Cybersecurity is one of the domains on which I am focusing the most. Why? Cybersecurity in the 21st century is base of everything. Doesn’t matter if we are talking about the security of banking. Or the security of IT applications on your mobile phone. The same is with the security of industrial networks. Without good security, every company can suffer from cyberattacks. Doesn’t matter how big it is! ( I highly recommend my article about cyberattacks in the maritime industry available here!) There are different ways to be secured in different sectors. Today we will talk about OT Cybersecurity, in other words, the security of industrial networks.
Every newly built vessel has industrial networks. It just depends on complexity, how many different networks are present. These days, also direct IT connection is available at almost every vessel in the world. This means that both of the systems, need security. About IT security is a lot of available materials. However, the security of industrial networks is still not so popular. But should become!
Define the architecture
In the beginning, You have to know what do You want to protect. As well, what You have to protect. For example, You need to define the architecture of Your networks onboard, or in Your industrial installation. You have to be aware of the most stupid issue: printer. The printer which is printing daily reports from your control & monitoring system cannot connect to any office PC. Personally, I have seen this multiple times onboard. Every that point, where IT meat OT is a potential weak point. Know of architecture, gives You knowledge of that weak spots and You can better determine, what do You need. And You need, hardware and software!
Security of industrial networks – Hardware
As You are already aware of Your situation, because You have defined the architecture, we can start with the next point. IT and OT (Operational Technology) are completely different, however, principles are the same. If the system has a connection to the global network, there is a risk. In IT systems are different protections than in the OT. A very good example of an OT cyber attack is a Colonial Pipeline. They were in “relaxing mode”, thinking that they are secured.
The idea of security in the Colonial Pipeline was that the industrial network and IT network are separate from each other. Which we have found later, wasn’t 100% true. Partly, IT and OT systems were communicating with each other. And this was enough, to close fuel transfer in the United States. So even if Your IT and OT are separate from each other, there is a high risk to don’t have any OT security hardware installed.
IT diagnosis tools are not designed to protect the industrial networks. Therefore, industrial networks need additional hardware. I have described an example of hardware here. With network monitoring devices, movement in the network can be monitored in real-time. However additional equipment has to be also provided with proper software tools. Hardware is a good beginning, but hardware with proper software is much better.
Security of Industrial networks – PROCENTEC®
Procentec is a company that supplies innovative solutions in industrial automation and industrial networks. They also provide training and consultancy in these areas. However today I will try to present another area of their expertise.
Procentec as one of the leaders on the market, know well how industrial systems are designed. They know exactly where are located the weak spots. They know exactly, how the architecture of Your network should be done, to provide effective cybersecurity. The overall knowledge of the industry, allowed them to create several types of software which help You to protect Your vessel. But step by step:
OT Cybersecurity – Software
IT diagnosis tools, even if they are physical firewalls, always include the software. The same is working with the security of industrial networks. Software for industrial applications has to be optimal for these kinds of installation. If Your company is protecting OT networks with IT solutions, these could be not enough. As You already know what You need, You have to also know where to look for it.
In this stage, You also have to adjust Your needs. Do onboard Your vessels are specified information that should not leak? You need some kind of software to protect data in Your system. Does Your vessel have a connection to the IT network? Procentec provides their own software which increases Your level of security. Of course, it all depends on what are Your needs, how many vessels your company is operating, etc. However Procentec provides several solutions, it’s good to know what is available on the market.
Types of software to industrial networks cybersecurity – PROCENTEC®
Osiris gives a unique insight into your industrial network’s health and topology. It lets you remotely monitor your Industrial Ethernet and PROFIBUS installations from anywhere in the world. Within Osiris, Procentec provides you also several add-ons with extra features, such as commissioning, security license, etc.
The Security License (which is the add-on to Osiris) permanently monitors changes to coming to devices. It is giving the industrial network an extra layer of protection. Therefore, this tool tackles the increasing threat posed by unintentional and bad actors.
SeeVerify is an interactive application that guides industrial network technicians through the tasks. With Seeverify you can ensure best engineering practices across the entire organization. This app is available in the Apple and Play store.
LockBox is a blockchain-based platform that provides a centrally-controlled catalog of approved firmware, manual brochures, release notes, and datasheets for individual network devices. As you have probably seen in the industry, there have been multiple security breaches as a result of unverified and randomly-downloaded software to industrial networks. Lockbox tackles those threats.
Conclusion about security of industrial networks
As You can see there are many factors which You have to consider. Good protection of your industrial systems depends not only on good architecture. It is also very important to be equipped with proper hardware and software tools. The maritime industry is still far behind the standards, and this has to change. Especially that level of automation is dramatically changed over the last years, and everything shows that this trend will be continued.
How do you protect your vessels, against cyber risks?