Protecting your PLC Systems
Cyberattacks continue to evolve, becoming increasingly difficult to detect and mitigate. For this reason, it should be a priority to establish mechanisms to adapt to the new situation and minimize thi...
Increasing the level of connectivity of industrial networks offers many benefits but also leads to an increase in cybersecurity risks that may affect the control of operations.
The cyberattacks continue to evolve, becoming increasingly difficult to detect and mitigate. For this reason, it should be a priority to establish mechanisms to adapt to the new situation and minimize this type of threat.
The easiest thing to do is monitor the network: the faster we are to respond, the lower the impact of potential attacks received. Monitoring plays a very important role in allowing us to detect incidents and act quickly. Therefore, the protection of PLCs and PACs must begin before receiving attacks.
There are monitoring tools that use “port-mirror” of the network electronics to easily detect communication protocols, connections or unexpected types of communication. Although these communications do not have to represent a real threat, it can be used as an indicator to investigate to perfectly understand what is happening in our OT network and be able to discern what is correct and what is not.
Most companies are aware that anti-malware solutions should be implemented on SCADA servers or HMI equipment, but it is equally important to apply these solutions to “any” device that connects to the control network, including laptops, tablets, mobiles, etc., since any device can be used to perform malicious actions and/or lateral movements.
When the anti-malware solution is implemented transversally and centrally for the entire installation, it can prevent, detect and eliminate malicious code; it also helps the monitoring process to be more effective and efficient.
Limit the Damage
No matter how prepared you are, attacks continue and will continue, therefore, it is not only necessary to prevent them from succeeding but also to limit the damage in case they are successful.
One way to limit damage is to implement a defense-in-depth strategy where it is proposed to apply a series of security measures, independent of each other, in layers. In this way, a possible attacker will have to overcome several defenses to successfully compromise the system. Having a good defense-in-depth strategy helps to avoid security problems and production stoppages.
Segmenting networks between different logical zones helps to minimize internal threats, which, although less common, can have catastrophic results. Having different segmented zones can pose an additional challenge for the management and maintenance of the industrial network, however, it is considered by the IEC 62443 as one of the best ways to protect OT environments. Isolating, auditing and monitoring PLC network accesses is usually the ideal mechanism to ensure that the productive core of the plant is as little exposed as possible.
Another mechanism to limit damage is the use of redundancies, high availability / fault tolerance architectures and having backups of the control systems. In this way, the systems will be able to continue operating in the event of hardware/software failures of their components.
Finally, the best mechanism to limit the impact of cybersecurity threats is to establish business continuity policies and procedures.
Disabling and blocking all unused communication ports, as well as deactivating unnecessary services, are other activities that usually go unnoticed and are not carried out. From the cybersecurity point of view, they should be carried out to minimize the surface of exposure to possible attacks.
Monitoring communications between machines (M2M) is another crucial step to ensure that no type of attack is taking place. All communications should use secure protocols such as OPC UA, which offers robust security of authentication and authorization, encryption and integrity.
Credential Management
Unintentional failures can be one of the main threats to an organization. It is important to lead and educate co-workers to be aware that their actions can represent cybersecurity threats. Awareness and continuous training are key to avoiding social engineering attacks.
Another typical example and one of the biggest threats is the choice of passwords. In a world where the most used passwords are ‘admin’ or ‘123456’ indicate that policies are not followed to use secure credentials. We cannot stop repeating how important it is to use strong and robust passwords, use multi-factor authentication and role-based permissions to increase the level of cybersecurity access.
If after reading this post you still have doubts about how to proceed for the proper protection of your PLCs, do not hesitate to contact us!
