Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Protecting Industrial IT Environments and Mission Critical Networks

Adding security where stability matters the most

Introduction
Thousands of organizations worldwide operate industrial facilities to manufacture products of all types, including automobiles, medical equipment, chemicals, and appliances to name a few. An increasing trend among these companies is to extend their computing networks to the production floor. This ensures that tradespeople, process engineers, foremen, and other floor-based personnel have ready access to essential information and applications, especially those related to production. It also facilitates connecting to IP-enabled process control equipment and instrumentation, thereby assisting remote visibility and control of production activities.

Traditional industrial computer networks, such as supervisory control and data acquisition (SCADA) and process control systems, were designed to provide manageability and control with maximum reliability. However, they were not specifically designed to cope with the evolving security threats originating from external or internal networks. The integration of IP-based systems with traditional industrial systems requires the installation of effective, purpose-built network security solutions to address the needs of the challenging industrial environments. Extreme conditions such as varying temperatures, dust, and vibrations are just some of the physical challenges of these environments, requiring the equipment to be robust and have flexible input voltages and mounting options.

Extending the computing environment into industrial facilities must be done with care. Otherwise, organizations run the risk of disrupting operations and doing more harm than good. In this regard, it should be clear that at the intersection of these trends lies the need for a new type of security solution—one that meets the unique requirements associated with industrial environments. In addition, this white paper will explore the challenges of providing network security in an industrial environment and establish the requirements of a network security solution for industrial operations.

Typical network scenarios
Before examining the security challenges facing today’s industrial organizations, let’s discuss the high-level physical layout that applies in most of these cases. By far, two particular scenarios are the most common.

The first scenario is where the industrial facility is part of a larger complex that includes space for sales, distribution, engineering, and administrative functions. In this case, the offices typically include a computing network, including Internet and wide-area network (WAN) connections.

Any network associated with production/assembly facilities will essentially be an internal subnetwork of the overall computing infrastructure—it should be secured from internal and external network attacks.

In contrast, the second scenario is one where the industrial facility comprises the entire site: there are few or no other departments at that location. Consequently, the computing infrastructure is minimal and consolidated. There are not multiple subnetworks, but just one Internet/WAN connection, some workstations, and that part of the network inside the plant. No IT personnel are on-site and most data and applications originate from a regional data center.

In this scenario, it is critical that the remote facility incorporate perimeter security that will be easy to implement and manage remotely.

These scenarios illustrate that despite their similarities, different industrial sites will require different solutions. In the first scenario, there is a need to protect the production network from threats present in the general network. Therefore, the focus should be on implementing firewall, antivirus, and intrusion prevention between the networks. However, in the second scenario, the entire burden is on one device, which must incorporate additional perimeter capabilities, including virtual private networking (VPN) and Web filtering. It is even more critical in this scenario that the security device is easy to implement and manage remotely.

A security solution for industrial facilities can support many different network configurations. This way, organizations avoid the expensive alternative of implementing a unique solution at each facility.

Challenges for industrial production sites
Network architecture aside, other considerations organizations must take into account in networked industrial environments include the need for 100 percent reliability and protection from internal and external threats, which dictates the necessity for robust security, cost effectiveness, and a high degree of manageability.

Reliability and security
Second only to safe working conditions, the number one principle for most manufacturing facilities is production output. Because more product means more revenue, all other activities take a backseat to ensuring production processes keep going. Zero downtime applies to other industrial organizations in addition to manufacturers. Maximizing production may be less of an issue for service providers—for example, traffic control operations—but ensuring 100 percent availability of the service is still key.

In all industrial scenarios, a premium is placed on equipment reliability, especially for computing systems. Network robustness and network security are key to ensuring the reliability of mission-critical networks. Not only must devices withstand industrial environmental conditions, but they must also be protected from cyber attacks that can jeopardize their integrity and availability.

For example, effective network isolation is imperative at manufacturing facilities to ensure that malware and unauthorized users cannot access production systems. Exposure to either threat could lead to significant physical and financial damage. In general, restarting disrupted processes is not simple. Often, incomplete products must be discarded. Numerous checklists must be executed and initial operating conditions may need to be restored for an entire production line. Beyond disruptions, there is the issue of unauthorized control potentially leading to safety hazards, the introduction of gross defects or, worse, the introduction of subtle flaws in finished goods.

