The history of industrial automation fascinates me. Continuous innovation and new technologies have taken manufacturing processes that originated in the Industrial Age and catapulted them straight into the information age. Just as productivity seemed to be topping out, the Internet helped boost productivity and efficiency to previously unimaginable levels. Unfortunately, as industrial automation roared into today’s data-driven, Internet-connected world, it sped past digital security without taking its foot off the accelerator.
Welcome to the digital age, where an anonymous hacker in some virtual landscape can throw a wrench into industrial automation systems. How do we secure these systems while still meeting the needs of corporate stakeholders? Operational technology (OT) teams still demand high resiliency and availability. Information technology (IT) teams demand interconnectivity, enterprise security, and compliance. And both of these teams must accommodate the new kids on the block: data analysts who require real-time data capture, sharing, and analysis for every decision in the business.
This article discusses the current state of industrial automation system security, the technological and organizational challenges of improving it, and a dynamic model for embedding end-to-end trust and security into industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.
Physical break-ins and attacks on SCADA and ICS systems are largely a twentieth-century phenomenon. The overwhelming majority of attacks today are carried out by well-resourced, highly motivated attackers who are often accomplished software engineers working for cybercrime syndicates on other continents. Business competitors and nation states are the latest cyberwarfare participants, as the battleground has expanded to include manufacturing facilities, entertainment companies, and critical infrastructure. Here are a few noteworthy examples:
Sadly, these types of security events continue to increase both in terms of damage and frequency. For a current list of alerts, advisories, and reported attacks, visit the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) website.
Data capture and analysis is today’s competitive weapon—generating analytical insights that refine and optimize processes in every area of business. It is not uncommon for manufacturers to invest hundreds of millions of dollars to achieve a 10 to 20 percent efficiency increase. The efficiencies come from data-driven decisions gained through insights from customer use and demand, purchasing, supply-chain optimization, manufacturing production processes, predictive planning, and more.
By hacking and subtly manipulating data, attackers can de-optimize a company’s processes without anyone even knowing. Even the most subtle data manipulation in any of these areas can cripple a business that is on razor-thin margins.
Source: ISA News