The process industry is regularly subjected to attacks and there may even be cases where control systems in the process industry have already been infected, without the companies’ knowledge. Protecting such control systems is very important in this industry – therefore, we have gathered some advice on how the Swedish process industry can handle today’s security threats.
ICS – systems within the process industry with high need for protection
Industrial control systems (ICS) provide operators with a simple way to monitor, control and follow up on industrial processes. They are widely used in industries such as chemical processing, pulp and paper production, energy production, oil and gas processing and telecommunications. In other words, in businesses whose existence depend on these systems being available and functioning properly. The whole, or parts of, society risks being negatively affected by a disturbance in these systems, and in some cases even human lives might be in danger.
Such systems must be protected – this is no easy task today as cyberattacks continue to evolve at a rapid pace despite record levels of resources spent on security.
The digitalisation within the process industry is a security challenge
Historically, ICS systems and Operational Technology systems (OT systems) have often been completely disconnected from the outside world. As the digitalisation of society has advanced, the need to connect OT systems with Information Technology systems (IT systems) has increased. This integration is a major challenge from a security point of view, as the risk that someone illegally influences or changes the system increases significantly. Since ICS systems are extremely important for the companies that use them, and sometimes even important for society, it is of the utmost importance that no such impact can occur.
A company that has had such an incident is Norsk Hydro. The company is one of the world’s largest producers of aluminium. They were exposed to a significant attack against their systems in March 2019. The financial impact of the ransomware attack was estimated to nearly 41 million dollars.
How you can handle security threats by integrating IT/OT within the process industry
To protect ICS systems in these vulnerable environments, IT should be segmented from OT with high assurance. High assurance means that you have a high level of confidence that the security function does what it is supposed to do and that it cannot be circumvented. OT systems should not share hardware with IT systems, and may only communicate with each other in a well-defined and controlled manner.
The next priority is logging. By monitoring and acting on suspicious data traffic, failed login attempts, suspicious transactions, unauthorized USB use etc., it is possible to prevent or limit intrusion attempts before they reach the most sensitive control systems. In some cases, ICS system vendors have access to the system for the purpose of monitoring operation and providing maintenance support. These access points risk being used by threat actors to gain access to the systems.
To ensure the integrity, availability and confidentiality of the systems, the following is required:
- Physical separation of IT and ICS systems.
- Ensure a one-way data flow out of the ICS systems using data diodes. This guarantees, with very high assurance, that the integrity of the ICS system cannot be affected.
- Use Information Exchange Gateways (IEG) for bidirectional communication, to protect against information leakage, and maintain confidentiality.
- Make sure that all types of files that are imported, e.g. updates, configurations, images and documents, are scanned for malware, sanitised and, if possible, run through Content Disarm and Reconstruct (CDR) solutions.
In order to upgrade security to meet the strict requirements of the supervisory authorities, and at the same time maintain integrity and high accessibility to ICS systems and digital information, solutions are needed that can separate systems and control data flows with high assurance. Solutions that make it possible to responsibly continue and accelerate the digitalisation of production processes.
Do you want to know more about IT/OT integration? Read our Solution Description!
Are you interested in learning more about traceability and logging? Read more here!
Do you need help? Do not hesitate to contact us!