Unfortunately, effective isolation and protection from network threats is difficult to achieve, due to the following:

  • IP is everywhere—industrial systems such as SCADA historically have used proprietary communications protocols, which provide a measure of security through obscurity. These systems must now contend with open-standard Internet Protocol (IP)

  • Increasing exposure—due to the need for real-time status and control, it is often necessary to make the production floor available via WANs

  • Aging equipment—many industrial systems have been in place for years and run outdated operating systems for which security software and patches are not available

  • Systems not designed for security—industrial automation and control systems are rarely designed for network security, and often they only have limited access control, if any at all

In addition to these challenges, it is necessary for security solutions to contend with the following rising computer security trends:

  • Rapidly evolving threats—whether motivated by desire to perform cyber terrorism against critical infrastructure or financial gain, hackers are steadily generating new threats, consistently building their creations more rapidly, significantly reducing the time between the announcement of new vulnerabilities and the launch of threats to exploit them

  • Increasingly elusive threats—threats are becoming more elusive due in part to blending, where hackers creatively arm a threat with multiple exploit mechanisms, payloads, or propagation techniques. However, it also stems from hackers focusing less on exploiting network-layer vulnerabilities and more on compromising application services, application logic, or data

  • Increased need for Internet exposure—industrial organizations routinely increase their level of exposure to attacks by implementing mobility solutions, such as laptops, PDAs, and wireless LANs, introducing more paths and vectors for threats to bypass traditional perimeter security and enter their computing environments

Ultimately, it is insufficient for a security solution to account only for known security threats. A solution must also subscribe to in-depth security, incorporating multiple protection mechanisms beyond the basic, reactive antivirus and firewall capabilities, and present a comprehensive defense effective against sophisticated hackers.

Cost effectiveness and manageability
The number two principle for industrial organizations is to minimize costs. This principle has implications for security, because with IT/security administrators averaging annual compensation of $85,000, it is prohibitively expensive to hire one for every company site. This is especially true for companies with multiple sites—vs. those that have just one manufacturing plant—and that have a small network of 5-25 users. Therefore, this principle leads us to some handy guidelines for selecting an IT/security solution.

First, local personnel should carry out deployment, which most likely means staff with little or no networking or security skills. Simple-to-install devices or deploying a preconfigured policy is preferable in such a scenario.

Second, ongoing management should be done remotely and efficiently. Remotely managing one device at a time is only practical for infrequent tasks, such as focused troubleshooting. The ability to remotely manage multiple devices simultaneously includes comprehensive central management, and it is a necessity for businesses with multiple, distributed industrial sites.

Centralized management is important for cost-savings and several other benefits, too. For instance, centralized management helps ensure consistency of device configuration and reduces commonly introduced errors when management tasks are executed in a manual, repetitive way. It also dramatically shortens the time required to change a given configuration, which can be critical in the face of an imminent threat. The result is fewer, shorter periods of vulnerability and better compliance with policies and regulatory requirements. Centralized management also offers additional benefits, such as coordinated event management and analysis and consolidated reporting.

Finally, it is preferable to choose an all-in-one security solution that includes multiple security functions, to avoid the capital and operational overhead of using multiple security devices—each addressing only one specific security need.

Functional requirements for security solutions in industrial production environments
Clearly, the straightforward requirement to secure network environments at industrial facilities is more involved than it appears at first glance. Establishing a robust, durable, manageable, and cost-effective information security solution that is also highly reliable in extreme industrial environments can be quite challenging, especially since associated networks extend directly into industrial workspaces. Accordingly, organizations should seek solutions that address the challenges identified in this white paper. To help achieve this, we must break down the issues into detailed selection criteria that characterize a security solution for industrial environments.

Uncompromising reliability
Given the nature of industrial environments, it is essential for security devices to have robust mechanical design. Industrial specifications for dust, extreme temperatures, humidity, and vibration should be complied with to ensure physical durability. Durable devices would have an extremely high MTBF (mean time between failures) and contain a minimum number of moving parts, such as fans and hard drives.

Reliability from a networking perspective is critical, as well. Therefore, security devices should support the following high availability and redundancy features:

  • Active-active or active-passive failover to a second device

  • Dynamic routing, dialup backup, and redundant WAN interfaces, to establish an alternate path for communications when the primary path is cut off

Comprehensive security
Due to pervasive security threats and the business-critical nature of the manufacturing floor or the distributed mission-critical network, it is important to choose a solution that includes comprehensive security capabilities. While desirable for these capabilities to be available in a single security device, this should not mean sacrificing quality. Each security function should be among the best-of-breed in its category. In addition, it is unacceptable for the device to level off in terms of throughput when multiple functions are operating, or when the device is processing traffic that includes hazardous elements (such as malware and policy violations). Therefore, the following security capabilities should be available:

