Cyber attacks are making the news more often than we’d like these days. But what can you do about it? When production lines, water networks, machinery or power plants come to a halt, it will take a cut out of revenue and cause trouble. Solve it by making machines resistant to cyber attacks. That’s the message that Sebastiaan Koning, senior cyber security consultant at Hudson Cybertec, gave at the national Aandrijftechniekdag last fall. In this article we will elaborate on his presentation ‘How to make my machine cyber secure by using the IEC 62443 standard’.
The world around us is changing at lightning speed. Not only are smart devices at home evolving, such as intelligent thermostats, smart watches, smart lighting, etc., but they are also evolving in industrial automation. What once began simply with an assembly line operated by employees, has over the years become increasingly complex. This complexity is also growing faster and faster. Everything is now connected, we have reached Industry 4.0 and we’re seeing an increasing level of automation and complexity of machines and installations. Wireless systems, internal and external links, remote control and cloud applications are also used more extensively. As a result, companies are becoming even more dependent on systems and on specialists who can operate the systems,” says Sebastiaan Koning, senior cyber security consultant at Hudson Cybertec. The company’s expertise is on IEC 62443, the global cyber security standard for Industrial Automation and Control Systems (IACS). Hudson Cybertec supports companies with getting cyber security right for their primary process in terms of people, organization and technology.
Growth in cyber crime
Cyber crime is catching up with new developments in the digital world. “Cyber attacks are even for sale these days. You can buy them without too much trouble or even subscribe to them. And if you can’t figure it out, helpdesks will help you execute an attack. Partly because of this, there is an immense growth in cyber crime.” It’s not just IT environments that are headline news. “More and more you see industry targeted by cyber attacks. These include malware. In 2017, three thousand locations were infected with common malware each year. This does not necessarily lead to incidents, but it does indicate that unauthorized people are penetrating systems uninvited. We are now four years later and the number of infections with malware has increased significantly. We also see that some malware has been specifically developed to infect industrial automation. A well-known example is the Triton-malware. Its aim was to override the safety systems in a petrochemical plant in Saudi Arabia in order to create an explosion. Fortunately, they did not succeed, but it could have ended very differently.”
“”Focus on people, technology and organization””
Technology, people and organization
If you really want to organize cybersecurity, then you will have to focus on three elements: people, technology and organization. Only if you have these three in control you will be safe. For example, set up procedures on people and organizational levels so everyone knows what is possible and what is allowed and any irregularities are quickly noticed. In addition, don’t base it on IT but determine an industrial approach to your cyber security where the IEC 62443 is the guiding principle.”
Talk about it
If you work with clients as a supplier yourself, it’s important that you also engage with your client on cyber security, Koning continues. “You need to know what their requirements are in terms of cyber security, what network connections are available, and what methods they use to work cyber secure. As a supplier, you’ll also always need to remain aware of potential risks. Just plugging a computer into the network is out of the question. Your customer could also infect you and pass it on to another customer. In short, take responsibility and always work in a cyber secure environment.”
How to proceed?
Once your organization is cyber secured, it doesn’t stop. “You’re never done with cybersecurity. Technology continues to evolve but threats evolve just as much and perhaps much faster than technology. Therefore, continually assess risk, especially when there are mutations. If you change something in the business operations – think of an update, the purchase of a new machine, plugging in an external PC, etc. – always evaluate what the risks could be for you, your customer or your collaboration. If you want to detect irregularities faster, OT cyber security monitoring is a good solution. From data generated, a behaviour baseline is established and which, using machine learning and anomaly detection, allows for quickly detecting anomalous network traffic, allowing you to take action more quickly.”
Source: Aandrijftechniek, March 2021