With this study we want to invite you to learn more about the world of Operational Technology (OT) with specific reference to cybersecurity.
The study is divided into two articles. The first includes a brief introduction on the importance of data management in the business process, to move on to describe the industrial processes in industry 4.0.
In the paragraph The CIA Concept from Cyber security to the industrial process we enter the heart of the matter by describing the relationships between Confidentiality, Integrity and Availability.
In the second article we go through some examples of attacks on OT systems and the possible consequences. Finally, some tips on the strategies to follow to protect yourself.
Without wishing to be exhaustive, however, we hope that this summary work will be useful for those approaching the cybersecurity of the Industry 4.0 world.
Happy reading.
Introduction
In the industrial process, the management of the data provided by the various sensors is fundamental for the control of the process itself, to foresee maintenance activities in a predictive logic and to be able to establish the quality of the final product.
The data provided by the single sensor is therefore not just a number but is the starting point for a set of analyzes that involve the entire business process, from maintenance to quality to the sales process itself up to intellectual property.
If in the past the sensor was made up of a mechanical "stand-alone" hand or digital system, in which the above was mainly managed by man thanks to his specific skills, today the data travels on the network, can be processed and shared, it can be of help to a remote control activity as well as to predictive maintenance and can ultimately help the management and decision-making process of the company. This evolution is now called Industry 4.0 and connected to it are also business processes of improvement and digitization, also aided by public funds. In Fig. 1 the evolution discussed above is shown in time line.
But, as everything in the network can theoretically be violable, is the single sensor or transducer of the system also so? How secure can the OT (Operation Technology) network be considered? What is the level of security required by current standards and how to prepare for future developments?
If in the past we have seen pressure sensors that indicated a purposely wrong value to protect the true value and therefore the intellectual property of the process to which the sensor was dedicated, does this logic still make sense today in a remotely manageable system?
What did the case of the Stuxnet virus [1] or the ransomware that blocked the management system of the Colonial Pipeline [2] teach us? Without going into such cases, in this brief discussion we want to indicate the basic elements of a protection strategy that, outside the market proposals, can be a guide for the correct use of the available technology. An application example will help to understand the concepts covered and the phases of Early Warning and Incident Response.
Industrial processes in industry 4.0
The term Industry 4.0 indicates a set of actions to improve the entire business process through the application of cutting-edge tools and concepts that are part of a package identified by the European Community with the term "Enabling Technologies". In short, these technologies are listed below:
- Advanced manufacturing solution: all advanced manufacturing technologies, including robotization and automated logistics
- Additive manufacturing: Use and development of production systems through 3D printing and with the use of materials of various kinds in high-tech sectors.
- Augmented reality: 3D simulation systems and augmented reality environments to help operators carry out their work with increased safety and reduced errors.
- Simulations: Simulation of the interaction between different mechanisms aimed at integration
- Horizontal and vertical integration: Horizontal and vertical integration between the various components of the production process to increase safety, reliability and productivity.
- Industrial internet: use of the internet for secure internal and external communications.
- Cloud: implementation of all storage and management / analysis technologies through the use of cloud computing,
- Cyber security: From the two previous points, the need to increase data security is natural.
- Big Data Analytics: Management of large amounts of data through open systems that allow forecasts or predictions.
All of the above is part of the technological background that the company must necessarily have in order to be competitive on the market.
The resulting need for new investments goes hand in hand with the increased exposure of corporate data to possible external attacks. Medium and large companies are addressing their critical areas in a structured way and investing in personnel and protection systems, also aided by various national and international public initiatives, such as the Sabbatini Law [3] or Industry 4.0.
The problem for small companies is fundamentally one of approach to the system, lacking today a widespread basic culture on IT security, often solved with an antivirus installed on the PC or server and an external consultant.
Unfortunately at the level of Cyber Security the fight is unequal: the actual attack times of a criminal on the net are much faster than the evolution of antivirus or the intervention of the technician. Before any intervention, a hacker has had plenty of time to organize the attack, while those who have to defend their system generally find themselves having to respond and recover quickly. The damage that some types of attack can cause to a production process in the OT field is exponential compared to the simple theft of company data made with an email or the blocking of the home PC.
The risk of an attack on the OT system ranges from the production block to the breakage of parts of the plant up to the destruction of the plant itself and of the entire production cycle with possible environmental and territorial consequences.
The two cases cited in the introduction (Stuxnet and Colonial Pipeline) are striking and in fact have had worldwide resonance: attacks of this type are really difficult to counter. But in approaching the development and maintenance of the OT system, the IT security component must be fundamental and always present in all the individual actions of all the individual actors and a necessary safety culture must be basic to favor the harmonious development of the Industry 4.0 concept. The events cited should not be understood in a pessimistic way, thinking that "... if they managed to penetrate a nuclear power plant or a strategic national distribution system, any action I take is certainly not effective" just as the saying "A PC it is safe if it is not networked ”. Instead, a greater awareness of the risks is needed, a careful assessment of the possible specific consequences and therefore the necessary counteracting, recovery and mitigation actions. The research done so far in the Cyber Security field helps us in this, the basic elements of which should be known and applied spontaneously like any processing of the OT system during its operation.
The CIA Concept from the Cyber security of the industrial process
The development of cyber security has gone hand in hand with the technological development of both attack and defense techniques. If only in recent years it has become a common topic of discussion, historically the need to steal / manipulate information and the consequent possible defense has very remote roots (codes and cryptography have practically been born since the time of the Babylonians if not earlier). A presentation of the development of cybersecurity over the past decades can be found in [4].
One of the basic concepts, actually valid in all areas of information management, which has been developed and should be the starting point of any information system aimed at managing data safely, is the CIA triad [5], acronym which in English is explained as: Confidentiality - Integrity - Availability
Or in Italian: Confidentiality - Integrity - Availability.
The set of three actions represent the basis of IT security, at all levels and with the necessary specific developments based on what and how much needs to be secured.
However, this triad finds one of its best expressions in the OT and industrial processes: no industrial process can afford to be available to everyone (lack of confidentiality), with possible variations introduced in a malicious way or even simply unconscious (lack of integrity) and not available. .
An industrial process that does not have this triad as its basis is potentially a process not only at risk for the company but for the community itself: think about what would happen if a virus could manipulate an uncontrolled pressure increase system in a gas tank. o intervenes on the filtering system before the process vapors are released into the atmosphere!
We develop the three components in CIA logic in order to make them explicit in an OT system.
If the OT System is intended as the Operation Technology at the base of the company's production and management system and is conceived in an Industry 4.0 logic, the first concern must be on the implementation model of the CIA in all its aspects. The second concern must be the constant analysis, review and re-verification of the CIA in all its components. The third concern is… no day must go by without the above having been done and re-checked on time.
But why is the triad more important in an OT system than in a normal corporate information system?
We'll talk about it in the next article.
REFERENCES
[1] Stuxnet Worm Attack on Iranian Nuclear Facilities (stanford.edu)
[2] https://www.nbcnews.com/tech/security/colonial-pipeline-paid-ransomware-...
[3] https://www.mise.gov.it/index.php/it/incentivi/impresa/beni-strumentali-...
[4] http://ijarcsse.com/Before_August_2017/docs/papers/Volume_4/1_January201...
[5] What is the CIA Triad? Defined, Explained, and Explored (forcepoint.com)
