Introduction to the NIS Directive

During this month of February 2019, a total of 465 Italian organizations received a "special letter": the communication of the inclusion of their name in the list of "attention" National OSEs.

In fact, the MISE, Ministry of Economic Development, in agreement with the Ministry of Infrastructure and Transport, the Ministry of Economy and Finance, the Ministry of Health and the Ministry of the Environment and the Protection of the Territory and the Sea, in collaboration with the Regions and Autonomous Provinces of Trento and Bolzano, has identified 465 National OSEs or Operators of Essential Services.

These are organizations, both public and private, belonging to the sectors envisaged by the European Directive known as "NIS", Network and Information Security, which for the first time on a continental level tackles the issue of cybersecurity, and which should contribute to increasing the common level of security and resilience in the 28 EU countries.

Italy, together with Germany and Great Britain, is in the leading group of European Union Member States which have immediately followed up on the fulfillment of the NIS Directive. The appointment of these 465 national OSEs is the first step and has been defined by the Ministries involved as a decisive step forward to increase the level of resilience with respect to threats that are already undermining national security and the growth of the country: digital transformation (Industry 4.0 and Utility 4.0) and the social landscape can in fact multiply the risks, threats and damage caused by IT incidents.

There are eight strategic sectors called to act today: energy, transport, banking, financial market infrastructure, health, supply and distribution of drinking water and digital infrastructure.

Leaving aside the banking sectors, financial market infrastructure, healthcare and typically digital infrastructures, we note that in the remaining sectors such as energy, transport and drinking water have been present and operating for years control and telecontrol systems (SCADA) for the management of plants and physical infrastructures, which require particular attention with regard to the aspects of business continuity and protection against IT risks.

As the MISE states: “The objectives of the NIS envisage, in particular, the promotion of the culture of risk prevention and the technical-organizational measures to limit the impact of IT incidents; the strengthening of national capacities of cybersecurity; strengthening cooperation – both at national and European level; and, again, the safeguarding of business continuity for Operators of essential services and Digital Service Providers. "

And again: "It is up to them the obligation to adopt adequate technical and organizational measures for risk management and the prevention of IT incidents. The notification of incidents with significant impact on the services provided must be made to Computer Security Incident Response Team (CSIRT) and at Competent authorities NISi.e. the various Ministries. The latter are assigned the task of supervising the application of the directive at national level, and of enforcing administrative penalties in the event of non-fulfillment of the obligations envisaged. "

“Traditional SCADA”, “Redundant SCADA” and “SCADA HA” SCADA HA

stands for High Availability SCADA System, High Availability SCADA. The idea behind a SCADA HA system is that in order to manage, monitor and supervise a plant that must operate "without interruptions", a system is needed that guarantees maximum uptime and functions in turn "without interruptions".

Used in numerous applications made in many industrial sectors, GE Digital's iFIX SCADA it is used in control and remote control systems, both for simple applications and for applications SCADA complex and distributed, such as remote control functions, also with analytics with data aggregation (Big Data) and filtering and distributed alarm management.

iFix satisfies the industry standards of multiple sectors, both in industry and in utilities, and is ideal if integrated with historicization systems (such as the integrated Historian) and with a view to highly computerized management, according to the canons of Digitization 4.0, industrial internet and Industrial IoT (Internet of Things).

GE Digital's iFix HMI/SCADA software package, distributed and supported in Italy by ServiTecno (https://www.servitecno.it/prodotti/ge-ifix-hmi-scada/) has always been synonymous with great reliability and is universally used in SCADA systems and critical applications in both the industrial and utility worlds.

Version 6.0, innovative for its excellent process visualization and data acquisition, analysis, SUPERVISION and CONTROL capabilities, adds new and advanced graphic performances in terms of UX (User Experience, also usable from mobile devices), scalability and better maintainability, in addition to more than tested and recognized reliability and safety.

The intelligent SCADA: GE iFIX HMI SCADA

If required, the SCADA iFix provides and supports redundant, master/slave SCADA configurations with Fail-Over options/functions: we then have a pair of servers in redundant configuration, called one Master and the second back-Slave up, connected directly to each other, to be kept aligned in the data, events and alarms detected from the field, in addition of course to all the operator's commands.

In the event of anomalies and possible failure of the Master server, the back-up slave server takes over the control and supervision function to all effects, so as to ensure continuity of operation and operation on the SCADA system. The switch-over, the takeover from one system to another can be configured with a watch-dog and can also take place in terms of a few seconds. But this solution developed only with the functionalities inherent in iFix, is independent of any hardware and/or operating system problems that could occur and which could eventually invalidate the correct functionality of the SCADA.

SCADA HAS thought for 99,999% Uptime

The SCADA HA solution that we have successfully tested and that we now offer for the supervision of plants in industry and utilities, and therefore also for OSEs subject to NIS, provides for the joint installation on a pair of servers of a SCADA application with GE Digital's iFix software package underpinning the software everRun Enterprise di STRATUS TECHNOLOGIES.

EverRun Enterprise, Stratus' High Availability software solution, prevents downtime: unlike other solutions, it doesn't stop with simple recovery.

EverRun

This difference has a big impact on SCADA functionality, and big benefits in terms of costs, business continuity, customer satisfaction goals and efficiency values. everRun Enterprise is easy to use: it couldn't be simpler, thanks to installation "click and go” and centralized management tools, which give IT/OT staff a complete set of command and control. The monitoring and notification functions are some of the reasons why it is called “worry-free computing".

With everRun Enterprise, you can use standard Wintel/x86 servers and consequently the existing skills in the company, without the need for particular supplies of special hardware and rare IT specializations.

In addition to high availability, everRun Enterprise also enables the use fault-tolerant of applications in Windows and Linux, single and multi-threaded, without having to introduce changes in hardware and software configuration. And complex and expensive NAS structures are not required.

