Since the emergence of the Internet, this interconnect technology has been adopted by various industries to improve productivity and competitive edge. In fact, many critical infrastructure owners have adopted the concept of IIoT (Industrial Internet of Things) in their ICS and SCADA systems. However, despite the benefits, the convenience brought by the Internet has also induced vulnerability of today’s ICS and SCADA infrastructures, as observed from recent attacks on nuclear plants, oil refinery, and water plants. Major incidents include Stuxnet in 2010 and BlackEnergy in 2015, causing severe blackouts.
Over the past decade, it is clear that the attacks have evolved and become even more sophisticated, from ICS-oriented Stuxnet to entire IT malicious WannaCry. Therefore, a major paradigm shift in ICS security has taken place to develop the optimal, comprehensive approach to secure the ICS and SCADA infrastructures.
Why IT/OT Convergence
Many decades ago, protecting ICS and SCADA was simple manual work, surrounding the infrastructure with high concrete walls and installing an iron-barred gate at the entrance. Later on, industrial companies had developed automation system to lead the competition and thus communication protocols were adopted within the infrastructures. In order to protect the critical assets, proprietary firewalls and DMZs (demilitarized zones) were first introduced. However, proprietary systems lack the compatibility so that system integration was very complicated. Thus, IIoT was brought into the industrial world to improve productivity, maintenance and remote management.
Like all the technologies, the convenience and benefits are not only available to enterprises, but also to hackers. The inter-connectivity of ICS and SCADA has exposed vulnerability, especially in OT domains, and that was the reason of major incidents in recent years.
To establish comprehensive ICS security, it is necessary to understand the necessary convergence of IT (information technology) and OT (operational technology). Traditionally, IT and OT had been treated separately, which means each would execute its own tasks and no collaboration in between. For instance, a corporate firewall is defending the IT side, while some DMZ devices are monitoring the plant floors, and there was no interconnection between the two security systems. Thus, Stuxnet successfully penetrated the nuclear plant in Iron and WannaCry sabotaged the entire IT of some corporations. Therefore, to counter evolved attacks, IT and OT security must be converged.
Apparently, IT/OT convergence is not a simple deployment. There have been various security technologies innovated for the IT domain, but the OT side has not received the same amount of attention. The reason is that OT oversees the systems that may impact the well-being of the public, if any OT side system is shut down for malware removal. In addition, high maintenance costs have made OT a less favorite option in budgeting process. Indeed, the consequence was proved when Blackenergy hacked Ukrainian power grid in 2015 and Stuxnet attacked Iranian nuclear plant in 2010.
Today, most critical infrastructures are more willing than ever to invest resources to establish comprehensive security to protect their valuable assets. As described, OT and IT must be well-coordinated to enable visibility so that management personnel can control and monitor network traffic, and set security authentication across both IT and OT.
On the hardware level, OT field must be installed with security appliance to integrate SCADA, PLCs and log servers. Regarding the IT environment, network security appliance shall be deployed to protect the ERP, PLM and mail servers.
Recommended Solutions
As said, a well-converged IT/OT security must integrate SCADA, PLC and log servers in the OT field, while protecting the ERP, PLM and mail servers in the IT environment. For example, Lanner has a wide range of rugged industrial cyber security platforms to provide the needed network security protection for critical infrastructures in harsh, unmanned environments. Their hardware platforms are designed to conduct protocol filtering, packet inspection, white-listing and network traffic monitoring.
For the IT and DMZ architecture, Lanner offers world-class network appliance powered by Intel® x86 to deliver the needed performance to execute security policies and instructions, like DPI (deep packet inspection) and authentications.