Page 18

Industrial Ethernet Book 104

Cyber security key to successful IIoT deployments Connecting devices to each other and the cloud opens the door for an intelligent process, but security will be a key factor impacting success of these applications. System design, product features, secure development processes, and implementation expertise need to be taken into consideration. ONE KEY CONSIDERATION THAT WILL IMPACT acceptance rate and ultimate success of the Industrial Internet of Things (IIoT) is security. A successful attack on an IIoT system could result in the loss of sensitive data, interruption of operations, and destruction of systems. This will result in damage to brand and reputation, material economic loss and damage to critical infrastructure. Worse, there could be damage to the environment, injury or loss of human life. A secure IIoT solution is comprised of a variety of elements, including secure products, secure protocols, a secure network, ongoing security monitoring, and employees with cybersecurity expertise. Secure protocols IIoT systems may feature new connection techniques that will require secure communication protocols. It is important to consider two key concepts when discussing secure protocols: encryption and data integrity/authenticity. Encryption can be used to secure protocols, but it can inhibit other security appliances like Intrusion Detection Systems. Data integrity and authenticity can be provided without encryption, enabling intrusion detection systems. Legacy systems utilized insecure communications protocols. Communications protocols are evolving to incorporate security enhancement - DNP3 has moved to DNPV5, OPC-UA, Modbus is evolving to Modbus Secure, and EtherNet/IP is becoming EtherNet/ IP Secure. Selection of secure protocols is required to enhance solution security. Permeation of trust in IIoT lifecycle Trust in the IIoT lifecycle refers to both the integrity of each element in a system and the integrity of data generated by the system. Trust impacts supply chain, installation, configuration, regular usage and eventual decommissioning - requiring regular monitoring to ensure that trustworthiness is preserved and guaranteed throughout the product lifecycle. Let’s use an example to illustrate the permeation of trust model. Assume an end user is purchasing a PLC with secure features. The PLC vendor purchases microprocessors and memory from component vendors who Assess 2 Design Implement Cybersecurity should be an on-going process. By adopting the basics of this lifecycle methodology, companies can ensure that any proposed solutions are network, control, and safety system agnostic and match their needs. ship their products to manufacturing sites. Product software can be developed at vendor development facilities or purchased from partners. Products are fabricated and shipped to warehouses. Equipment can then be shipped to distributors or systems integrators prior to shipment to end users. In this example, we have multiple organizations handling the hardware/software. There is the potential for security issues to be introduced at any of these locations. End users must have trust in the integrity of the supply chain providing system components. Permeation of trust between system operators and suppliers is key to the security of IIoT systems. Acquiring cybersecurity expertise One challenge facing many industrial end users is cybersecurity expertise. Industrial personnel have developed core competencies focused on optimizing processes. Small to medium sized companies in particular may have difficulty internally building cybersecurity expertise. Equipment vendors and system integrators can be leveraged to cost effectively provide cybersecurity expertise. While vendors effectively merge industrial control and cybersecurity expertise, many IT based consultants lack OT expertise. Vendors will also have the expertise to guide end users in the selection of data that should be pulled from the process. Another key consideration is training to effectively operate a system after it has been activated. Tips to effectively operate, monitor, and update processes need to be implemented. Guidance on proper corporate security policies is also critical. Cloud considerations Cloud services enable external computing power to be utilized to analyze and control OT infrastructure. In a cloud architecture, data from thousands of devices is stored, analyzed, and accessed from a server. The Technology 18 industrial ethernet book 2.2018 SOURCE: SCHNEIDER Cybersecurity Lifecycle Methodology ng the var iou s as se ssme nt and / docu ment ation from Sta ge 1 a s a gui de docu ment ation an d sol ution s that shoul imp lement ed. A n o ve ra ll site and sys te design will be devel op ed t hat d etails all requ ired t o sat isfy th e s tan dard s se t b y 1 3 4 Maintain Review current network and system architectures, policy, procedure, and related compliance documentation as well as risk and threat reports to identify potential problems or issues, and recommend areas for improvement. Using assessment and project planning documentation as a guideline, identify documentation and solutions that should be created and / or implemented. Develop an overall site and system architecture design. Using the architecture and design documentation, begin the process of implementing from upgraded cybersecurity solution from procurement and staging to system commissioning and end-user training. Ensure proper solution management is understood and provide a mechanism by which continuous improvement and optimization are taking place that are adaptive to the ever-changing cybersecurity threat landscape.


Industrial Ethernet Book 104
To see the actual publication please follow the link above