  • Multilayer, stateful inspection firewall—providing network/transport-layer access control (based on addresses, ports, and protocols) is no longer sufficient to prevent traffic attacks. Protocol-specific awareness and even application-layer insight (i.e., awareness of specific interactions within Web applications) are essential capabilities of modern firewalls. In addition, not only must the coverage be deep, it must also be broad—extending well beyond the handful of common Internet protocols—accounting for protocols that underlie popular applications, such as instant messaging, VoIP, and Web services

  • Explicit attack protection—firewalling operates on a whitelist basis, which, while very powerful, must nonetheless let some traffic pass. Best practices require filtering this allowed traffic further, to ensure that it does not include malicious elements. This is the domain of explicit attack protection (also known as intrusion detection and prevention), a function ideal for an industrial security device. Protection from distributed denial-of-service attacks is another closely related capability that security devices should also include

  • Advanced content filtering—gateway-based antivirus/anti-malware/anti-spyware filtering should be considered mandatory for industrial facilities with direct access to the Internet. These capabilities are essential not only to help contain the spread of worms, but also to help safeguard against leakage of sensitive information. While these features are not mandatory for facilities with alternative configurations, they are recommended based on their positive contribution to a defense-in-depth strategy and should be available as options

  • Virtual private networking—a security solution should allow secure remote administration and monitoring of the protected network, while precluding access by unauthorized individuals. Ideally, the solution should be based on standard VPN protocols, such as IPSec, and it should support standard encryption (3DES or AES) and authentication options (such as RADIUS and X.509 certificates)

Highly efficient and effective management
Comprehensive security functionality can be meaningless if a solution does not include top-notch management. Without it, the resulting complexity and configuration chaos can lead to gaps in an organization’s defenses, exposing crucial production equipment to a wide variety of threats. Of course, unnecessary complexity can also have a dramatic effect on operational expenses. In this regard, support for centralized management is an appropriate starting point. However, it is not enough. Ease of use should also be a primary feature. An intuitive and proven interface is essential for efficient and effective security management. Others issues that should be addressed by a centrally managed solution include:

  • Real-time monitoring and troubleshooting—a security device should support centralized views of aggregate and individual device statuses, along with flexible security alerts via email, text message, central console, and SNMP console

  • Comprehensive logging and reporting—ideally, a security device should generate detailed logs that support a range of predefined and customizable reports, available on a scheduled or on-demand basis

  • Local and remote management interfaces—it should be possible to fully manage a single security device—whether on-site or from a remote location. Out-of-band management interfaces (such as Web interfaces or CLI via a serial port) should also be available to enable device management during loss of primary connectivity or to enable management via a service provider’s management system. Administrators should be able to manage the entire network from a single screen, with the click of a button

  • Unified management solution—customers using a vendor’s security products both on the manufacturing floor and on the corporate network, whether they are managing the devices remotely from a central location or locally at the site, should not have to use different management tools and approaches for each group of devices

  • Software and signature updates—product architectures should not require hardware replacement to achieve software upgrades. Optional automatic updates should be supplemented by select, administrator-initiated push capabilities

Universal compatibility
Finally, compatibility is another important consideration. A security solution for manufacturing and industrial facilities should not require changes to existing infrastructure, fitting into virtually any network configuration and physical environment.

From the networking perspective, this means accommodating different deployment modes (such as bridged or fully routed networks) and being able to maintain existing traffic segmentation schemes, like those based on VLANs.

From the physical perspective, security devices should support all flexible mounting options common to industrial production floors, including DIN rail, rack mounting, and wall mounting; and devices should be physically compact enough to fit into space-constrained equipment enclosures. It is also critical for devices to support flexible power input options, including alternating and direct current, at a wide range of voltages.

Summary
For a variety of legitimate business reasons, an increasing number of companies with manufacturing and assembly lines, as well as those with other mission-critical industrial setups, are extending their computing networks to the production floor. Regardless of the high-level network architecture involved, the result is that the company's business-critical infrastructure is now susceptible to the wide range of threats (e.g., viruses, worms, and denial-of-service attacks) plaguing networked computing systems today. Consequently, implementing a best-of-breed set of countermeasures is imperative. In addition, an ideal security solution should take into account the prevailing mindset and physical environment that characterize such industries. Associated features and functionality must contribute to a high degree of efficiency and cost effectiveness, while the security device must feature a robust mechanical design that can withstand the harsh conditions common to industrial workplaces.