Following a spate of recent cyberattacks in industrial environments, Jalal Bouhdada of Applied Risk discusses the future of manufacturing and why security, especially for the WirelessHART protocol, must now be classed as a key business enabler
Industrial environments are fast shifting from secured, air gapped, enterprises, to becoming fully networked and a key target for hackers. There are many reasons for this increased vulnerability, including an inherent lack of security in manufacturing products; the reduced cost of directly targeting these environments; and the potential for a significant return on investment should a breach be undertaken successfully. There have been many examples of cyber vulnerabilities in in recent months, for example, our cyber-security experts at Applied Risk recently discovered significant flaws in WirelessHART products, described as the most widely used field communication protocol for intelligent process instrumentation. Such flaws, if left unresolved, could have had consequences ranging from production shutdown to loss of life.
Furthermore, security researchers at Black Hat Asia have developed a ‘proof of concept’ Programmable Logic Controller (PLC) worm, designed to infect those controllers within manufacturing settings. The worm exists preinstalled on PLC products – when merged with an existing system, the worm then spreads. Contrary to existing methods, this attack entirely bypasses IT systems and directly targets OT. There is a clear market advantage in targeting industrial environments, and we are beginning to see the consequences of such attacks, with a recent hack involving malware within a Ukrainian power plant resulting in a partial grid shutdown.
Security at the outset
In order for manufacturers to be fully prepared, embedding security within manufacturing technology at the point of origin and ensuring end-user environments are as secure as possible would be the most effective methods to ensure such vulnerabilities are significantly mitigated. As these systems have been traditionally isolated from office network environments and the internet through air-gapping, it is evident that industrial hardware and software was not designed with security in mind, rather, it was intended to function within a closed environment.
Within modern industries, however, we see an increased demand for real time data and remote access services. Previously separate systems are now interconnected with other company networks, exposing the hardware, services and protocols to attackers. The popularity of WirelessHART products show a significant shift among manufacturers to integrate and utilise networked technology to increase efficiencies within their businesses. The benefits of this technology are undeniable, allowing manufacturers with legacy systems to swiftly and cheaply upgrade their existing systems to a level of productivity arguably comparable to fully digital environments.
Education for all
For a business to fully secure its industrial environment, the education of staff on security best practices must become an essential element of day-to-day activities. A focussed approach to training and awareness enables staff to better understand the threats that affect their work environments – it is therefore essential for all personnel to fully understand the security risks relevant to their duties, thus minimising the risks associated with a successful cyber-attack.
In order to secure manufacturing environments and to realise the full benefits of security as a key business enabler, manufacturers must begin to change their perspective from traditional practices to those of the modern, connected age. Security must be baked into products prior to installation within existing systems, and manufacturers must begin to manage their IT systems as a part of a whole, rather than as a standalone system.
To effectively mitigate the damage that can be caused by cyber-attacks, organisations must solidify the security of their supply chains, ensure their industrial assets are identified, and undertake embedded security assessments. The discovery of vulnerabilities within WirelessHART products is a strong signal to the industry that networked critical infrastructure requires significant protection. With such vulnerabilities exposed, suppliers and asset owners have an opportunity to work closely together to ensure the safe and reliable operation of technology within these environments.
Jalal Bouhdada is founder and principal ICS security consultant at Applied Risk, leading providers of industrial cyber-security solutions,