The major risks to process control and automation stems from three factors. The first factor is the diversity of communications methods and industrial protocols that are fundamentally open and insecure, because they were designed to operate within an implicitly secure silo. The second factor is the network firewalls and intrusion detection systems retrofitted into an interconnected and layered ecosystem they were not purpose-designed or intended for operations technology (OT). The third factor is that unlike the IT approach of quarantining infected user workstations (endpoints) with virtual LAN (VLAN) based network segmentation, process control systems in OT are live and quarantining devices in an interconnected system disrupts service and causes undesirable outage. Reactive approaches based on network-based anomaly detection and deep-packet inspection of application protocols will be challenged eventually by the onset of encrypted network traffic (without application reengineering) in the years ahead.
The strategy will require at least
Process Automation Workflow
More than €20 million is at stake per incident of noncompliance.
Industrial automation manufacturers and critical infrastructure operators must ensure compliance with cybersecurity standards such as NIST 800-53, IEC 62443-3-3, and FIPS 140-2. Furthermore, certain industries must comply with additional standards such as NERC CIP 003 for electric utilities and DO-178 for avionics. Keeping up with these standards as well as emerging standards from the Industrial Internet Consortium (IIC) and Industrie 4.0 is challenging. Older protocols such as Modbus, DNP3 and BacNet can be difficult to secure.
Mocana’s end-to-end security system is an FIPS 140-2 validated embedded cybersecurity software solution that ensures device trustworthiness and secure communications by giving industrial automation manufacturers, OEMs and critical infrastructure operators an easy way to harden electronic control units and controllers with multi-factor authentication and trust chaining, as well secure boot to validate the firmware, OS and applications.