Cybersecurity in the industry

Industrial control and automation solutions can be found in many scopes and sectors: typical examples include the industrial production of piece goods, the process industry, critical infrastructures such as energy and water management, as well as applications in building automation and medical devices. Vulnerabilities and attacks specifically on control and automation systems can be observed almost on a weekly basis. The protection of industrial control systems has therefore been gaining in importance for years.

Modern production plants are highly networked. Embedded systems communicate with each other independently, planning systems from the cloud calculate order steps and machine assignments, plant operators monitor and control remotely, maintenance personnel access the system from anywhere in the world and carry out configuration changes.

In the networked world, the protection of production facilities no longer ends at the building or factory premises. Attackers can penetrate and manipulate systems via network connections, malicious code infections can completely paralyze large areas and also cause immense physical damage and danger to life and limb. It has not only been clear since reports of Stuxnet, Duqu, Flame and Havex that production facilities are targets for cyber attacks.

Differences to classic IT systems

IT security in industrial production must take into account specific boundary conditions that differ from classic IT systems in the office environment, PC workstations and Internet servers:

• The control of production systems poses real-time requirements that make changes to the systems difficult or even impossible. Software patches on the systems, installation of monitoring software, malware scanners and antivirus programs can impair functionality, while firewalls in the network and encrypted connections between the systems can affect real-time conditions. 
• The period of use of hardware and software in production is considerably longer than in other IT areas.
• Above all, however, the protection goal of availability and the maintenance of functional safety is much more important. 

For this reason, conventional approaches to cyber security must be adapted specifically to industrial control systems. New strategies and procedures are needed to practically implement IT security not only in new systems, but above all in old systems.

The Fraunhofer IOSB offers a wide range of solutions for the relevant cyber security topics for industrial control systems: from training courses in the cyber security learning laboratory to consulting, assessments and support in the implementation of regulations and standards, through to technology developments, e.g. the secure implementation of OPC UA.

Fraunhofer IOSB’s IT security lab provides an ideal test environment to simulate real-world scenarios and analyze the effects. To this end, the IT security lab includes a specific smart factory with genuine automation components controlling a simulated production plant. All the network levels of a factory environment, including their typical components such as Industrial Ehternet, industrial firewalls and wireless components, are in place.

A specific private cloud enables the IOSB experts to create various configurations rapidly and flexibly and to adjust the smart factory to different scenarios. To this end, the private cloud flexibly provides the required resources to analyze all aspects of network traffic, to include security features in network connections or simulate an attack against the components.

1. Anomaly Detection on the Field Level

Fraunhofer IOSB has many years of experience in the field of condition monitoring for various areas of application. Condition monitoring is designed to analyze process variables in production processes and to recognize system conditions and changes in their status without having an exact previous knowledge about the process itself. Detected anomalies in the process variables indicate changes in the process. These may result from modifications in the process sequence, defects or wear and tear of the production equipment, for example. However, they can also be traced back to intentional or unintentional intervention in the process control because the manufacturing IT has been attacked. In addition, the monitoring of communication links allows interventions to be detected early, before any modifications in the process sequence become apparent.

2. Production Monitoring and Control

Monitoring and control is increasingly based on manufacturer-independent standardized communication protocols enabling global access by means of Internet protocols. In this context, OPC UA provides a framework that will form the basis of world-wide networking in the Industrie 4.0 efforts. The security features of the OPC UA standards are assessed, recommendations for the use and implementation are developed and specific implementations are analyzed for weaknesses. Security guidelines governing the outsourcing of functions or the use of features in public cloud environments are developed.

3. Vulnerability-Analysis

The detection of weaknesses in configurations and faults in software implementations of components and equipment is another focus of IOSB’s IT security experts. In particular, they identify weaknesses in firewall configurations, in the implementation of authentication and encryption methods as well as specific design drawbacks in the applied communication protocols.

To perform the vulnerability analysis, the resources of the private cloud can be bundled to carry out a distributed denial of service attacks against real-world systems and components or to find implementation defects by means of fuzzing tools. In addition, the private cloud allows virtual environments to be created to analyze the behavior of malware and to develop defense strategies.

Moreover, the facilities of the IT security lab are used for training purposes. Training programs dealing with the use of OPC UA mechanisms and the design of secure production networks complete the service.