IT security risks in manufacturing environments
Safety becomes IT security
When people talk about safety in industrial environments, they usually mean fail-safety, electrical safety, safety for the works personnel, safety in response to adverse weather conditions and explosion protection. It is often the case, however, that the safety risks typical of the internet and office environment, such as denial of service attacks, the manipulation of data and systems and unauthorized access to data or IT systems are unknown, undetected or ignored. These, however, can have serious consequences and even put lives at risk.
The increasing rates of networking are creating synergies, but unfortunately, they are also creating more risks
The newly created transitions mean that all of the threats from the office environment and the internet are suddenly omnipresent in manufacturing and processing networks. This fact and the arising consequences can bring process IT personnel to their limits in terms of what they are able to assess and solve using their know-how in the area of safety. Process IT is obliged to address threats from the office environment that are new to them. Office IT teams are also required to gain know-how from the area of process IT.
Using protective mechanisms from the world of office IT is not a sustainable solution for process IT
It is almost always the case that the IT security solutions which are typically used in the office environment are also thought appropriate for neutralising the new threats to the process IT. These include:
Maintaining anti-virus systems is very time consuming. At the least, up-to-date patterns should be demonstrable on all systems. An online distribution of the patterns is impossible for technical reasons. Updating the systems from the internet itself can also be classified as very problematical, which means that the only remaining approaches are manual ones.
Firewalls and intrusion prevention systems (IPS)
The classic, primary goal of the IT security of process IT - availability - is clearly reduced with the use of firewalls and IPS. Both of these solutions require the data traffic to be guided through these systems. This leads to new risks of failure. These systems are also configured to block data traffic (IPS) or to only authorise manually approved data traffic communications (firewalls). IPS updates can also mean that data traffic which worked before an update is suddenly blocked after it. This poses considerable risks to the availability of the process networks.
Unfortunately, considerable know-how is required of the area of IT security for effective operations. This relates to intrusion provision systems to a particular degree. It is often the case that this know-how is unavailable in process IT department, and has to be developed first. The operation of these solutions is very time-consuming. IPS, in particular, requires continuous maintenance so as to operate securely.
Closing security gaps in process networks
How the honeyBox works
The honeyBox® makes virtual victim systems (honeypots) available in the process LANs so as to attract attacks. During the initial stages of an attack (the manual or automatic exploration of the LAN, scans), hackers and malware (e.g. Stuxnet) will find actual systems and virtual honeypots.
From the hacker's point of view, the honeypots are not initially distinguishable from the genuine systems, but they have a poorer level of security. In the next phases of an attack, they therefore attract the further attention of the hacker or the malware. The alarm is raised upon the initial contact with a virtual honeypot.