Creation Center
  1. chief security officerHome
  2. Safe operation

Cybersecurity Challenges for Industry 4.0

SnowFlake Safe operation 1886 views

The Fourth Industrial Revolution, or Industry 4.0, is seen as the next step after the industrialization of computer automation that has occurred over the past fifty years. This new revolution is driven by buzzwords such as IIoT (Industrial Internet of Things), integrated cyber-physical systems, big data, artificial intelligence and digital twins. It's no different in the chemical industry. But no matter how they make facilities "smarter," all of these technologies have two things in common: they are data-driven and require hyper-connectivity. These two characteristics represent the next big challenge for cybersecurity in these industrial environments.

background

rightIndustry 4.0The need is clear. The drive for improvement within the chemical sector is critical. In addition, the chemical industry contributes to almost any other manufacturing supply chain, so there is also great potential. Product improvements, increased cost efficiency and business optimization are some of the key drivers of this digital transformation. All the more reason to expect this trend to continue. But what about digital security?

Traditionally, industrial control systems (ICS) or operations technology (OT) have been strictly separated from the enterprise IT network. the ICS Purdue University reference model finds too many facilities and describes a layered, well segmented network. One of the main reasons this is so important is that many ICS components, such as automation controllers, PLCs, and SCADA systems, are not designed with security in mind. They need to be safe and secure, and security becomes an afterthought. Of course.cyber securityThere's more.

rather than network segmentation.Standards such as IEC 62443 define how to use thecyber securityManagement systems manage cybersecurity risks to an acceptable level. Whether the current average security posture is mature enough to defend against cyberattacks such as ransomware can be controversial. Unfortunately, in practice, we see many examples to the contrary.

In addition to these challenges, Industry 4.0 initiatives are driving hyper-connectivity, which is leading to greater exposure of OT networks, more generalized IT services, and the use of cloud connectivity, "bypassing" the traditional segmented reference model. Again, this is not necessarily a bad thing if cybersecurity is not an afterthought. Have we learned from the past, or will we make the same mistakes again?

The Case of Cloud Diagnostics:

In the first example, a solution for collecting data from various OT instruments is realized. So-called "edge devices" collect process and diagnostic data from the instruments and send it to a cloud application for analysis. This cloud platform can be utilized by both end-users and suppliers to perform condition-based maintenance or provide remote support.

The edge device is installed on a network with two separate network connections, a so-called "dual-homed" system. It has one connection in the It network to communicate with the cloud and a second connection in the OT network to collect information from the OT instruments. The cloud connection is also protected by a secure encrypted VPN tunnel. In addition, the edge devices are configured to send data only from the OT network to the cloud; traffic to the OT network is not possible.

At first glance, this appears to be an appropriate, secure and well segmented solution. However, when devices were added to the overall network diagram, it became clear that it had the potential to create bypasses between the OT and it networks. A detailed review of the IT network and a network scan revealed a running management service for configuring edge devices. The end user is unaware of this and anyone in the IT network can use this connection. It was clear that the passwords required to access the configuration were in a default state, easily retrieved from the vendor manual. In addition, the edge device is running outdated firmware that contains open security vulnerabilities. All these facts together provide a previously unknown attack vector on the edge device. This means thathackerIt is possible to attack edge devices, logging in with default credentials, gaining more privileges by abusing known vulnerabilities in older firmware, and breaking into the OT network. This attack path is visualized in this network diagram.

Cybersecurity Challenges for Industry 4.0
Note that this attack path is not available through the cloud, as that portion is still protected by a VPN. However, since the edge device is not installed in a protected network area, such as a firewall-protected IT/OT DMZ, this setup provides a potential bypass for jumping from IT to OT environments. This issue was identified by performing a threat modeling assessment in conjunction with a vulnerability assessment. These methods are described in more detail in the solution section.

Remote Access Gateway Case:

The second example is about a remote access gateway. This is a communication device that provides remote access and diagnostic data to a third party supplier. In this case, it is part of a service contract that comes with some heavy machinery installed in a plant. The supplier uses the remote access for remote maintenance and troubleshooting in case of any operational problems. The benefits to the end user are obvious: less downtime and lower maintenance costs.

Remote access gateways are also configured and installed by the vendor in cooperation with the on-site maintenance team. The gateways use VPN tunnels with the strongest available encryption to create a secure network connection to the vendor.

Cybersecurity Challenges for Industry 4.0

Again, this setup looks very secure on the surface. While the VPN tunnel itself is secure and protected, the way it is set up introduces multiple security issues.

The first question is about remote exposure. Since the gateway needs a bi-directional connection from provider network to provider network, it needs to allow this traffic in the firewall. However, for reasons unknown, the firewall is not restricted to only allow VPN traffic from a specific vendor, but rather all types of traffic from anywhere on the Internet. This is likely due to the fact that not much attention was paid to network security during the installation and commissioning of the heavy machinery, and the gateway was only a small part of the delivery. Another common reason for misconfiguration is that the solution did not work properly during the commissioning process and the firewall rules were relaxed during troubleshooting. Afterwards. these settings are retained. it is not uncommon for IIoT devices to find themselves directly connected to the Internet and can eventually be found via for example Shodan1 (a specific search engine for connecting devices). There are even specific subsections dedicated to OT devices and protocols.

The second issue is the configuration of the gateway. Since this is part of the vendor's scope, the vendor is also responsible for the security maintenance and configuration of this device. Since all traffic to the gateway is encrypted by the VPN, the end user had no idea what the vendor could do on this device. Upon investigation, it became clear that the vendor could potentially update the configuration and provide itself with more necessary privileges.

