Andrea Falcone and Damiano Brega (at the time in Loccioni Group) collect the award for the innovative application for Multiservizi Ancona

Damiano Brega is a technician who has been working in the industrial automation sector since before 2000: a "field technician" as defined by those who intervene on behalf of an integration company with the end customer to manage installations, upgrades and solve problems that they can happen both on industrial plants. After many years at the service of one of the largest System Integrator companies in Italy (Loccioni) he joined the family of ServiTecno: after having received adequate training on products (mostly already known to him as used in previous years) and services offered by us, he decided to expand his fields of knowledge by "going back to school" to study the fundamentals of Industrial Cyber ​​Security.

After 20 years of technical experience in the automation sector, I had the opportunity and above all the pleasure of participating in the Master organized by UNI ROMA TRE “Cybersecurity for the protection of control systems in industry 4.0 and in critical infrastructures”: this course of study aims to train participants on regulatory aspects need  Best Practice (ENISANIST, Critical Infrastructures, GDPR, ISO 27001/27002/27005:2015/31000:2018, IEC62443, etc…) and at the same time deepen strategic concepts such as digital perimeter, the Italian strategy for Cyber ​​Security, the techniques of cryptography, the analysis of information systems and the forensic investigations.

In these two decades I have tried to accommodate (and solve) all the needs and requests of customers, but experience has taught me that the basis of any good application is communication between field devices and the acquisition of data from systems of supervision. The approach, usually in the absence of detailed specifications from the end customer, has always been to use a standard transport and communication protocol, as simple and cheap as possible (e.g.: Modbus on SERIAL or TCP/IP connection) .

Segment your network to isolate any issues

Today (at the end of the Master's training course) I would certainly continue to focus on the simplicity and diffusion of solutions based on TCP/IP transport (confirming the validity of the experience gained over the years) but I would go into greater depth on the delicate issue of network segmentation. In fact, the separation of the critical networks (automatic systems with integration between man/robot/machine) from the less critical ones, guarantees access to each of them with adequate perimeter protections:

  • Where necessary the two-way communication I would suggest using next generation firewalls: firewalls that combine the already present control functions on ports, IP addresses and protocols with application level control, also analyzing the packet in transit.
  • Where one was enough one-way communication “I would bet everything” on diodes: devices that allow communication in one direction only between two data networks through a non-TCP/IP channel but owned by the manufacturer of the hardware device.

Just in case it was not possible to opt for network segmentation and protection, two alternative ways could be foreseen:

  • The first is that of use a secure type protocol, such as OPC UA, for communications which involves the use of encryption and signature, tools that increase the level of security and make a possible attack more difficult
  • If it is not possible to use secure protocols but rather the classic ones (e.g. MODBUS) enter within the network from an IDS system (Intrusion Detection System*) which, by analyzing the protocol packets in transit, report any anomalies which are found.

Anomaly Detection for Plants

do you really know your network and the traffic it carries?

 

In addition to these and other implementable solutions (described in great detail in IEC 62443) it is very important to make the personnel who will work in the plant aware of vulnerabilities because the analyzes of successful cases tell us that, excluding zero day exploits (very low percentage ), the attacks exploited human factor weaknesses, such as:

  • user passwords with low complexity
  • mail Phishing (a malicious person tries to deceive the victim by convincing him to provide personal information, financial data or access codes, pretending to be a reliable entity in a digital communication)
  • use of USB keys are not sure that they could carry malicious software Another very important point to keep in mind in the construction of new production plants is certainly that of make sure suppliers use the proper safety standards upon reaching the level required by the project.

Systems security it never ends after the commissioning of the plant but must be viewed exactly as equal an annual maintenance fee: it is certainly important to plan the safety of the system well, but it is the same it is essential to plan verification operations over the years of the security systems adopted in our plants to ascertain that they are still adequate and do not have any weaknesses, possible causes of attacks or IT incidents.

They must be foreseen in the safety plan data backup solutions and verification tests of the integrity of the backups made by use in case of recovery after disaster recovery. An advice? Never think that your applications are safe because they are "unattractive" (this is not how attackers think), just think of how much you have to lose in terms of lost production (and image) in the event of unscheduled downtime.

 

SEGMENT, CONTROL, RESTART (quickly)…these are the 3 fundamental aspects of cyber security in an industrial environment

 

ServiTecno's proposal for industrial cyber security

Industrial Cyber ​​Security

Do you want to know more about our offer? Click here to contact us!