Cyber Security

Cybersecurity in industrial communication and automation refers to the measures, practices, and technologies employed to protect industrial control systems (like PLCs) and other operational technologies from cyber threats and vulnerabilities. Unlike traditional information technology (IT) systems, which primarily deal with data processing and communication, it encompasses hardware and software systems that manage and control physical processes, such as manufacturing, energy production, transportation, and more.

Initially, Industrial systems were traditionally isolated from external networks and not connected to the internet, making them less vulnerable to cyber threats. However, increasing interconnectivity with IT systems, driven by the Industrial Internet of Things (IIoT) and digital transformation initiatives, has increased the attack surface and exposed systems to a wider range of cyber threats.

A successful cyber-attack on an industrial system can have severe consequences, including physical damage to equipment, disruption of critical services, environmental disasters, and even loss of life. Cyber criminals are increasingly targeting industrial networks, recognizing the potential for disruption due to inadequate security measures.

Due to the far-reaching effects that cyberattacks can have on industrial environments, legislators and other, mostly industry-specific organizations are also imposing increasingly stringent requirements that industrial companies must meet. As a result, the issue of cyber security is becoming ever more deeply and structurally integrated into the development of industrial components, machines and systems. One example of this is the European Union's Cyber Resilience Act (CRA), which aims to improve the cyber security of products that can be connected to each other or to the internet. This clearly also applies to hardware and software products used in industrial production. Rather than explain the full scope of the CRA, which is beyond the scope of this article, the following explains how such legislation can be complied.

Legal requirements are usually met by means of international standards, i.e. standardized frameworks that companies can use to implement requirements in a structured and holistic manner. These are developed and published by cross-industry organizations such as the ISO (International Organization for Standardization) or industry-specific associations such as the IEC (International Electrotechnical Commission).

IEC 62443, for example, is relevant for fulfilling the CRA in the automation sector. The international series of standards IEC 62443 "Industrial communication networks - Network and system security" consists of several parts and describes both technical and procedural aspects of industrial cybersecurity. It divides the industry into different roles: the operator, the integrators (for integration and maintenance) and the manufacturers. The different roles each take a risk-based approach to preventing and addressing security risks in their activities.

One of the important tasks of it is to ensure compliance with regulatory requirements, it provides a framework for meeting various cybersecurity regulations and mandates applicable to industrial environments. At the same time, it fosters collaboration among stakeholders. It helps to engage asset owners, service providers, and component manufacturers to collectively enhance the security of IACS.

These standards help organizations in the industrial sector enhance the resilience and security of their control systems, mitigate cyber risks, and protect critical infrastructure from cyber threats. By adhering to the IEC 62443 standard series, organizations can establish a solid foundation for cybersecurity in industrial automation.

Network Security

Firewalls act as a barrier between trusted internal networks and untrusted external networks, monitoring and controlling incoming and outgoing traffic to prevent unauthorized access and protect against malware. It also consists of Intrusion Detection and Prevention Systems (IDPS). These systems monitor network or system activities in real-time, detecting and responding to potential threats to provide an additional layer of defense against cyber-attacks.

Cloud Security

Security controls and tools to protect cloud-based applications, data and infrastructures are becoming increasingly important in the age of IIoT. In order to close gaps in the security offerings of cloud service providers, companies are also increasingly turning to specialized security services from third parties.

Threat Intelligence and Malware Analysis

Analyzing the evolving threat landscape, including new vulnerabilities and malware, to understand the latest attack methods. It also Researches and understands how malware operates to develop protective measures and countermeasures and then it acts accordingly.

Patch Management

Regularly updating and patching Industrial OT systems and software helps address known vulnerabilities and reduce the risk of exploitation by cyber adversaries. However, industrial environments often have unique challenges, such as limited maintenance windows and compatibility concerns, which must be carefully addressed.

Regulatory Compliance

Compliance with industry-specific regulations and standards, such as NERC CIP, IEC 62443, and others, helps ensure that systems meet minimum security requirements and maintain resilience against cyber threats. Organizations must stay updated with evolving regulatory landscapes and adapt their cybersecurity practices accordingly.

Network Segmentation

Implementing segmentation to isolate industrial networks from external networks, such as corporate IT networks or the internet, helps minimize the attack surface and limit the spread of cyber threats within the industrial environments.

Endpoint Security

It secures end-user devices like desktops and laptops with data and network controls, advanced threat prevention, and endpoint detection and response (EDR) capabilities. It also provides mobile security which prevents mobile device threats like malicious apps, zero-day attacks, and phishing through specialized mobile security solutions.

By addressing these key aspects, organizations can enhance the cybersecurity posture of their operational technology environments and safeguard critical infrastructure and industrial processes from cyber threats and disruptions.

Protecting Field Devices and Edge Computing

It helps to secure field devices like sensors, actuators, and programmable logic controllers (PLCs) that are increasingly connected and integrated with enterprise systems. Cyber security ensures the security of edge computing platforms that process and analyze data closer to the source, as they can be vulnerable entry points for cyber-attacks. At the same time, it Implements hardware-based security features, secure firmware development, and robust authentication and access controls to protect field-level equipment.

