Monitoring and control of cybersecurity in industrial environments

We are immersed in the so-called Industry 4.0 or cyber-industry, characterized by a growing connectivity that reaches even the operations technologies (OT technologies). The implementation of hardware and software that monitors and controls the various elements of production is becoming increasingly common, generating data that are used by information technologies (IT technologies) for their timely management. This is why Industry 4.0 also requires an expert level of safety and security, otherwise we will see how news similar to that recently published about the nuclear industry may become increasingly common.

Challenges of cybersecurity in the industrial environment

Both monitoring (collection and analysis of data to identify threats and vulnerabilities) and control (adoption of measures to mitigate the threats and vulnerabilities detected) are indispensable factors to be incorporated in today’s industrial reality.

In terms of cybersecurity, it must be taken into account that we are facing an environment characterized by devices, systems and equipment that are not yet properly adapted to the criteria and needs of defense against malicious acts.

In general, we find ourselves in an environment whose elements can be difficult to update; they have been modernized using insecure network architectures (lack of segregation of environments which, for example, can make it easy for an attacker to move easily from the IT network to the OT network); they maintain default configurations whose vulnerabilities can be easily exploited; they use unencrypted channels for information transmission and do not incorporate authentication controls to ensure that data has not been tampered with in a pernicious way. Also, since the life cycle of OT devices can be more than twenty years, systems may be out of support, obsolete in terms of their safeguarding conditions. Fortunately, more and more resources are becoming available to alleviate this situation.

New safety standards

In the field of regulatory compliance, standards are being developed with a growing implementation, encouraged by high governmental authorities at both national and European level. The aim is to obtain greater and better control when restricting logical and physical access to an industrial network, prevent unauthorized modification of data, detect security incidents, etc.

For example, ISA/IEC 62443 (which brings together a series of standards that define a set of rules to be followed in the security of industrial automation and control systems (IACS)), although other standards must also be taken into account which, although not specific to the industrial environment, also contribute to securing its systems. Such is the case of ISO 27001 which, although more characteristic of IT environments, provides a series of controls applicable to OT environments.

SIEM Service

As regards the use of tools that contribute to the detection of assets, services, components and other OT technology, solutions adapted to industrial reality are available. Examples include Nmap, Nessus or ICSSplot applied to these environments, which make it possible to monitor which ports are open and which vulnerabilities can be exploited. EDR systems are also available (together with intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, and NG (Next Generation) antivirus systems that use artificial intelligence to improve the operability of conventional antivirus systems) that combine different tools to fortify the cybersecurity of an industrial environment.

However, when addressing the issue of cybersecurity monitoring and control in industrial environments, one of the aspects to highlight is the implementation of a SIEM service, which provides a greater layer of security. 

Thanks to it, the data collected from the various sources mentioned in the preceding paragraph are centralized and managed, transforming them into useful information (analyzable through tables and graphs that facilitate their study); alerts are generated that allow the early detection of an incident; and it is also a fundamental aid when performing a digital forensic analysis.

In short, industrial environments must maintain an adequate level of cybersecurity through a combination of technology, well-designed policies and protection measures. Today, solutions such as those offered by JakinCode are available to help achieve this goal.

Our company facilitates asset inventories; risk analysis; monitoring, controls and measurements; incident detection and response, etc., which, in line with the contents of this article, contribute to better monitoring and control of cybersecurity in the industry.