With digitalization and modern technology, all process industries are increasing productivity and availability. But in a connected world, the threats to operational technology (OT) are also increasing. The risks of a plant being affected by malware, attacks and intrusions have grown significantly in recent years, and the effects - personal security, environmental impact, equipment damage, and production loss- can be devastating. These risks are increased by the fact that process industries producers are experiencing curtailed operations and limited staff due to constraints invoked by the global pandemic. Bad actors strike at times of vulnerability, and the need to remain cyber-vigilant has never been higher.
Customers are very aware of these risks and are demanding cybersecurity solutions that address current needs and be ready for future threats. As standards and regulations for cybersecurity continue to evolve and new threats emerge, ABB collaborates closely with its customers on solutions to help them comply with industry standards, secure their operations now and protect them going forward.
“That is why this is such an important area for ABB and for our customers. We have a comprehensive offering of cybersecurity and consulting services, and the demand for these services is increasing,” said Torbjörn Flybring, Industrial Cyber Expert at ABB in Sweden.
“Security in industrial systems is a long-term initiative that is always done in collaboration with customers.”
In ABB Industrial Automation's cybersecurity team, experienced experts work to identify and minimize risks, and to implement solutions and services that improve security in industrial systems as needed by customers. The teams are located all over the world, and work both on site and remotely with ABB’s customers.
“Cybersecurity in the industry is about asset and process availability,” said Mattias Karp Gidlöf, Industrial Cyber Expert at ABB in Sweden. “The systems should always work, and any problems should be solved while the business is still running. It sets completely different requirements for the solutions compared to security for standard IT systems.”
Solutions based on the customer's requirements
There is no simple solution to cyber-secure an industrial system. As threats, regulatory requirements and technical solutions are constantly changing, it is important that the work is done continuously and methodically.
“Together with the customer, we assemble the pieces and adapt our solutions and services to the customer's conditions, focusing our resources where they are most useful,” said Flybring.
“We recommend an in-depth approach with multiple layers of security checks throughout the system. It is always better to be proactive than to come up with reactive ‘panic’ solutions. Such a simple measure as always having updated systems is a good way to buy time in case of external threats.”
Security Update Service tests and approves security updates daily
ABB validates all relevant Microsoft security updates, McAfee and Symantec virus definition files for ABB’s automation system. The results of these validations are published in documents, which are made available to customers. ABB provides the Security Update Service, which is an automated process of distributing qualified and approved security patches and security updates to customer sites using a secure server located at ABB.
Maintenance services minimize the risks
During a recent event at a customer site that did not have a Security Update Service contract, the customer saw the impact of not having this automated service. Thanks to secure remote access, ABB's cybersecurity team, who was working in the system, suddenly identified strange behavior. Together with a colleague, Flybring went to the customer site, where a quick review showed that a virus had come into the plant's Operational Technology (OT) network. The customer was not subscribed to the ABB Security Update Service or the ABB Event Monitor, and therefore the virus had not yet been detected.
“We were taken by surprise,” said the customer representative. “Although we work with the system daily and actively maintain it so that the system is in good condition, we had not detected the virus. ABB came here quickly and knew what needed to be done and in what order it should be done. The experience and competence of their experts was important to our production management.
“For us, this became a wake-up call. In retrospect, we have realized that we were both naive and unprepared, and now we work with IT security in a more structured way.”
It took ABB's cybersecurity experts 24 hours of uninterrupted work to clear the viruses from the customer's OT network. The consequences of ABB not having detected and eliminated the virus could have been serious. However, this was not detected using a systematic approach: instead, the incident was randomly identified while the engineer was working with an OT application. The importance of having cybersecurity maintenance services is now well understood.
“Incidents like this one are much more common than you might think,” said Flybring. “The cases that become known are just the tip of an iceberg. Thanks to a structured and methodical work during the emergency situation, things went well this time.“
ABB Cyber Security Services
ABB’s cybersecurity portfolio is made up of seven cybersecurity solutions divided into three tiers. The first tier, named Foundation, covers the fundamental cybersecurity practices that ABB recommends to all ABB’s customers. This tier includes Assessment, Security Controls and Training. The second tier, named Services, includes the offering to the customer who already has the Foundation and either wants to outsource the maintenance and configuration of the Foundation, or requires other more advanced services. This tier includes Maintenance and Consulting. The third tier, named Operations, covers Collaborative Operations services that ABB delivers to customers using centrally located teams of cybersecurity experts.