In the industrial world, OT networks consisting of ICS, SCADA and other systems have their own language to communicate and operate large and complex operational infrastructures. More precisely, this is what we know as industrial communication protocols. 

Industrial protocols are real-time communication protocols that interconnect systems, interfaces and devices that make up OT systems. There are multiple types of industrial protocols, many developed by manufacturers for their specific purposes. Protocols are used in different areas within industrial networks, including field device, control and supervisory systems Some of the most commonly used are ModBus, Profibus, Profinet, CIP, DNP3, OPC-UA or Ethernet/IP. 

Communications in OT networks play a key role in industrial environments where a vast amount of packages exchange critical information based on operational processes and assets. Therefore, the integrity of the information in transit should never be compromised in order to assure optimum performance, efficiency and security of operations. 

Fortunately, some recent industrial protocols have been developed including native security mechanisms. This is the case, for example, with OPC UA (signed/encrypted), DNPSec (a secure version of DNP3), and CIP Security (an extension of the CIP protocol). However, many industrial protocols were designed without cybersecurity in mind, not providing any authentication, encryption as these at times do not support SSL or TLS . Operational data may be transported in the clear, without any encryption and very weak security mechanisms, so secure communications is something challenging in OT networks.

OT environments have a massive amount of legacy equipment which has a much longer lifecycle than IT devices. Some of the devices were developed decades ago without bearing in mind the reality of an interconnected world, so it is very common within industrial communications to be using insecure industrial protocols. This is mainly due to the fact that automation vendors had developed these systems without any knowledge or experience of the cyber risks.

In addition, many devices run old and outdated versions of operating systems such as Windows NT and XP or outdated application software. Such systems have many vulnerabilities unpatched, opening the door for unauthorized access and allowing attackers to inspect and manipulate traffic. The problem gets even worse as in many cases it is difficult to patch or replace industrial equipment because doing so can cause disruptions or downtime and can lead to reliability problems, high costs and other operational problems.

Latencies are also critical for OT communications, as operational networks should enable the efficient transfer of data in real time and with a high availability. This presents some challenges as adding security features may have an impact on the performance of these protocols, causing delays in communications and seriously affecting processes. Thus, in many cases no security added to avoid these problems and ensure full data availability at every moment.

Simply scanning an OT network can be enough to disrupt it. Many of the industrial protocols are sensitive enough that the introduction of a significant amount of unexpected traffic will result in protocol failure, leading to an effective DOS condition.

Industrial enterprises have a high pressure to make cost-effective and fast decisions. To achieve this purpose up-to-date and accurate information is required. This information should be about the plant and status of the processes that should be available at the management level as well as the operations level, without compromising its integrity and confidentiality. However, this is challenging as industrial environments are a key target for cyber criminals and attacks are becoming increasingly sophisticated.

It is essential to be aware of which protocols are being used by the equipment to transport a command or activate a service, and have a detailed knowledge of all the communications that may be exchanged. It is very important to know the physical and logical mapping of OT networks, plus understanding how the industrial processes work. The first step for achieving this is to have an increased visibility which can be delivered by deploying network probes for network discovery, our OT network discovery solution. However, if not combined with other OT security solutions, the actions are limited as it does not in any way secure flows, block illegitimate traffic or protect devices.  

Once the previous step is done, it is recommended to use industrial firewalls to block unauthorized traffic and intrusion attempts. However, the problem is not completely solved as new, unknown attacks may occur and they have no trouble with passing as a legitimate communication flow. Additionally, firewalls can slow down communications between devices and have a negative impact on network performance, so it is very important to choose a suitable firewall solution, compatible with legacy infrastructure and industrial protocols in order to avoid increasing latencies.

To maximize the effectiveness it is important to upgrade this layer of OT cybersecurity with advanced protection measures designed in conformity with industrial security norms and standards such as IEC-62443. It is highly recommended to take a Zero-Trust approach, implementing next-level security measures such as OT network segmentation where secure zones with their own unique set of granular protections are defined. This includes securing conduits authentication, traffic encryption and inspecting traffic to filter which types of protocols are allowed and establish secure communications between segments.

The more OT security measures are implemented, the better and more successful will be your industrial cybersecurity strategy. With Enigmedia’s advanced OT cybersecurity solutions, we help to deliver extreme security for OT communications, minimizing vulnerabilities and the risk of attacks expanding throughout industrial networks. Contact us if you want to know more about how we are addressing OT security challenges such as controlled security of industrial protocols.

https://enigmedia.es/company/contact/

Related posts:

• OT Cybersecurity Roadmap based on IEC-62443: https://enigmedia.es/2021/07/26/ot-cybersecurity-roadmap-based-on-iec-62443/
• Mitigating Cyber Risks in the age of OT/IT Convergence: https://enigmedia.es/2021/07/02/mitigating-cyber-risks-in-the-age-of-ot-it-convergence/
• Introduction to the great unknown world of OT Cybersecurity: https://enigmedia.es/2021/06/24/introduction-to-the-great-unknown-world-of-ot-cybersecurity/

Enigmedia is a Cerified Technology Partner of Schneider Electric. You can also find our solution in SE Exchange marketplace: https://shop.exchange.se.com/en-US/apps/44917/mercury-cipher