If you have any involvement in the network aspects of your plant operations, chances are you’re at least a little scared. From small-scale hacking or just plain human error on up to full-out attacks like Stuxnet, there are plenty of vulnerabilities to make network managers feel like just closing the doors and cutting operations off from the outside world.
But not only is breaking off connections between manufacturing and the enterprise or manufacturing and the outside world a highly impractical operations solution, it’s a myth. Eric Byres, CTO and vice president of engineering for Tofino Security Products, warned attendees of The Automation Conference Tuesday that air gaps—physical gaps between control networks and business networks in manufacturing companies—are a myth, and thinking that you’re made safe by them can actually create a more dangerous situation for operations.
“If you think you’re isolated at all, you’re kidding yourself,” Byres added in an afternoon Ask the Experts session. “There’s no process outside the nuclear industry that I’ve ever seen that’s properly isolated or truly isolated.”
You can try to close off pathways between operations and enterprise, but the control system’s hunger for data just means that people will find ways around those supposed air gaps, using their laptops, USB keys, CDs—whatever they can to walk the information across the “sneakernet.” That hunger for data, Byres explained, can include, for example, new logic from your engineering consultant that addresses a design flaw, updates from Adobe to address critical vulnerabilities in your manual’s PDF Reader, a new recipe from the lab to improve quality, patches for computer operating systems, you name it.
There is any number of pathways onto the plant floor, each with security issues, Byres notes. “Even if you cut one off, you’ve only cut one arm off the monster. The rest of the arms are still on it, and you’ve got to deal with them all.”
If people believe they have reliable air gaps, that then gives them a false sense of security and makes them more vulnerable than ever. “If you assume there’s an air gap, you have an unrealistic posture,” Byres said, emphasizing that modern industrial control systems (ICS) or SCADA systems are only getting more complex, and there are multiple potential pathways coming in from the outside world.
Focusing security efforts on a few obvious pathways—such as USB storage drives or the enterprise/ICS firewall—is a flawed defense, Byres added. He suggests instead improved defense-in-depth strategies as the only realistic solution. “You cannot stop traffic, but you can detect it quickly, isolate it, and deal with it,” he said. “You should know within seconds when an infected PC comes in. Just like the human body does—detect it, isolate it and neutralize it.
