The Industrial Internet of Things (IIoT) will continue to grow as asset owners seek to enhance operational efficiency. However, every device added to a network creates a weak point by providing attackers with a possible entry point. The importance that companies and governments are placing on cybersecurity is hard to overestimate. In July 2016, the European Parliament published cyber-attack prevention guidelines.
IEC 62443, a constantly evolving standard, provides up-to-date security guidelines and a list of best practices for different parts of a network. It also includes information for those who perform different responsibilities on the network to protect against known security leaks and unknown attacks. The standard’s goal is to improve the safety of networks and enhance industrial automation and control settings security.
Many system integrators (SIs) require component suppliers to comply with the IEC 62443-4-2 subsection that pertains to the security of end devices. The subsection is compiled from foundational requirements including identification and authentication control, use control, data integrity, and confidentiality, and backup for resource availability. Based on governmental and IEC standards, basic tips for IIoT cybersecurity include:
1. Understanding security risks
– Security experts agree that there are six main cybersecurity threats that can affect internal networks:
- Unauthorized access
- Unsecure data transmission
- Unencrypted key data
- Incomplete event logs
- Lack of security monitoring
- Human setting errors
It is paramount that network operators understand these threats so they can deploy devices that have sufficient security features. Consideration will now be given to situations where these security risks can arise and some of the options available to network operators to neutralize threats to their network.
2. Prevent intrusions and attacks –
The first step to prevent unauthorized access to devices on a network is a password policy. However, as the number of users and devices on a network increases, so does the possibility of a network breach. One of the greatest risks posed to network security is from users who gain unauthorized access to the industrial control system. A strong password policy is a good starting point to prevent brute-force attacks, but several other features should be used to enhance network security.
An identifier management policy will often include several parameters to further enhance network security. These parameters will typically ensure that the accounts can only be used by the users they were created for, and that the users only have access to parts of the network that are required for their job roles. Networked devices should be capable of logging users out of accounts that they shouldn’t have access to and alerting the network operator of any violations.
3. Protect sensitive data –
All devices on the network must support and enforce data encryption when data is transmitted on the network. This will almost eliminate the risk of data being stolen during transmission.
Data integrity guarantees that data is accurate and can be processed and retrieved reliably and securely when needed.
When data integrity is not guaranteed, network operators are unable to ascertain whether the data is accurate, rendering it meaningless. Even more troubling is data manipulated to provide false information – potentially causing network operators to adjust settings or make decisions that cause further damage to the network.
Inaccurate or corruptable configuration data on IIoT network devices can cripple operations. To reduce the risk of the configuration data being corrupted, devices must support and enforce configuration encryption.
4. Audit security events –
Networks must constantly be monitored, and every event that takes place on the network should be recorded for further analysis if required. If a cyber-attack is successful, it is quite difficult to detect in real time. By using data logs, network operators can track what activities took place before an incident occurred and analyze the data. This allows the network operator to effectively address the issue. Network operators can also use the valuable information provided by event logs to improve the design and security of the networks to prevent further disruptions. Other counter-security measures include the ability to log users out, delete accounts, and restart devices.
5. Visualize network security status –
Software that visualizes network security status allows operators to monitor any abnormal or potentially damaging activity. In addition, this type of software can allow network operators to ensure the correct settings are applied to each device on the network at a quick glance, preventing problems before they arise. If a device isn’t secure, the network operator can identify the problem to reduce the risks that arise from the vulnerabilities. The security features that are typically covered can include password policies, encryption, login credentials, and data integrity.
6. Correct configuration –
Human error – when network operators inadvertently configure the settings inaccurately – can cause a wide range of problems, including the network not functioning properly, data being lost, or creating vulnerabilities for attackers to exploit. Inaccurate configurations create the possibility that the network can be manipulated by internal staff or those outside who have gained unauthorized access. For cyber-attacks that are successful due to human error, the network operator will often not be aware that the network has been compromised for some time after the breach, allowing significant damage to be caused.
Cyber-attacks caused by human error are the most common method by which networks are compromised.
Where to start
Common to the above six security risks is operators losing the ability to control and manage networks. In response to the security threats facing network operators, manufacturers have started developing solutions that meet the technical security requirements of the IEC 62443-4-2 level 2 standard.
If the six security features described above are deployed on networks and safety procedures are implemented correctly, internal and external security threats can be significantly reduced.
About the author: Yiwei Chen is the product manager at Moxa Inc. he can be reached at +886.2.89191230 ext.1178 or Yiwei.Chen@moxa.com.