With the integration of industrialisation and information technology, the industrial control system is evolving from a traditional closed system to an open network one, from information island to process control and enterprise information system integration. The scale of industrial control systems is getting bigger, the process is becoming more complex, and the information security threat is increasing.
Attacks on industrial control systems have risen over the years, and network security incidents have erupted, resulting in serious consequences. In short, the more important the system, the more likely it is to be attacked, and the worse the outcome.
In 2010, the Siemens PLC terminal damaged more than 1,000 centrifuges and paralysed a nuclear power plant. In 2015, a massive power outage in Ukraine impacted the control system and paralysed 30 substations for six hours, affecting 1.4 million users. In 2018, Intel chip “dissolution” and “ghost” vulnerabilities occurred, which were used to attack and obtain account password and communication information. Security events affecting key industrial infrastructure can lead to major economic losses and have an impact on social stability and national security.
The area of industrial IT security has changed over recent years, and this involves many aspects. Industrial technology security covers a range of factors including:
- Physical security
- Functional security
- Information security
- System layer
- Monitoring layer
- Control layer
- Devices
- Infrastructure security
- Real-time control behaviour safety
- Disaster system safety
- Business process
- Operations
- Maintenance
Security in the industrial context requires coordination at both technical staff level and management level. Security must be addressed at every stage, from design and development, to implementation, operation, and end of life. Security is paramount in a wide range of industrial sectors, including oil, chemicals, power, metallurgy, rail transit, municipal and water treatment. In essence, security must now encompass information and data, personnel and property, equipment assets, and the community environment in a unified way.
In May 2016, the world’s first truly industrial worm PLC virus exploded, which had the potential for catastrophic consequences for critical infrastructure by creating exponentially growing attacks and being difficult to detect and stop. The vulnerability is not a problem with S7 itself, but with the design of the entire system architecture. Against this attack, replacing the hardware in S7 is needed to be able to detect higher frequencies and to install low-pass filters around the actuator and PLC. In August 2017, hackers attempted to cause an explosion in a Saudi petrochemical plant, not simply destroying data or closing the plant but disrupting the company’s operations to cause the explosion. In other words, the design idea of physical security, functional security and information security of the industrial control system has had huge hidden dangers, and the traditional industrial security concept can no longer guarantee the safe and stable operation of these systems.
Differences between industrial control system security and traditional network security
- Different safety requirements.
- Differences between security patches and upgrade mechanisms.
- Real-time differences.
- Differences in security protection priorities.
- Differences in the adaptability of security protection technology.
The requirements and objectives of information security determine the need for technologies and measures that can be used or configured in IED, PLC, RTU, controller, communication processor, SCADA systems and various types of programmable digital equipment, in order to ensure the production, control and management of industrial control systems. The basic techniques of information security in all automated control systems are access control and user identity authentication. On this basis, some technologies to protect the security of communication data messages are developed by means of detection, channel encryption, packet verification and authentication. In order to realise the information security of the industrial control system under the premise of functional security, it is necessary to build multi-directional management and overall security protection technology systems.
Industrial production safety
The core goal of industrial production is to produce a predetermined number of products that meet the required quality (function and performance) indicators and do not exceed the predetermined cost within a predetermined time.
With the continuous development of society, there are more requirements in addition to these basics. These include higher requirements for the diversity of products, production processes for resource consumption, environmental pollution and damage, damage to production personnel, damage to production equipment, and other aspects.
The concept of industrial safety is receiving more and more attention from the industry. The basic concept is still developed around the core goal of industrial production, and higher level requirements including equipment safety, personnel safety, environmental safety and business safety. It can be said that industrial security is a multi-dimensional problem with many goals, and its most important one is to make industrial control and a series of technologies more reliably play a role.
The way of the future
The future development of industrial security will cover industrial system design, development, implementation, operations, end horizontal life cycle, and control layer, network layer, system layer, management, and longitudinal operations, from the perspective of large system engineering. It will use game theory methodology, through the depth of integration and multi-dimensional security technology, to ensure the availability of the industrial system as the goal. The comprehensive use of physical security, functional security, information security and other technical means and management measures will realise the safe and stable operation of the industrial system.
With the continuous progress of science and technology, industrial production is increasingly becoming digital, networked and intelligent, which is the general trend of its future development. Information security, in some ways, is the fundamental guarantee to achieving all of this.
ESIS is the leading supplier of outstanding industrial electronic equipment in the Australian market since 1971. Check out our exclusive range of Fanless PCs, Industrial PCs (IPC Solutions), Wireless Solutions, Rugged Tablets, Rugged Notebooks, HMIs, Panel PCs and other electronic components. Our products are certified and made with high-quality custom materials for accurate results. Contact us for a detailed product catalogue or to share your queries.
Article courtesy of Cybervisuell.
