penetrate, especially
with APTs, and provide
an unrealistic sense of
security.
Standards such as
ISA/IEC 62443, the NIST
framework, NERC CIP, and
others have provided a
framework and a path
forward to designing
good OT security
postures for plants. The
ISA Security Compliance
Institute has provided
ISA Secure component
certification since 2010.
Standards compliance
does not necessarily result
in adequate or increased
cybersecurity protection.
OT cybersecurity
challenges
The basic OT cybersecurity
challenge is to deal with
the ongoing industry
transformation. First, it
is necessary to assess the
effectiveness of traditional
controls and cyber tools.
Traditional penetration
testing has been used for
this. The problem is it is
very difficult to operationalize these
traditional tools without considerable
training and overhead to get from the
theoretical to the practical.
The current challenge is moving the
perimeter from the physical plant and
a network-centric focus to the virtual,
which requires providing security to
edge components and applications. Edge
devices are numerous and proliferating.
This makes it impossible to provide
a secure cyber environment without
protecting edge devices in real time to
maintain security for each Level 0 and 1
device.
One main issue is the increase of
poorly-secured IIoT devices being
installed in plants to send data to the
cloud and then to the plant. These IIoT
devices can provide intrusion vectors that
are overlooked by plant operators and
engineers eager to get more data.
The plant is insecure if the supply
chain is insecure. The high integration
between the supply chain and the
control system required in modern
process plants makes the supply chain a
vector for potential attacks.
Active anomaly detection is needed
to maintain a secure plant network. This
makes it possible to achieve the posture
of predictive and preventive response
instead of reactive and conformance-
oriented activity. This includes outside-
the-plant threat intelligence. Often the
best option is to move from a reactive
approach to an adaptive security
posture.
The plant of the future will integrate
operational reliability monitoring,
security monitoring, and network
monitoring with process monitoring.Detection will be transformed from
signature-based detection to anomaly
detection.
OT cybersecurity must be integrated
with management of change functions,
alarm management, safety systems,
and security information and event
management. The entire plant
operational system revolves around
security and safety. For many process
plants, it can be difficult to implement
a modern functional security position.
This is where companies specialising
in cybersecurity can be of assistance to
process plants.!Camilo Gomez is global cybersecurity
strategist at Yokogawa Electric Corp.This article originally appeared on
http://www.controleng.comCybersecurity must be applied in the process industries from the enterprise to the application level.Control Engineering Europe http://www.controlengeurope.com March 2019 29
CYBER SECURITY