Finally, the gateway function is to provide remote access to specific components of the machine in question. However, due to the poor implementation of this device, the gateway can also directly or indirectly access more devices. Furthermore, due to the lack of segmentation of multiple network connections, it is theoretically possible to connect to almost the entire OT network.

prescription

The best solution is to incorporate cybersecurity into the design phase of a new project, especially when it comes to IIoT or other remote connections. This applies not only to new facilities, but also to expansions or renovations of existing sites. Of course, this is easier said than done.OT networks are not always suitable for incorporating all technical requirements, while technical expertise may be lacking. Additionally, since most of these solutions are business or operationally driven, they may completely ignore cybersecurity implications during the project phase. Finally, the many different IIoT implementations that provide a variety of connectivity may already exist in facilities that are in the maintenance phase or sometimes not even known to the end user. In the next sections, some possible approaches to provide solutions to these problems are described.

Design Review and Threat Modeling

During the design review, all available and relevant design documents are reviewed and discussed with the technology owner, solution architect, and/or vendor. It is important to note that this approach applies to both new facilities (CAPEX) and existing facilities (OPEX). For the latter in particular, it is valuable to combine this review with a site assessment, as explained in the next section. The benefit of the design review is that the security design can be executed both in the existing environment and in new systems or system extensions based on the design documents in accordance with company security policies, industry standards, and organizational and/design reviews and threat model assessments2 . The second use case described above was identified during the design review assessment. Finally, it is also worth noting that threat modeling will also provide very useful information for subsequent technical assessments, such as penetration testing, which is described in the next section. or industry-specific best practices. Identified design flaws, policy violations, or deviations from these best practices can be mitigated.

For threat modeling, the same design information was used, but this assessment took a different approach and used a hacker's mindset. This is a structured approach to mapping threats across all possible attack paths for the subject within the scope. During the interactive session, a chart is created that provides a complete overview of the attack surface and whether any additional mitigation is required.

On-site safety assessment

The site assessment3 utilizes a more practical, bottom-up approach to identifying risks at the technical level of the site. Design and architecture reviews are combined with site visits and system walkthroughs. The assessment will include all important aspects of the functional requirements specified in IEC 62443.

The first phase of this assessment is similar to a design review, where all existing documentation is analyzed and discussed with the facility owner, technical representatives and/or suppliers. However, additional depth is required to review all major IEC 62443 functional requirements.

During the site visit, the actual system status is compared to the current understanding of the OT network. In addition, device-specific configurations are reviewed to gain insight into potential security issues. For example, firewall configurations, network routing and VLANS, installed software, and running services are reviewed to investigate the exposure of the OT network. In addition, user authentication and authorization, security controls, backup policies, and security monitoring are evaluated to determine OT network resiliency.

Finally, various network traffic samples are passively collected at strategic points on the OT network. These captures use copies of existing network traffic that do not interfere with potentially vulnerable OT devices. The traffic is then analyzed and the results correlated with all previous information. Optionally, specially tailored selective scans can also be performed to retrieve additional information in a least intrusive manner. The results may lead to the discovery of unknown hosts, open ports, weak protocols, unexpected network connections, or other unknown security issues. For example, the first use case described earlier was discovered during a site assessment.

Vulnerability and Penetration Testing

Vulnerability Assessment and Penetration Testing, often abbreviated as VAPT4, goes a step further and is a more detailed technical assessment. The goal is to search for unknown vulnerabilities and test whether these can be exploited. It will also show the consequences of a particular cybersecurity issue and what that means for the organization.

These VAPT tests provide a detailed understanding of current network resilience and what improvements may be needed. However, these assessments are much more intrusive, and older legacy OT systems are known to be unable to handle this. Critical systems may even cease to function while scanning for vulnerabilities. As a result, it is often not recommended to perform these tests in a live OT environment.

At the same time, some techniques do exist, such as passive scanning, which can still be used safely. Alternatively, intrusive penetration testing can still be performed without disrupting the production process by carefully selecting the scope of entitlement or using alternate equipment. Of course, this requires a very specific approach, customized for OT systems and systems in scope. Another great opportunity is to use VAPT testing as part of the installation, testing and commissioning process, such as Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT). This may apply to new systems or system extensions.

The results of the assessment can be used to take steps to close security gaps and reduce risk in the organization. Regarding the first use case, penetration testing can investigate whether the hypothesized attack path is actually feasible for the attacker. The results may determine the final security mitigation solution.

Conclusions and future directions

The trend towards Industry 4.0 and IIoT is expected to continue in the coming years across all industries, including the chemical industry. This will be driven primarily by business and operational benefits. This is fine as long as cybersecurity is not an afterthought. It is important to incorporate security design and operational costs directly into the business case for these smart initiatives and validate their impact on theOT Network SecurityThe impact of the situation. Internal and external security design reviews can assist at this stage. For existing solutions and systems, there are multiple ways to review and validate the current state of security, providing the opportunity to proactively address potential issues before they have any business impact. The ultimate goal remains to achieve safe, secure and cost-effective production and to manage cyber risk to an acceptable level in support of these objectives.

Original article by SnowFlake, if reproduced, please credit https://cncso.com/en/cybersecurity-challenges-facing-smart-industry-4.html

Like (0)
0 0

About the author

SnowFlake

SnowFlakegeneral user

23 posts
0 comments
2 followers
Chief Security Officer (cncso.com) Leading cybersecurity expert think tank~
Previous January 6, 2024 at 6:05 pm
Next January 6, 2024 at 10:35 pm

related suggestion