IS Industrial security: What threats and what strategy for 2018?

In 2017, attacks and major vulnerabilities have made the headlines, including in less-specialized newspapers thanks to WannaCry & NotPetya, Meltdown & Spectre. Following the hype, traditional media produced quick responses, but this is too often at the price of an incomplete information, partially wrong with an alarmist talk.

The “young” (cyber)security universe of Industrials IS is exceptionally seen the same way as a spectacular dimension: many articles mixed altogether with partial information, eye catching titles and beautiful pictures of random industrial facilities.

Threats are rising: we need to secure tomorrow’s factory

Historically conceived as isolated systems, the modernisation and the interconnexion of industrials IS are accelerating:

  • The advanced systems of manufacturing are connected to the Cloud (Big Data), suppliers (logistics 4.0) and customers (IoT);
  • The traditional steering system give away ground to large complex networks of interconnected devices (Smart Grids, IoT, drones etc.);
  • The technologies used are increasingly the ones from IT

Tomorrow’s factory must face the same vulnerabilities though, in a critical universe (human and environmental impacts) and in a context where modernisation projects are proliferating.

In order to secure tomorrow’s world in a pragmatic way, the industrials are seeing:

  • Awareness of cybersecurity culture with all implicated collaborators (engineers, technicians, operators, project managers, etc.) essential to the detection of incidents and to their prevention;
  • A technological watch in order to keep an objective vision of the stakes;
  • The use of an approach by risks in order to apply in a pragmatic way the necessary security measures

Most importantly, the industrial actor that will success in this challenge would have been able to bring together a multiidisciplinary team:  security actors, operations (we will talk about OT with a control over the field stakes), IT (control of technologies) and safety. Only this team will be able to safely put into place the complexity of transformation, towards tomorrow’s Industrials IS

The ghosts from the past: Secure yesterday’s factory.

In any case, today, Industrial IS security is always mainly about correcting the conception defect due to a lack of cybersecurity culture in this universe.

It is well known for the Industrial IS auditors that:  there is still a lot to do (obsolescence, uncontrolled use of USB keys, Internet accessibility, less secure architectures etc) in order to protect the factory and its operations.

The 2017 award of threats on Industrials IS goes to, without a doubt, TRISIS.  It is still about a new Stuxnet, exploiting another vulnerability with a new catchy name which got Twitter buzzing… Nothing new right? And yet, yes.

Its targets, SIS (Safety Instrumented System), are autonomous systems whose purpose is to stop urgently an “out of control” industrial process from the nominal steering system in order to protect people, goods and the environment.

TRISIS got its name from SIS and “Triconex” (one of SIS model most spread worldwide) and seems to be the first successful attack on this type of system.

While we almost forgot about the story we heard too many times on Stuxnet; TRISIS just reminded us in a cold manner that:

  • The fight to secure our critical facilities is far from being won;
  • Motivated hackers with impressive ressources are still at work.  

It is highly unrecommended to direct a cybersecurity strategy of the Industrials IS directly focused on new technologies. The old threats are still here and evolving.

The security of facilities in production is far from being finished. It should certainly be more appropriate for Industry 4.0 to observe a serious reinforcement of critical infrastructures’ security.

devoteam

Contact

Julien Bui
Nicolas Noël