New threats = rethinking industrial security
Industrial security must become an increasingly important topic according to this year's status report by the German Federal Office for Information Security (BSI). Internet security service provider Tenable explains what matters and how networks can become more secure.
In the course of Industry 4.0, i.e. the networking of industrial and control systems across plants and locations, companies and critical infrastructures (CRITIS) are increasingly coming into the crosshairs of cyber attacks of all kinds. With malware of all kinds, from Stuxnext to CozyBear, HammerPanda to Winnti, social engineering or vulnerabilities in outdated software, criminals are repeatedly succeeding in gaining access to companies and infrastructures. The German Federal Office for Information Security (BSI) itself cites the attack on a German industrial group in 2016, publicly accessible control systems of waterworks, and power outages in Ukraine due to hacked power plants as examples.
Scanner not a solution for industrial security
The advantages of increasing networking, such as flexibility or optimization, are obvious. But the question arises as to how automation environments can be networked and industrial plants and CRITIS secured at the same time. The answer: It is necessary to identify all devices in the network, to know all vulnerabilities and to scan them as continuously as possible in order to discover vulnerabilities as quickly as possible - the BSI also advocates this continuous network monitoring.
Regular, commonly used active scanners are not a solution here. They generate network traffic themselves and slow down networks. Many companies are therefore reluctant to regularly scan their systems for outdated patches or vulnerabilities: The systems are designed for continuous operation, which ensures profitability.
Passive monitoring as the method of choice
Passive monitoring is quite different: Passive monitoring starts at the switching fabric of the network or its egress points and analyzes traffic end-to-end to detect signs of security breaches and unusual behavior. They do not slow down ongoing operations and can continuously look for vulnerabilities and unusual incidents in the network. So they don't just create a snapshot, they continuously monitor the network. This makes them the ideal tool for immediately detecting vulnerabilities in highly sensitive production and control systems so that they can be remedied as quickly as possible.
Rethinking Industrial Security
However, there are a number of requirements for the corresponding solutions. They must cover numerous ICS, SCADA, production and other systems from various manufacturers, such as Siemens, ABB, Rockwell or GE. The basis is that they support numerous protocols. These include standards such as BACnet, DNP3, Ethernet/IP or IEEE C37.118.
Networking plants and infrastructures is necessary - but industrial security must be rethought just like production or service provision in Industry 4.0. This is the only way for operators to benefit and at the same time make life difficult for criminals.