Manufacturing Plants

Manufacturing plants rely heavily on automation systems to optimize production processes, increase efficiency, and ensure product quality. These systems often consist of interconnected industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems. Cybersecurity is critical in manufacturing plants to protect these systems from cyber threats that could disrupt operations, cause downtime, or compromise product integrity. A cyber-attack on a manufacturing plant could result in production delays, equipment damage, or even safety hazards for workers.

Securing Cloud and Enterprise Integration

It protects cloud-based applications, data, and infrastructure used to manage and optimize industrial operations. It also helps by Implementing supplementary cloud security tools to address gaps in the security offerings provided by cloud service providers. In the age of IIoT, in which countless data is fed into cloud-based applications for the purpose of process optimization, securing this process information is becoming increasingly important.

Industrial Communication Networks

Industrial communication networks facilitate data exchange between various components of automation systems, including field devices, controllers, and monitoring stations. These networks may utilize protocols such as Modbus, Profibus, Ethernet/IP, or Profinet to enable communication in manufacturing environments. Cybersecurity measures are essential to protect industrial communication networks from threats such as unauthorized access, data interception, or denial-of-service attacks. Securing these networks helps ensure the confidentiality, integrity, and availability of data transmitted between different elements of the automation infrastructure.

Remote Access and Monitoring

With the increasing adoption of remote monitoring and maintenance capabilities in industrial automation, cybersecurity becomes even more critical. Remote access introduces cybersecurity risks, as it provides potential entry points for cyber attackers to exploit vulnerabilities in industrial systems. Implementing secure remote access solutions, such as virtual private networks (VPNs) or secure remote desktop protocols, helps mitigate these risks and ensure the secure management of industrial assets.

Addressing Insider Threats and Supply Chain Vulnerabilities

Cyber Security also means implementing measures to mitigate the risks posed by disgruntled employees or contractors with access to industrial systems. It Establishes robust supply chain security practices, including vendor assessments and secure handover procedures, to address vulnerabilities in third-party components and services.

Cybersecurity is integral to the safe and reliable operation of manufacturing plants, field devices, and industrial communication systems. By implementing robust cybersecurity measures, organizations can protect against cyber threats, safeguard critical infrastructure, and maintain the continuity of industrial operations. Industrial organizations can enhance the protection of their IACS and mitigate the risks of cyber threats to their manufacturing operations and critical infrastructure.

Cybersecurity offers numerous advantages across various domains, including business, technology, and society.

Protecting Critical Infrastructure

Cyber security is essential for safeguarding industrial control systems, SCADA networks, and other critical infrastructure from cyber threats that could lead to physical damage, environmental disasters, or even loss of life. It also Implements security measures at the field device, edge computing, and enterprise levels and helps mitigate the risks posed by the convergence of operational technology (OT) and information technology (IT) systems.

Improved Data Recovery

Comprehensive cyber security strategies include robust data backup and recovery mechanisms, ensuring that critical information can be quickly restored in the event of a successful cyber-attack or system failure. This capability helps organizations maintain business continuity and minimize the impact of cyber incidents.

Innovation and Growth

Cybersecurity fosters a secure environment for innovation and technological advancement by mitigating the risks associated with digital transformation and emerging technologies. Organizations are more inclined to adopt new technologies, such as cloud computing, IoT, and artificial intelligence, when they have confidence in the security measures protecting their digital assets.

Ensuring Business Continuity

Cyber security helps prevent cyber-attacks that could disrupt or halt business operations, such as computer crashes, system freezes, and ransomware infections. By mitigating the risk of successful cyber-attacks, organizations can maintain the availability of their systems and services, minimizing downtime and potential financial losses.

By addressing these key advantages, organizations can effectively protect their digital assets, ensure business resilience, and maintain compliance with relevant regulations, ultimately enhancing their overall cyber security posture.

With growing relevance of IIoT and the related OT/IT convergence, cyber security becomes more and more important on field level. To ensure robustness and availability of a system, three cyber security goals must be met: Confidentiality, Integrity and Availability.

Hilscher products address these goals. Their hardware and software components offers features to meet IEC 62443 requirements and significantly improve cyber security on field level. Here are a few examples:

With the netX 90 architecture, Hilscher has focused on the embedded security requirements for field devices in the hardware. If a device wants to authenticate itself in the system, the firmware must have the necessary integrity. The transmitted data should be encrypted to prevent unauthorized access and protect against data manipulation. Role definitions ensure that only authorized users can access the device or make changes to it. All of these mechanisms ensure integrity, authenticity, confidentiality and authorization and thus the availability of the device and the system. Hilscher's firmware is perfectly adapted to the netX-90 hardware for these tasks and uses its hardware mechanisms to make devices compatible with standards such as IEC 62443.

Secure Boot is a “close to hardware” functionality of the Products based on netX Communication Controllers that is active during the start-up phase of the device. It ensures that only intended, original firmware without manipulations is started and executed on the device. The firmware signing, public key installation and secure boot configuration is performed with the netX Studio IDE. Command line tools are available for production environments.

The Hilscher EtherNet/IP protocol firmware with CIP Security for netX 90 supports the “EtherNet/IP Confidentiality Profile”, which covers the aspects integrity, authenticity and even confidentiality. Most secure communication functions are based on the TLS – Transport Layer Security – stack, on top of the TCP/IP stack and the netX 90 crypto accelerator in hardware. HTTPS protocol support ensures secure Webserver accesss. The implemented user database allows the definition of user groups, roles and related data access rights.