NIS-proof OT CyberSecurity

One of the cornerstones of the NIS is to encourage attention to cyber risk, which could lead to service interruptions by ESO. Since, as we have said, in sectors such as energy, transport and drinking water they have been present and operating for years control and telecontrol systems (SCADA) for the management of plants and physical infrastructures, it is necessary for managers to pay particular attention to the aspects of business continuity and protection from IT risks precisely in the field of OT (Operation Technology) systems.

The industrial networks, once considered safe because they are physically separated from the "rest of the world" and built on proprietary protocols, have become one of the weak points on which companies must intervene.

Un first step, for example, should be the network activity monitoring. A traffic anomaly it might in fact be indication of a malfunction or even sabotage induced by an unauthorized intrusion into company systems.

The monitoring systems of the network infrastructure and OT systems, such as the one developed by Nozomi Networks, in addition to giving visibility on what is happening, provide Anomaly Detection functions, and can represent a good level of "early warning" to protect networks and control systems and to safeguard the controlled plant.

These are solutions that carry out a complete mapping of the infrastructure, identifying exactly every single component, what type, make and model it is, the firmware and software version used, the communication rules, analyze the relationships between the various devices, terminals and other devices (PLC, RTU, switch, router, etc.) participating in the network and traffic volumes, helping to define the rules of "normal" communication, permitted protocols, ports and "conduit" to be carefully monitored, and, consequently, to recognize any illegitimate communications and behavior, unexpected connections, outdated devices, dubious, missing or useless firewalling rules, and much more. In practice, they allow you to have the whole infrastructure under control, and in an absolutely passive way, to notice if there are any attacks or malfunctions both in the infrastructure and in the connected devices.

Anomaly Detection for Plants

Visibility on assets and configuration control A critical issue for HA SCADA systems is related to the management of assets (for example PLC, HMI-SCADA, robot, ICS, DCS, PC, server, switch, firewall, but not only) increasingly numerous and distributed, often governed by firmware and software to be updated periodically or sporadically, with sometimes third-party maintenance teams and specialized operators who have to deal with a very varied installed base that requires many different skills and constant attention to be maintained with updated documentation and controlled activity.

Not to mention regulation and related compliance, such as at NIS for example.

To have an effective management capacity of these assets it is important to have tools that keep track of all changes and keep backup copies of all versions of installed applications. In this way, in case a recovery is necessary following a failure, an accident or a cyber attack, it will be possible restore your system in no time, gaining precious hours (if not days) in production and/or continuity in the provision of service.

A system like MDT AutoSave Software also allows you to detect any differences between the runtime running on a controller and what "should" be there, thus allowing to prevent possible alterations of the machine code by saboteurs, as has already occurred in the past (for example with Stuxnet in 2010 and later in other episodes, even recent ones, reported in the press and on the web).

Plant visibility beyond HA SCADA

There are some other functions that we can consider "ancillary" in a SCADA HA but which can give great benefits in terms of visibility on the plant and be of great help to operators and managers in the optimal management of the controlled plants always in the direction of guaranteeing the level higher level of Business Continuity in the provision of the service.  

iFIX SCADA software is integrated with Ocean Data Systems DreamReport and WIN911, two solutions of fundamental importance able to increase the "visibility" in SCADA HA

In fact, DreamReport allows you to create automatic and dynamic reports (with REAL-TIME and HISTORICAL data) on production parameters and plant management with simple procedures: in fact, it is the first software analytical reporting that does not require the writing of code, is user friendly and is specially designed for control and remote control applications in Industry as in Utilities.

It was designed to be the simplest solution for extracting data from any source (proprietary or standard) by automating report creation and distributing it to anyone, anywhere, anytime. Basically there are two reasons which push to develop Reports and Dashboards analysis in Real-Time: the first is compliance, documentation required by regulations and specific bodies in order to verify compliance with the regulations, the second is more closely linked to performance monitoring.

Let's also talk about the alarms generated by the SCADA HA Dream Report has been designed to perform alarm reporting and analysis functions: it is an ideal solution for the phases of operation, maintenance and monitoring of strategies according to what is dictated by the ISA 18.2 standard regarding alarm management of plant and that we want to adopt for its optimal management.  

Linked to the alarms there is a further aspect that can see a tool like WIN911 of great benefit, which allows you to bring the alarms to the operators on any type of mobile device (smartphone, tablet, etc.) WIN-911® is a real-time alarm notification platform that works in conjunction with SCADA software for plant monitoring, with the aim of alerting personnel in case of conditions that require attention and direct interventions.

Conclusions The NIS Directive imposes a careful Cyber ​​risk assessment on all Essential Services Operators (OSE). For OSEs that provide services through distributed systems managed by OT (Operation Technology) systems, SCADA control and remote control systems, it will be necessary to adopt a specific OT Cyber ​​Security approach, which makes it possible to protect networks and automation systems from cyber risk to ensure continuity of operation and therefore operational continuity in the provision of the service.

For this reason, for some time ServiTecno has been distributing and supporting a family of products in the so-called SCADA HA, i.e. SCADA High Availability, product line. Industry4.0 declined for the ESOs can be Utility4.0, and in this economic and technological innovation moment we are experiencing, defined by many as the fourth industrial revolution, we see the complexity of industrial systems grow dramatically, linked on the one hand to the increase of "intelligent" devices, and on the other hand to the progressive interconnection and integration between the different areas of the plant, and between the production and management systems, both in industry and in utilities.

REFERRAL LINKS

ServiTecno, which has been focused on software-driven innovation since 1979, is able to offer an answer to this need at different levels, with its own competence and professionalism, as well as of course a series of software and hardware products specifically designed and developed for the industrial world.