Multi-Vendor System Security Possible in IIoT

Wednesday, August 30, 2017 @ 10:08 AM gHale


By Daniel DesRuisseaux
The Industrial Internet of Things (IIoT) will drive rapid growth in the number of connected devices in industrial control systems (ICS).

In addition, there is no doubt cybersecurity will play a vital role in making sure the devices remain protected against potential attacks at an increased attack surface. One question hitting the industry: Is today’s security technology robust enough to tackle potential attacks against an IIoT environment?

RELATED STORIES
Security, Efficiency Must Converge
Fighting FUD from DC
Black Hat: ICS Security Movement
Black Hat: Hacking a Wind Farm

Along those lines, last April at the Hannover Messe, a demonstration showed how products and technologies available today can end up used to help secure industrial control systems.

The demonstration addressed four key points:
1. Solutions that significantly enhance security are available today
2. Equipment can be monitored regardless of global location
3. Use of standards-based solutions enable monitoring of components from different vendors
4. Legacy devices that lack cybersecurity features can be secured within a system

To get to a secure environment in the connected world, the Industrial Internet Consortium (IIC) released a framework to secure industrial control systems. The framework was merged with concepts defining secure cooperation in cross-company environments as developed by Plattform Industrie 4.0 to create the system demonstrated at Hannover Messe.

The demonstration mimicked a real-world, multi-vendor, distributed environment that combined equipment from over 20 IIC and Platform Industrie 4.0 member companies into a single solution. Equipment connected both locally and at remote sites around the world. As it turned out the system demonstration won the IIC Q2 Technical Innovation Award. The demonstration has since evolved into an official test bed that will allow vendors to evaluate interoperability.

The system demonstrated how data from new and legacy equipment could be secured in an industrial control system.

“The system included both the M580 and M340 PLCs. The M580 is Schneider’s flagship PLC that was developed with cybersecurity features integrated into the platform. The M340 is an older platform lacking newer security features. The demonstration illustrated how both platforms could be secured,” said David Doggett, senior director of cybersecurity programs at Schneider Electric. A prototype of secure Modbus designed to encrypt communications between industrial devices was also demonstrated.

The M340 PLC ended up protected in the demonstration by an Intel Security IOT Gateway. The Intel Security IOT Gateway provided cybersecurity features that can help secure equipment that lacks native cybersecurity features.

“The Intel IoT Security Gateway provides the atomic building blocks for security such as identity, mutual authentication, resource, and data authorization, network data control, security management and security monitoring,” said Sven Schrecker, chief architect of IoT security solutions at Intel. “These building blocks are assembled in front of a legacy device such that, from the network perspective, the device appears to be quite intelligent and to have modern security capabilities, even though the device itself remains unchanged.”

The demonstration also exhibited the secure transfer of syslog events from industrial equipment. Syslog events are forwarded to a McAfee Security Information and Event Management (SIEM) device. A SIEM centralizes log data from disparate vendor equipment distributed throughout and ICS enabling real-time analysis of security alerts.

“McAfee’s SIEM Solution, Enterprise Security Manager (McAfee ESM), provides contextual information beyond logs that is critical for protecting Industrial Control Systems (ICS),” said Tom Moore, vice president of global OEM partnerships at McAfee. “McAfee’s strategic OEM partnership with Schneider Electric delivers an optimized cybersecurity architecture, providing a near real-time prioritized view into the threats and risks an ICS security team needs to focus on. This continuous monitoring of the business operations and processes, enables end users to identify unusual behavior and patterns that indicate a potential cyber threat as well as more effectively manage risk and policies within the ICS network.”

The threat posed from hackers and malicious code will remain an issue for the foreseeable future. This demonstration showed solutions are available today to help companies get a system in place that can help manage industrial control systems to secure essential infrastructure.
Daniel DesRuisseaux is the cyber security offer leader at Schneider Electric.



Leave a Reply

You must be logged in to post a comment.