What to consider when building Robust Security into Industrial Networks?

What to consider when building Robust Security into Industrial Networks?

By Josef Haid, Principal at Infineon Technologies.

The IIoT is transforming everything from wind turbines and factory automation to critical infrastructure. But with this smart, connected world comes an increased and very real threat of cyberattacks. While the need to build defenses to such attacks is understood, organizations may not have the tools, skill set or bandwidth to develop security measures themselves. Many, instead, seek solutions that allow appropriate security to be integrated into their systems quickly and easily, leaving them free to focus on core competencies and delivering competitive advantage.

How can they protect their industrial networks while minimizing overheads and cost?

Industrial Internet of Things (IIoT) are increasingly the target of cyberattacks

For many companies, digital transformation through IIoT implementation is seen as fundamental to delivering competitive products, optimizing productivity and continuously improving business performance. Unfortunately, devices on the Industrial Internet of Things (IIoT) offer attackers extra opportunities for disrupting business and causing damage to property and people.

Intercepting data from industrial control systems can reveal manufacturing secrets, potentially exposing a source of competitive advantage. If devices can be taken over or cloned or spoofed, exploits can include corrupting sensor data, shutting down critical systems, and sending false control commands that can pose a serious threat to safety. Major examples include the Stuxnet attack that affected Iran’s nuclear program and Black Energy 3 that reportedly shut down part of Ukraine’s electrical grid.

Studying cyber-attacks has taught the industry much about the weaknesses they exploit. As that knowledge grows, so security best practices and standards develop. These help system architects to understand the protection their assets require and techniques to resist attacks. IEC 62443, for example, founded on a risk-based analysis of potential threats, is emerging as an international standard for cyber security.

Figure 1. IEC 62443 takes a pragmatic approach to the security needs of IIoT devices

Figure 1. IEC 62443 takes a pragmatic approach to the security needs of IIoT devices

By assessing the risk to a system based on the consequences and impact of a successful attack, IEC 62443 defines five security levels (figure 1), covering devices from those that do not require protection to those that require the highest levels of threat resistance.

For the higher security levels (i.e. level 3 and 4) of IEC 62443, hardware-based security is a requirement to protect the device authenticators, the private keys and also critical symmetric keys to name some examples. The advantage of storing critical secrets and data within a discrete hardware chip comes with enhanced protection as a dedicated security chip is hardened against logical as well as physical attacks, whereas with Software-only methods the barriers for logical attacks are much lower.

It’s all in the cyber security mix

Mutual authentication between end nodes, the devices they connect with (e.g. a gateway) and/or the cloud allows only genuine, uncompromised devices to communicate – as shown in figure 2.

Figure 2: Hardened device identities for secured connectivity to the cloud

Figure 2: Hardened device identities for secured connectivity to the cloud

Without robust authentication, it may be possible to connect to, clone or load malware onto a genuine device. ‘Bad actors’ can then subsequently exploit the connection to disrupt the proper functioning of products or services, or intercept data. In addition, authentication protects providers of products or services against misuse by customers. Failures in the field can occur when non-genuine spare parts are used or counterfeit devices are inserted or an unauthorized repair is attempted. Authentication highlights rogue activity, ultimately saving the provider bearing the costs of rectification.

In practice, effective cyber-protection relies on several commonly employed defenses as illustrated in figure 3. These include secured communications, secured boot sequence of connected devices, and secured processes for applying firmware updates over the air (OTA).

Figure 3. Common cyber-security defenses

Figure 3. Common cyber-security defenses

Securing communications is important to prevent malicious agents interacting with connected devices or eavesdropping to gain intelligence or steal IP. In addition to authenticating components and personnel, and enabling connected devices to have unique credentials, encrypting exchanged data is also necessary to prevent these types of attacks. Where devices are to receive OTA (over-the-air) updates, securing this process is essential to prevent malicious software being introduced. Authentication and integrity checking is again essential, together with securing the loading mechanisms and signing and/or encrypting the code to be loaded. Secured boot processes using techniques such as code signing provide further protection for connected devices when they are most vulnerable to attack.

Conclusion

Although digital transformation offers irresistible business benefits, the security challenges presented by the IIoT must be handled effectively. A thorough analysis of the cyber security threats is key to develop a robust and long lasting cyber security implementation. Dedicated security chips play a crucial role in the cyber security mix and help provide robust protection for connected assets. They are benefiting from hardware immutability and compliance with industry standards while being ready to design-in quickly and efficiently.

Related posts