation came from collateral damage that extended well beyond Ukraine.

That included global production entities and organizations such as advertising company WPP, law firm DLA Piper, and pharmaceutical maker Merck & Company—as well as industrial organizations, including national oil producers, shipping companies, and global manufacturers.

The impact spread to consumer-goods companies such as the U.K.’s Reckitt Benckiser and Beiersdorf in Germany, logistics company DHL, food manufacturer Mondelez, and American hospital-operator Heritage Valley Health System.

This unintended damage extended to JNPT, India’s largest container port, with all operations coming to a standstill. Princeton Community Hospital in rural West Virginia had to scrap and replace its entire computer network and monitoring systems. 

Most noteworthy is that many of these affected systems were indirectly connected to the global internet without the direct knowledge of operational-environment teams.

This is just one example of how chaos can make any company’s digital transformation go off in the wrong direction. The hyper-connected external digital wildlife possesses dangers that have an entirely unintended, and often massive, impact on any business.

While the most likely cyberattack impact will be some collateral damage, the risks of industrial espionage from these external systems are just as relevant. The same shadow OT can expose critical systems to directed impact or provide a way to extract intellectual property that is core to any business.

One of the most substantial mysteries in industrial espionage was the Night Dragon attack in 2009. A network of hackers stole digital information collected by industrial systems containing the location of potential oil reserves from the database of major European and U.S. energy corporations.

This went mostly undiscovered until later that year. The exact identities of the hackers have yet to be established. In the end, poor perimeter design of operational systems caused the gap that opened this data to the internet.

What can be done to enable the digital-transformation journey in the ICS world? Several steps can create a protective barrier and provide a secure method for bridging the divide.

First, improve overall awareness of risks created by entering the cyber world. Most industrial organizations will have massive programs focused on safety and production time.

These same businesses will not have any information on the proper use and integration of digital systems in the industrial-control room or production line. Such companies should enlist outside training and help to build out this awareness program.

Second, have an independent team assess your overall industrial cybersecurity defensive posture. This assessment will give you a head start on corrective actions. You will also be able to prioritize your programs and manage vulnerable systems and processes. A good defense is the best offense.

Third, have a proper inventory of all your industrial infrastructure and systems. Knowledge gained from understanding what you have, how it works, and the current security status will allow you to respond quickly to any direct or indirect incidents.

As you look back over the details, don’t run and hide. Remember, security risks are inevitable–but the attempt to improve the business drives shadow-OT efforts. While you will never eliminate all risk, you can act and prevent the external threats from creating a chaotic operational environment. EP

Services to Build Your Defense

GE Digital works with device manufacturers and system operators to protect critical infrastructure from cyberthreats with our industrial mindset, operational technology (OT) cybersecurity expertise, and purpose-built technology. Customers who utilized our cybersecurity solutions experience have increased operational integrity, regulatory compliance, and improved safety of people, processes, and equipment.

The Achilles Test Platform is used by manufacturers of control systems and critical infrastructure to minimize vulnerabilities. This communications-robustness test system is designed to monitor network and operational parameters—allowing vulnerabilities to be discovered, identified, and resolved before products are introduced to the market.

OpShield is a security solution designed to protect control systems and operational-technology assets. It provides protection from cyberthreats and vulnerabilities in operational environments, and delivers defense in-depth for oil and gas, power generation, transportation, healthcare, and other industries. OpShield monitors and blocks malicious activity and minimizes disruptions to enable highly available operations and secure productivity.

Cybersecurity services help organizations understand operational risk, design effective cybersecurity strategies, and deploy the right operational resilience measures to protect people, processes, and technology. They include:

• security-health-check services to help organizations quickly understand current security posture and immediate threats

• security-assessment services to address critical vulnerabilities and long-term security improvement needs

• security-training services to improve the cybersecurity knowledge base for executives, operators, and developers

• software-security services to mitigate software vulnerabilities before they can be exploited

• device-security services to address device design flaws and reduce the risk of disruption

• security-certification services to ensure security controls and processes meet or exceed industry and regulatory benchmarks.

In the Industrial Internet of Things (IIoT) world, organizations are able to optimize productivity, reduce costs, and achieve operational excellence. This is an exciting time, but can present challenges, questions, and uncertainty. GE Digital offers:

• advisory services to help plan and start an IIoT journey that aligns to specific business outcomes

• managed services to help maintain critical machines from our remote locations around the world using model-based predictive-analytic technology

• implementation services for developing collaborative, multigenerational plans that marry existing investments to the right process enhancements and technology

• educational services to ensure that companies are leveraging security solutions to the fullest extent with our training and certificate programs.

• GlobalCare Support services to help businesses continue to operate at their highest efficiency, all while mitigating risks to investments.

• cybersecurity services to provide industrial-grade security for a wide range of OT network and application topologies.

FEATURED VIDEO

Sign up for insights, trends, & developments in
  • Machinery Solutions
  • Maintenance & Reliability Solutions
  • Energy Efficiency
Return to top