A vital convergence

Cybersecurity is a crucial concern. OT equipment has become more IT aligned by necessity through standard protocols and ethernet/IP connectivity. Like a bucket of cold water, this fact woke the IT world to the significant vulnerabilities presented by connected operational systems. Furthermore, the press has continued to fill with stories of backdoors exploited by nefarious actors and the dire consequences of which to reputations, service, and profitability.

It was time for OT to be taken seriously and become part of the IT estate with the same high standards and best practice approaches to security.

So, what does this mean for you as a manufacturer?

Firstly, you must ensure that your control systems, such as PLC, SCADA etc., are secure from threats by keeping systems up to date and only providing connectivity between systems that require it. Leaving your entire operation wide open, with everything connected to everything else, is particularly hazardous. The optimal solution is to establish communication channels secured via switches and routers, allowing protocols to be enabled and disabled as required. Through this method, you can install firewalls between departments to further mitigate the threat of a cybersecurity breach.

The second point to consider is access control. Users should only be granted permissions to systems they require within an IT-supported domain. Paired with appropriate password complexity, a policy of regularly changing those passwords can minimise a potential vector of attack.

Next is virtualisation. By abstracting OT systems from the IT hardware, you can install physical hosts in an environmentally controlled data centre; rather than the old method of putting server racks under desks in control rooms, where they were subject to dust, heat, and the occasional accidental kicking from a steel-toe-capped boot.

Rounding out this brief overview is patching and backups. Patching regularly, at the same frequency as IT systems, ensures systems are constantly kept up to date and reduces the impact of ‘timely’ vulnerabilities such as Log4j. We still visit sites where Windows XP, NT and Server 2000 are still in use. These operating systems are running long after official support has ended, meaning security patches are no longer available and the vulnerabilities are well known and widely published.

Because OT should now be firmly on your IT department’s radar, creating a thorough backup regime will mean your systems are recoverable in the event of data loss due to a ransomware attack, operator error or any other disruption.

Experience and Expertise

Novotek Solutions delivers operational technology with a methodology shaped by a deep knowledge gained in over three decades of experience in IT domains.

We’ve led the way in delivering all our projects to a high, IT-compliant standard. Our solutions are supportable, maintainable, and extensible to keep your operation fit for the future.

Read more

Since the beginning of the COVID-19 pandemic, businesses across the UK have faced a surge in cybercrime. In fact, research indicates that UK businesses experienced one attempted cyberattack every 46 seconds on average in 2020. Industrial businesses are a prime target for hackers and the ramifications of a data breach or denial-of-service attack are far-reaching, making system security imperative. Here, David Evanson, corporate vendor relationship manager at Novotek UK and Ireland, explains how industrial businesses can keep their vital systems secure.

For many business leaders and engineers, it is still tempting to consider large multinational companies or data-rich digital service providers to be the prime target for hackers. However, the growing volume of cyberattacks on businesses globally show that any company can be a target of malicious attacks on systems and services.

According to research by internet service provider Beaming, there were 686,961 attempted system breaches among UK businesses in 2020, marking a 20 per cent increase on 2019. Of these attacks, Beaming noted that one in ten intended to gain control of an Internet of Things (IoT) device — something that indicates a tendency to target system continuity rather than conventional data.

Both factors together are cause for alarm among industrial businesses of all sizes. Hackers are targeting all manner of companies, from start-ups to global organisations, and focussing more on the growing number of internet-connected devices and systems that were previously isolated.

The consequences of a device being compromised range from data extraction to service shutdown, and in any case the financial and production impacts to an industrial business are significant. There is no single quick fix to bolster cybersecurity due to the varying types of hacks that can take place. Some cyberattacks are complex and sophisticated; others less so. Many attacks on devices tend to fall into the latter category, which means there are some steps industrial businesses can take to minimise risk.

Novotek has been working closely with industrial businesses in the UK and Ireland for decades. One common thing that we have observed with automation hardware and software is that many engineers do not regularly upgrade software or firmware. Instead, there is a tendency to view automation as a one-off, fit-and-forget purchase. The hardware may be physically maintained on a regular schedule, but the invisible software aspect is often neglected.

Older firmware is more susceptible to hacks because it often contains unpatched known security vulnerabilities, such as weak authentication algorithms, obsolete encryption technologies or backdoors for unauthorised access. For a programmable logic controller (PLC), older firmware versions make it possible for cyber attackers to change the module state to halt-mode, resulting in a denial-of-service that stops production or prevents critical processes from running.

PLC manufacturers routinely update firmware to ensure it is robust and secure in the face of the changing cyber landscape, but there is not always a set interval between these updates.

In some cases, updates are released in the days or weeks following the discovery of a vulnerability — either by the manufacturer, Whitehat hackers or genuine attackers — to minimise end-user risk. The firmware version’s upgrade information should outline any exploits that have been fixed.

However, it’s important to note that legacy PLCs may no longer receive firmware updates from the manufacturer if the system has reached obsolescence. Many engineers opt to air-gap older PLCs to minimise the cybersecurity risk, but the lack of firmware support can also create interoperability issues with connected devices. Another part of the network, such as a switch, receiving an update can cause communications and compatibility issues with PLCs running on older versions — yet another reason why systems should run on the most recent software patches.

At this stage, engineers should invest in a more modern PLC to minimise risk — and, due to the rate of advancement of PLCs in recent years, likely benefit from greater functionality at the same time.

Firmware vulnerabilities are unavoidable, regardless of the quality of the PLC. At Novotek, we give extensive support for the Emerson PACSystems products that we provide to businesses in the UK and Ireland. This involves not only support with firmware updates as they become available, but also guidance on wider system resilience to ensure that businesses are as safe as possible from hardware vulnerabilities. The growth in cyberattacks will continue long beyond the end of the COVID-19 pandemic, and infrastructure and automation are increasingly becoming targets. It may seem a simple step, but taking the same upgrade approach to firmware that we do with conventional computers can help engineers to secure their operations and keep running systems safely.