Last year’s incident involving the Stuxnet malware has given us a wakeup call and we now need to take a fresh approach to how data is transferred and managed within all industrial control systems, according to Chris Evans of Mitsubishi Electric
The Stuxnet incident has shown that a typical automation architecture has weak points and vulnerabilities when it comes to security and this is leading many companies to question traditional methods to move information around and from the plant/asset to the enterprise level. While Stuxnet targeted one particular plant, it has wider implications.
The virus changed the point of attack in the business from the seemingly secure top end to the somewhat vulnerable middle ground.
Stuxnet was a malicious and targeted attack, which is difficult to protect against. The structure of the virus is now in the public domain, so mutations remain a threat and it is realistic to assume ‘copycat’ malware will appear in the coming years.
There are two fundamental factors to consider, ‘probability’ and ‘risk’ and it is the analysis of these two elements which should shape any organisation’s security strategy going forward.
It is generally accepted ‘gateway PCs’ found in many automation architectures, represent weak points and are vulnerable to potential malware attacks from ‘the outside’ and also from CDs and USB sticks.
Many of these PCs are used as networked workstations and therefore often contain the software to change and program the PLCs beneath this layer. This makes them an attractive target for anyone wishing to disrupt operations. Couple to this is the fact that many of these PCs have in the past been poorly maintained in terms of security patches and often contain unsupported legacy versions of operating systems, this raises the risk factor.
These gateway PCs were originally included to provide visualisation/control (SCADA etc), data/alarm logging and the link between the plant/asset and the enterprise systems. Initially PLC technology was not capable of delivering these requirements in an acceptable way, in other words, there was no alternative to this architecture.
Clearly from an operational point of view, these requirements are still fundamental delivery points for any system architecture but there are now alternatives to the traditional methods.
Mitigation or change?
Many IT security companies can provide products and services to mitigate against attacks on PC based systems. Coupled with a good business security regime these can help protect the weak points. However it is important to understand many of the recent cyber security offerings in the automation arena concentrate on dealing with the problem rather than exploring how to minimise it happening at all.
A new way forward
Over the last few years the more innovative companies have been developing technology which challenges the traditional automation architecture.
The basis of the new approach is to develop a solution which offers direct connection from the plant/asset to the enterprise systems within a ruggedised industrial form factor.
These systems are non PC based and are therefore not susceptible to the same operating system legacy issues found in a traditional PC based system.
This is complemented by the simultaneous development of intelligent solutions to provide data and alarm logging to be carried out locally at the PLC. This technology has created the possibility of removing the gateway PC from the topology altogether.
In this way, if data and alarm logging is happening directly at the PLC, visualisation and control could be achieved by intelligent HMIs. Significantly, these HMIs do not have to be running a Windows operating system.
If SCADA PC nodes must exist, then moving the critical data/alarm logging to the local PLC means the SCADA node can be the control and visualisation element of the system, whilst protecting this vital information in a more robust PLC environment.
Mitigation techniques can then be deployed to minimise the risk with respect to the PC based SCADA or visualisation system. By using these techniques and technology the link between plant/asset and the enterprise can be achieved directly from the PLC level, thus minimising the risk.
Mitsubishi’s ‘C Controller’ range of automation solutions offers a flexible, secure, ruggedised environment that can house multiple ‘apps’ to perform complex and challenging tasks. The C Controller forms part of the integrated iQ Platform and provides a non-PC based system that is not susceptible to the same operating system legacy issues found in a traditional PC based system.
The C Controller platform has enabled a host of solutions to be developed including a distributed secure database application and various connection options from asset to enterprise level, interfacing to SAP, Oracle, DB2 and other business systems solutions. This coupled with intelligent solutions to provide data and alarm logging to be carried out locally at the PLC, means Mitsubishi can offer a secure, alternative architecture to traditional automation system topologies.
