The World Economic Forum recently started an initiative with the name Partnering for Cyber Resilience to strengthen the ability to withstand cyber-attacks. This obligates signatories to recognize the significance of working together, to develop risk management programs and to encourage partners and suppliers to likewise commit themselves to the fight for security on the Internet. While governments and company managers recognize the situation, the top and middle management and the system administrators at many companies have often not yet recognized the seriousness of the situation. It is important to strengthen the resistance against cyber-attacks by means of joint efforts with the producers of industrial IT technology.
One thing should be clear here: 100 percent security against cyber-attacks cannot be reached, even if a system is equipped with the most up-to-date security measures. The constantly increasing number of less secured connections to suppliers’, contractors’ and partners’ networks remain vulnerable. Many industrial managers are still of the opinion that this only applies to company-wide IT systems like computers, servers and other network facilities. Frequently people forget that, with the spread of industrial technologies, additional dangers arise through connections to supplier networks, such as remote maintenance facilities. This means that the security requirements need to be considered in the same way. Even isolated IACS systems (industrial automation and control systems) that only have minimal exchanges with external suppliers, producers or partners are endangered by attacks through PCs, storage media, the unauthorized installation of software or even targeted attacks by the company’s own employees.
The ABB AbilityTM Cyber Security Monitoring Service identifies, classifies and prioritizes possibilities for improving the security of the process control system. It monitors the Internet security and compares the recorded data with best practices and industry standards in order to reveal vulnerabilities. Access to the ABB Cyber Security Monitoring Service is via the ABB ServicePort, a remote-based platform for providing services.
It provides individual, secure integration of ABB services and experts and can be incorporated into any process control system. With this, users can view data that is recorded and saved via a web-based channel in the ServicePort that can easily be accessed by customers or ABB personnel. The user receives scheduled or requirements-oriented security monitoring including data analysis.
Cyber security is an integral component of ABB’s products and systems and is taken into account in every phase, from design and development to maintenance and support. This includes threat modeling and security design reviews, security training for software developers and the internal and external performance of security audits as part of quality assurance.
Examples of improvements in cyber security can be found in the latest release of the ABB AbilityTM System 800xA, which includes extensive functions for the most secure possible operation of process automation solutions. This includes support for solutions to protect against malware from third-party providers (anti-virus programs and positive lists for specific applications), granular access control (flexible account management as well as granular access rights and role-based access control) and secure communication by means of IPSec (Internet Protocol Security). However, the security aspects are not limited to system functionalities, but also include support during the product lifecycle, for example through validation of security updates from third-party providers and a standardized process for dealing with weak points (vulnerability handling).
When it comes to company-wide IT systems, in the event of a cyber-attack the protection of confidential data must be top priority, followed by the integrity of the system and finally the availability of information for authorized network users. However, when using this strategy for a cyber-attack against an IACS network, the priorities are entirely different.
Here, the risk focus is on availability, closely followed by integrity; the confidentiality of information is of lesser importance.