Process & Control February 2019

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

FEATURE COMMUNICATIONS & NETWORKS SECURITY IN A CONNECTED WORLD

In today’s connected world, businesses must deal with more and more connected devices. Security is key to success here and should not be ignored, says Tim Ricketts, director of M.A.C. Solutions

H

istorically there has been a convergence between IT (Information

Technology) and OT (Operational Technology). There is now a real need for data from the plant floor to reach the top floor business systems. To date, this has been achieved by connecting firewalls to control the traffic flow and allowing production data to be made available for business information needs. However, if you have a misconfigured firewall, your OT network is at risk from the Internet, as PLCs and automation equipment will be exposed to external infiltration. Imagine the following scenario. A

person is updating a control system; the media is stored on a USB memory device, but the USB memory device has been infected because that person used the device at home the previous evening, which does not have a current active anti- virus. The payload has now been installed as part of a file transfer and has become ‘active’. The malware is now distributing itself through the network PCs and is trying to phone home. Eventually, the malware discovers an open port on the firewall and is able to phone home and deliver a RAT (Remote Access Trojan). This provides a backdoor for remote access by a third party. Before you’re even aware of

it, your OT system is infected with a Ransomware demanding £250,000 in bit coins to provide the keys: no real skills were involved here, just human error. This is just one fairly simple scenario. A

more sinister scenario could be that once the payload has been delivered, you’re now under attack in a very stealth way, your control traffic is being decoded, protocols and devices are being discovered as the attackers are now learning your network, devices and control philosophy ready to launch an attack. This can take months of preparation and finally an attack is launched to disrupt the operation, modify recipes of pharmaceutical batches for blackmail exploitation, turn off the lights or stop the production. During this process, PLC code (data words in data blocks) may have been modified, all under the radar. MAC Solutions has looked at a couple of

Figure 1: MAC Solutions is building a portfolio of products to assist in the war against cyber criminals

OT Cyber attack scenarios. You may be asking yourself what can we do as a business to help mitigate these real threats. MAC Solutions has been working in OT since its inception in 1996 and is a technology vendor and trusted advisor to many European and UK companies. Over the past few years our clients have recognised that they can no longer say that their systems are protected because they are ‘air gapped’ and therefore are immune to cyber attacks. If the security threats mentioned are

Tim Ricketts, director, M.A.C. Solutions

broken down, we can begin to see which solutions can be provided by MAC Solutions (see Figure 1 above). • USB memory devices can be controlled

by preventing the endpoint computer accepting a device unless it has been scanned and verified first. • PLC code changes can be protected by

daily comparisons and by reporting on any unauthorised changes. • Traffic scanning and ingress protection

can be identified by Intrusion Detection Systems that are specifically designed for OT network traffic. • Inter-communications between

endpoint devices can be encrypted at wire speed to prevent control traffic being interpreted and a ‘Man in the Middle’ attack launched. • Firewalls to be replaced with

unidirectional gateways, so data can be mirrored between OT and IT, traffic only flows in one direction at the speed of light using data diode technology.

OT cyber attack

scenarios need solutions to mitigate risk

14 FEBRUARY 2019 | PROCESS & CONTROL

M.A.C. Solutions www.mac-solutions.net



Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52