Protect industrial plants from cyber attacks

Cyber attacks are now focusing on production facilities and industrial control systems (ICS)

 

DriveLock in practice

Use Case | Industry 4.0 Manufacturing

 

Manufacturing in the age of Industry 4.0 as a victim of cyberattacks.

Attacks on production facilities, critical infrastructures or devices that do not belong to the traditional office IT, but to operational technologies, are no longer in the unforeseeable future. They are now realised in our everyday corporate life.  Industrial control systems (ICS) or Supervisory Control and Data Acquisition systems (SCADA) are of particular concern. Industrial cyber security is now a necessity. Fortunately, we are here to meet your needs.

"Industrial cybersecurity is the process of protecting industrial control systems (ICS) from intended or unintended cyber threats that disrupt or harm people, processes, equipment, and the environment."

Cyber attacks on ICS are on the rise

Merging IT and OT (operational technology) makes one vulnerable

Production IT is no longer an isolated unit from internal IT. Here's why:

Production equipment are increasingly being controlled and monitored from outside: e.g. when technicians access production equipment via remote maintenance access, or company management wants daily reports from production.

The keyword IIoT (Industrial Internet of Things) describes a "smart factory" that is connected to the network, produces and processes data, and can be controlled via end devices.

This is made possible by the merging of IT and OT to ensure permanent accessibility of manufacturing and production control systems from outside. Consequently, these external networks can now be attacked from "outside".

In addition, classic production systems have a runtime of 7 to 10 years. In many cases, their operating systems are outdated because security updates are no longer provided. Also, the installation of updates hinders the production process. This makes the attacker's work much easier.

There have been two attacks on the industry which have gained notable attention:

  • The Stuxnet computer worm - originally used against Iran's nuclear program - attacked control systems and damaged other industrial companies as it spread

  • The Industroyer Trojan which paralysed Ukraine's power grid. The malicious code uses several communication protocols used by SCADA (Supervisory Control And Data Acquisition) systems, giving it capability to directly control electrical switches and circuit breakers

    .

Typical attack scenarios for ICS systems are:

  • Infiltration of malware (including viruses, ransomware, RAT tools) via removable media and external hardware, e.g. BadUSB devices
  • Infection with malware via the internet and intranet
  • Human misconduct & sabotage by insiders
  • Social engineering / phishing

 

 

 

 

Why is the industrial sector of particular interest for attacks?

  • The standstill of production processes due to an attack leads to high costs. Hackers take advantage of this using blackmail software
  • Old systems are an easy breeding ground for Zero Day attacks - these attack through unclosed security holes in the software
  • Lack of knowledge within the production staff regarding possible cyber attacks, and too few IT specialists
  • .
Industrial security becomes increasingly important in times of hacking attacks on production equipment, ICS systems and SCADA systems

What are the requirements for OT and security?

Device or access control to external storage media (e.g. USB sticks, drives and devices)
Prevention of and response to attacks via the Internet, intranet and e-mail

Operational safety and availability
Prevention of human error and human carelessness
Monitoring and logging of all accesses and changes in systems

How to prevent effectively with DriveLock?

  • Restrict the use of removable media and external devices

    Device Control by DriveLock:

    Devices and data flow are controllable, only authorising the use of specified external media, such as USB sticks. Data can also be forcibly encrypted when writing to external media.

    DriveLock also supports complete auditing of the use of external data carriers as well as logging of the data flow, including shadow copies.

  • Protection from malware: prevention & response

    Application Control by DriveLock:

    Defend against attacks through application control using intelligent whitelisting (a list of permitted software applications that can be dynamically expanded).

    The combination of device and application control effectively safeguards the manufacturing process. All interfaces of the PCs involved in the manufacturing process are monitored or blocked. The same applies to the applications used. The machine learning algorithm automatically manages the local whitelist and controls the execution of applications.

    Nevertheless, service technicians must be able to import software updates, for example, via the USB interfaces of the devices. Simply insert the USB stick and accept the usage guidelines. Applications can now be installed in the production line in a defined time window. Machine learning ensures that all executed and copied files are whitelisted.

  • Security awareness training

    Security Education from DriveLock:

    Online lessons and interactive training to raise employees' awareness, e.g. fake mails or phishing attacks through social engineering

    .
  • Monitoring and logging as well as detection of security incidents

    Analytics & Forensics from DriveLock:

    Complementing the protection measures, the DriveLock Control Center offers detailed reporting. Should an attack occur, this will enable you to determine what and who is specifically affected.

    In fact, under the GDPR, you have an obligation to report cyber incidents. Here, it makes a significant difference whether you inform the general public about an attack in a blanket manner, or provide specific details to customers and business partners. With DriveLock's Control Center, you are able to name who and what was specifically affected

    Endpoint Detection & Response EDR from DriveLock:

    Detection and forecast of security incidents, incident response and remediation, and monitoring of end devices.

 

Do you have any questions about our solutions for the industrial cybersecurity?

Write to us - we will be happy to answer your questions.