We’ve been discussing the increase in cybersecurity threats faced by the energy sector, particularly oil and gas companies using network-connected devices to monitor and control infrastructure and equipment. According to a recent study by the Ponemon Institute, this operational technology (OT) environment generally lacks adequate security measures, and thus poses a greater risk than the information technology (IT) environment.
The growing OT threat is hardly unique to the energy sector. Organizations in a wide range of industries are increasing their use of devices that collect data and automate many operational functions. Supervisory control and data acquisition (SCADA) and machine-to-machine (M2M) communications have been around for decades, but traditionally have been “disconnected” from the IT infrastructure. The Industrial Internet of Things (IIoT) is changing that, enabling OT systems to deliver data to the data center for processing and analysis.
The problem is that SCADA networks were designed for “security by obscurity,” with weak authentication and authorization controls. An attacker who gains access to a SCADA device, whether through a physical connection or compromised credentials, could work his way through the network via inter-site sessions. The IIoT increases this risk by exposing these devices to Internet access.
The Roots of the IIoT
The concepts behind the IIoT really aren’t new — industrial Ethernet networks emerged a number of years ago as a vehicle for consolidating diverse industrial automation systems onto the corporate LAN. Ethernet is ubiquitous. Industrial automation systems, by contrast, typically connect via serial interfaces using a multitude of proprietary protocols. Industrial Ethernet protocols make it possible to connect diverse industrial automation systems to a common data network that delivers greater scalability, efficiency and performance.
Use of industrial Ethernet is increasing even though the overall industrial automation market remains flat. Industrial Ethernet growth is being driven by a number of trends, including the IIoT, IT/OT convergence and Industry 4.0, as well as a desire to replace serial connections with a common network architecture.
The business benefits are enormous. Industrial Ethernet reduces the cost to design and implement new industrial automation systems. It enables organizations to modernize their operations and integrate automation systems with the enterprise IT infrastructure. Staff can monitor and manage critical assets and operations from remote locations, and readily access OT data.
What about Security?
Ironically, industrial Ethernet can also enhance cybersecurity. As noted earlier, OT security tends to lag behind IT security, which benefits from a much larger professional community and greater demand for robust products. When industrial automation systems were deployed using hard-wired connections, there was limited need for the kind of security measures that IT now takes for granted. By converging these systems onto Ethernet, organizations can begin to apply IT security tools and best practices to the OT environment.
There are now security products, including firewalls, intrusion prevention systems and secure gateways, designed specifically for the industrial Ethernet environment. VPNs can be used for secure remote access and VLANs to segment interconnections between subsystems. Event loggers allow for the monitoring of industrial Ethernet switches, access points and other gear, and can be integrated with security information and event management (SIEM) tools to correlate log data and spot potential threats and attacks.
Industrial Ethernet brings immense value to the OT environment — performance, scalability, familiarity and integration with the IT infrastructure. But perhaps its greatest potential lies in its ability to mitigate OT security challenges through centralized visibility and well-established controls.