On industrial networks

::: nBlog :::

The Stuxnet worm has gained a lot of attention in critical infrastructure circles, especially after it emerged that it is able to silently reprogram Programmable Logic Controllers (PLCs) that are ubiquitous in industrial applications.

Industrial networks are usually separate islands not connected to the global Internet or even using proprietary protocols other than IP. However, Stuxnet is transmitted also via removable disk drives and USB memory sticks, which means that the security effect of this isolation is marginal at best. Stuxnet works by infecting a lot of ‘collateral’ computers not related to industrial automation systems in order to increase chances that one of the laptops (or memory sticks) of service personnel gets it. Then when these systems need adjustments or updates, the virus is transmitted thru removable media or temporary connection to the closed network.

Today’s telecom networks are under continuous attacks by botnets and other actors with malicious intent. In order to combat this, network management systems and protocols have greatly evolved during the last 25 years. However, as these networks are changing (expanding) all the time, maintaining a stable network now requires quite new strategies what comes to situational awareness. BaseN sees that this paradigm shift is mandatory also for industrial networks.

A typical mobile core network (GSM/3G) at a BaseN customer consists of 20.000+ network elements ranging from simple base stations to short message delivery servers. BaseN collects, computes and presents data from all these components, creating a real time geographical map and correlated alarm view of the network for the Network Operations Center (NOC). In a network of this size, the measurement data flow can be over 60 Mbit/s. This monitoring system is separate from any provisioning system which are used to install and configure new network elements – meaning that any infections (there have been many) to the provisioning systems causing network changes are detected by the NOC without delay.

The concept of logically separating real time measurements from control functions is essential also to industrial networks. The PLC should become transparent and measurable so that a tiniest change in configuration is noticed and alarmed. Measurement of critical components should be implemented via multiple independent (from the PLC) sensors, potentially using separate data paths towards the overall measurement system. Moreover, any manual process intervention should be treated as additional measurement data.

Next generation control systems should also utilize strong encryption and authentication, which are readily available in IPv6/IPSEC protocols but still virtually nonexistent in industrial networks. The core industrial logic of a factory, power plant or similar should reside in a highly secured computing cloud with multiple layers of authorizations for any configuration changes.

Measurement data shall naturally be used by the control system, but only after it has been extensively verified in the cloud. Controlling more critical components would require more individual measurements before an adjustment is permitted.

As a conclusion, industrial networks need to be open but secure, and intensively measured. Security needs to be designed in a new way, in which authorizations and permissions are quickly moved from physical keys and doors to even more reliable digital counterparts. Different skills are required, but basic concepts are the same. Industrial actors must avoid loosening their grip in the transition phase.

//Pasi