At the beginning of 2019, ISO, International Organization for Standardization, the international organization for industrial sector regulations, issued an ISO/TR Technical Report document called "ISO/TR 22100-4:2018, Safety of Machinery – Relationship with ISO 12100 – Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) ".

White Paper_machinery safety
DOWNLOAD THE FREE WHITE PAPER

 

In practice it is a new safety standard (which at this point concerns both Safety and Security) for machinery, plants and industrial Industrial of Things (IIoT) used in every sector from industry, to commerce, to transport and logistics , up to infrastructure and utilities.

The document was discussed and developed by the Technical Committee on Standardization of ISO/TC199. For the first time, ISO intended to put pen to paper that IT security does not apply only to data, and also concerns Safety, i.e. everything real that comes into contact with the virtual world, therefore including industrial machinery. For the safety of an "intelligent" machine, "intelligent" technologies are required.

Smart devices are exposed to the threat of accidents and cyberattacks, and not just the Internet of Things (IoT) in general, but seemingly isolated systems as well.

What are the possible vulnerabilities and measures to mitigate them?

It is obvious that IT vulnerabilities, i.e. against IT attacks/accidents, depend a lot on whether the machinery can be connected to external IT systems and how often this can happen.

So here are some questions to ask yourself to help limit IT threats and vulnerabilities: we wonder if the machinery…

  • does it have to be connected?
  • Does it have to stay connected all the time?
  • is the connection monitored? (for example, you use VPN, virtual private network)
  • is the connection configurable? (e.g. restricted to authorized persons only)
  • can the connection be “read only”? (without the possibility of sending variations or commands)

It follows that a machine without direct or indirect interfaces to external IT systems can be considered "not vulnerable" to IT cyber security attacks/accidents.

* * NB: this is what is written in ISO/TR22100-4:2018 in point 6.

However, there are some known incidents that have occurred which may cast doubt on this statement.

Essential steps for IT security throughout the life cycle of the machinery

As we said, IT threats and vulnerabilities require cooperation and coordination between component supplier, equipment manufacturer, system integrator and end user.

Everyone has a role to prevent IT attacks / incidents, during all phases of the life cycle of the machinery and one cannot pass on one's responsibilities to others and one cannot assign the global responsibility for IT cyber security to just one as of on the other hand, none of the actors knows all the information available for adequate IT protection of the machinery.

White Paper_machinery safety
DOWNLOAD THE FREE WHITE PAPER

 

Here are the five essential steps that the manufacturer and integrator must take to improve the safety and resilience of the machinery.

  • Identification:
  1. What are IT security threats and vulnerabilities?
  2. Why would they ever attack the machinery?
  3. What can the user have so valuable?
  4. What are the ports/interfaces to the outside?…
  • To protect:
  1. Design and implement appropriate countermeasures to protect the machinery
  • Visibility:
  1. Anticipate and implement adequate measures to identify a possible cyber attack/incident (e.g. network and system monitoring and anomaly detection)
  • Answer:
  1. Anticipate and implement appropriate actions to be taken in case of cyber attack/incident discovery (possibility to stop or contain the negative impact)
  • Restart:
  1. Plan and implement appropriate actions to keep the plant "resilient", active and/or with the possibility of restarting quickly in the event of a cyber attack/accident (emergency/recovery plan)
Concrete recommendations for the machine manufacturer

Cybersecurity threats relevant to Machinery Safety are subject to many dynamic changes throughout the entire lifecycle of a machine (“mobile target”).

The same applies to suitable / required countermeasures. On the other hand, the attention of the machine manufacturer is concentrated in the development and design phase until the machine is placed on the market for the first time. With reference to this point in time, ISO / TR 22100-4 contains concrete recommendations for the machine builder, namely, in the different stages:

• In the select suitable components (both hardware and software); Security-related components that could potentially be targets for cyber attacks/accidents should have a state-of-the-art IT security level, in order to minimize vulnerability to cyber attacks/accidents, evaluate tools for access control, software integrity, data integrity, software updates, encrypted communications, etc.

• In Develop / design the whole machine; compliance with basic principles/measures aimed at minimizing vulnerability to cyber-attacks/incidents; provide for an emergency mode (transfer of the machinery to a safe operating state in case the critical safety functions of the machinery are limited or rendered ineffective by a cyber attack/accident), equip the machine with devices for adequate protection of the connections , etc.

• In draw up operating instructions (user manuals); information for the machine operator must contain information on possible risks based on potential IT security threats related to the safety of the machine, management of local and remote connections, access to the system, local and remote maintenance, software updates, how to act in case of IT cyber security problems, stand-by, restarts, etc.

White Paper_machinery safety
DOWNLOAD THE FREE WHITE PAPER