Cyber criminals are increasingly attacking industrial facilities and attempting to find gaps in their security walls. To counter them, experts are steadily upgrading defenses. Siemens has developed a defense strategy to help them.
by Hubertus Breuer
Security experts won’t forget 2017 anytime soon. In May, the world held its breath as WannaCry ransomware left a trail of destruction in its wake. In Germany, the display panels of many train stations shut down, some hospitals in the UK had to postpone surgical operations, and automakers around the world saw their assembly lines come to a standstill. But that wasn’t the end of it. A similar cyberattack called NotPetya struck only one month later, in June. To give just one example of its effects, it prevented the world’s largest shipping company, Maersk, from knowing which shipments were out at sea and which ones were in container terminals. The cyberattack caused up to €300 million in damages.
Ensuring the security of digital systems is essential because attacks are affecting not only consumers, but increasing numbers of industrial firms. According to statistics collected by Russian cyber crime specialist Kaspersky Lab, one third of the thousand companies it surveyed worldwide in 2017 said they had been the victims of targeted cyberattacks — an increase of eight percent over the preceding year. Moreover, the attacks are becoming more sophisticated and sometimes aren’t discovered until weeks later.
The challenge is that today’s industrial production plants not only rely heavily on digital systems, but are also increasingly networked. As a result, hackers working for governments, criminal groups or others are finding more and more weak points that enable them to commit sabotage, industrial espionage or blackmail. They no longer use randomly spread distributed denial of service (DDoS) attacks that cause websites to crash by bombarding them with inquiries. “Cyber criminals are increasingly launching attacks that are tailored to specific industrial facilities,” says Stefan Woronka, Head of Sale Industrial Security Services at Siemens. “As a manufacturer of automation solutions, we experience such attacks on a daily basis. Ensuring the security of these systems is our daily business.”
In order to be successful, companies such as Siemens always need to be a step ahead of the wide array of increasingly sophisticated attacks that are conducted with extensive resources and a high level of professionalism. “It’s a cat and mouse game,” says Woronka. “Of course this means that security measures must always be completely up to date.” That’s true even if the device they are protecting is no longer very modern. Whereas office equipment generally has a life cycle of two to four years, industrial facilities are used for 20 years and sometimes as long as 30 years.
In view of this, experts at Siemens Industrial Security Services have developed a phased defense strategy based on the “defense in depth” concept, which enables industrial technology from Siemens and devices from other manufacturers to be adapted to changing threats. This strategy consists of three consecutive protective functions that are coordinated with one another. It starts with a facility security system such as a physical access control function that uses biometric recognition. The next line of defense is a network security system that, for example, protects production networks and industrial communications by means of firewalls and virtual private networks (VPNs). The third protective wall is systems integration, which protects terminals and automation systems that are password-protected or can only be reached by going through whitelist anti-virus software, which only grants access to certain programs.
Whereas office equipment generally has a life cycle of two to four years, industrial facilities are used for up to 30 years.
Thanks to 1,300 cybersecurity employees, Siemens is well prepared to deal with cyberattacks. These experts use their digital factory expertise to make the most of MindSphere, an open, cloud-based IoT operating system from Siemens that enables facility managers to perform predictive maintenance and energy data management or optimize the use of resources. More than one million devices are currently connected to MindSphere. Although the “cloud” may sound fleeting, data is saved more securely there than on many corporate computers. MindSphere is aligned to main security standards, such as the international IEC 62443 standard, which specifies the IT security levels of automated systems. MindSphere encrypts its data traffic and uses high-security computer centers.
Unfortunately, many attacks on industrial facilities require very little effort, because the gates are wide open. When experts such as Stefan Woronka visit customers, they often encounter passwords such as “123456” or “Password.” In addition, many companies are slow to download security updates. If such updates had been installed on time last year, WannaCry and NotPetya might not have had any effect on some systems.
In the long run, experts at Siemens don’t think it will be enough to simply secure major production facilities. Security systems also have to be monitored around the clock. “For Siemens facilities we use a monitoring system that knows about 40,000 indicators that could signify a cyberattack,” says Woronka. Because some companies can’t afford such monitoring, separate security centers, including those from Siemens, may eventually be able to offer monitoring services. “In the future, help will also be provided by self-learning adaptive security architectures that will use the latest data to test an operator’s system,” says Woronka. “However, cyber criminals are now using artificial intelligence too.” In other words, the cybersecurity cat and mouse game is likely to continue for a long time.
Picture credits: from top: 1. Getty Images/EyeEm, 2. Shutterstock / xieyuliang
Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.
It looks like you are using a browser that is not fully supported. Please note that there might be constraints on site display and usability. For the best experience we suggest that you download the newest version of a supported browser: