Security in industrial and production systems: how to meet the challenge

The topic of IT security has certainly been one of the hottest and most debated in the corporate landscape in recent months. After many years of neglect, Finally, the CDAs have understood the importance of an IT risk prevention and governance policyalso thanks to a situation where cybercriminals go crazy and block the operation of many companies every day through ransomware and other types of attacks.

Siemens_native_securityOT

However, cyber risk awareness is not yet as well developed in a sector heading towards digitalisation such as industrial and production machinery. From factories to textile industries passing through fine mechanical industries and energy distributors, all devices risk compromising, above all by virtue of a new scenario that has been established for some time now, involving all aspects of business.

The new scenario sees a technological convergence that needs to be carefully evaluated

With the advent of the cloud and big data, many companies have started the process of digitizing their business, with important consequences is at process leveland the results obtained.

In order to stay competitive, a modern enterprise actually needs a very strong digital integration, with each sector that contributes to the power of the data lake and a very strong IT department capable of analyzing and transforming this data into wealth and business tools.

But to contribute to the data lake, every part of the business needs to be connected to the IT infrastructure and it constitutes a major change from earlier in the OT industry (Operational technology).

Siemens_native_securityOT

“Once upon a time,” says Angelo Candian, Business Segment Manager – Digital Connectivity and Power of Siemens – “the machines lived in a network completely separate from the IT network and therefore difficult to attack externally. Today, however, all aspects of the business must be interconnected in order to provide the management software with the data coming from logistics, marketing, sales and, of course, from the machines in force in the OT sector, whether production or management. “

“This” – continues Candian – “serves to ensure greater competitiveness, a shorter time to market, improve process transparency and optimize resources. To do this, the OT part must ‘open’ up the IT part to allow dialogue and data passage, but the process is neither immediate nor trivial. In a production environment, everything must be done in such a way that production capacity is protected and guaranteed, 24 hours a day, seven days a week. “

To move in the right way, therefore you need to know all aspects of production processes, network connections and security well.

The differences between IT and OT domains

The first major problem that industries and manufacturers need to address is precisely that the staff to manage the integration process on a single infrastructure. “Very often” – confirms Candian – “there is a very marked dualism in companies: Those who deal with the IT infrastructure know very little about how the OT infrastructure works and vice versa. For this it is necessary to guide the staff in the two worlds towards a common middle ground where they can begin to communicate. “

While IT uses speed-favored protocols to move a lot of data in a short amount of time, in the OT sector, less efficient protocols from a bandwidth point are preferred, but much more reliable in terms of latencies; which must be absolutely predictable and constant.

Siemens_native_securityOT

After all, a machine can produce dozens of pieces per second, and the synchronization with those who go ahead and follow it in the process must be absolute. You must be able to do that move a few kb of data in a few milliseconds, with a variation in latency that must remain in the order of microseconds. Needs that are completely different from those encountered daily in the IT sector and that cannot be confronted with typical network protocols.

But the differences do not stop there and also extend to the type of work area. Most of the IT machines are actually located in an office or in an environment that is mainly designed for functionary work. OT machines, on the other hand, are very often in difficult environments, where they encounter high or very low temperatures, in dusty, humid or cramped areas, which makes it difficult to comply with the physical operating parameters. Not surprisingly, many OT machines are PLCs or rugged devices.

Siemens_native_securityOT

Finally, in the OT sector, there is an almost completely absent aspect of IT: physical security of operators working on the machine or in the surrounding environment. A machine must check its status and its communication in real time to immediately stop responding in the event of a malfunction.

How to develop the necessary skills

In order to cope with the huge amount of skills required to secure an OT infrastructure, one will therefore need to create a team consisting of elements that come from both the IT and OT worlds and prepare it properly. The partner who accompanies the company in this process is usually able to provide both the advice in connection with the organizational part and the necessary training.

“The approach we have at Siemens” – says Candian – “is precisely to accompany the company in this transformation, to support trained staff in both the technical and organizational aspects, to bring each plant to full compliance with the IEC 62443 standard. “

Siemens_native_securityOT

The task is not easy, also because when it comes to OT, it is grouped under the same hat a huge amount of solutions which instead covers very different areas.

“What is installed in a steel plant” – says Emanuele Ermini, sales specialist DCP team leader at Siemens – “is very different from what is installed in the energy or logistics sector. The environments are very different, as are the temperatures and operating conditions. account shall be taken of the case of making existing fleets of machinery safe. “

Even existing and perhaps very obsolete machine fleets they can be secured and brought up to standard with the addition of the right infrastructure.

Siemens_native_securityOT

“In industrial areas” – says Mauro Cerea, Cybersecurity OT Manager at Siemens – “it is very common to find machines with outdated operating systems, even Windows XP, which are not patched to avoid problems during the operations they control or which they In these cases, we often resort to “whitelisting” techniques to circumvent all technical limitations and ensure security. “deployed machines that act as a ‘bridge’ between old and new technologies, digitize the output data and transform the commands into analog inputs. In this way, fleets of machines can be preserved, which despite their age still have much to offer”.

Covering all possibilities is therefore a very complex task, and the best way to approach it is to benefit from the competencies of partners with extensive experience on the market and can take advantage of the transformations already facing to find the most appropriate solutions for each new case, to bring the OT infrastructures to offer the necessary resilience to the challenges posed by the cybercrime scenarios in these difficult years.

Leave a Comment