The Internet of Things (networks of uniquely identifiable endpoints, or "things," that communicate without human interaction using embedded IP connectivity) is the next industrial revolution. Estimates say there will be 24 Billion IoT devices installed by 2020, and $6 Trillion will be invested in IoT devices over the next 5 years. With that kind of growth and investment, protecting each of these “things” and their corresponding interactions with other components, including our networks, will be critical.
So where is this growth coming from? Businesses, governments, and consumers are all using IoT ecosystems. It is estimated that consumers will have 5 billion IoT devices installed by 2020. While this is impressive, it is dwarfed by governments (an estimate of at least 7.7 billion devices installed by 2020) and businesses (at least 11.2 billion devices installed by 2020). But how secure will those devices be?
An AT&T Cybersecurity survey of more than 5,000 enterprises worldwide found that 85% of enterprises are in the process of or are planning to deploy IoT devices, but only 10% feel confident that they can secure those devices against hackers.
Industrial control system (ICS) is a general term that encompasses several types of control systems used in industrial production. ICS’s are typically used in electrical, water, oil, gas, and data industries. Industrial control systems worldwide are already using “smart” IoT devices and systems, and that use is growing. Some examples include:
In the 1950’s the first analog based supervisory control and data acquisition (SCADA) systems were developed. They were usually monolithic, isolated, and proprietary, residing on minicomputers and backup mainframe systems for added redundancy. Over time, the market saw huge growth in the number of manufacturers and vendors supporting the ICS market. Unfortunately, as standards were still being established, this caused interoperability issues and added significant cost to maintain and upkeep these systems.
Once standardization of application and protocols used to control various ICS systems was established, they allowed for interoperability between different vendors, adding a level of flexibility and interaction not previously seen.
Next, IP communications in the late 1980’s and early 1990’s propagated the concept of local area networks (LAN) and process control networks (PCN), which drove the replacement of older, aging, and limited communication links performed over serial to Ethernet networks. As the IT revolution moved forward, these ICS LAN/PCN’s were upgraded to keep up with the latest benefits in new application and control developments for SCADA-based systems.
Today, in what is known as the 4th generation of the Industrial evolution, the division of control between ICS and IT infrastructures has become muddled. With added interconnectivity between the very latest in IT and Cloud infrastructure offerings, businesses are able to increase operational efficiencies, and as a result, increase profits while reducing costs. CEOs, CFOs, and Board members are obviously thrilled with such technological advantages that they can leverage. However, the adverse impact of this next generation in Industrial convergence is the cyberthreat exposure this approach brings with it.
While many cybersecurity threats and incidents that occur inside industrial networks are unintentional, meaning they are due to human error or device or software failure, external threats remain the top concern. Manufacturing and Energy, for example, have been the most targeted sectors in recent years, but many other segments of our critical infrastructure (Water, Transportation, Government Facilities) have seen multiple incidents of cyberattacks.
Fortinet recently commissioned Forrester Consulting to conduct a survey to explore current state, challenges, priorities, and strategies for securing critical infrastructure. Forrester surveyed 214 U.S. organizations across all industries, focusing on companies of 1,000 or more employees, with distributed critical infrastructure sites such as hospitals, power plants, manufacturing plants, dams, government facilities, and refineries.
The organizations surveyed acknowledge the importance of SCADA/ICS security. They currently undertake numerous measures to secure SCADA/ICS, and seek to increase investment in security over the next year.
Fears of outside threats appear to drive this stance. 78% of respondents stated that security attacks from non-state actors drove their SCADA/ICS security strategy. These fears are justified: 77% of organizations report that their SCADA/ICS had experienced a security breach, with 2/3 of those occurring in the past year. Impacts from those breaches ranged from their ability to meet compliance standards to maintaining functionality and employee safety.
Breach points are everywhere within Industrial 4.0 networks, from outside threats to inside threats, and from RTU (Remote Terminal Unit) or HMI (Human Machine Interface) exploits to breaches of air-gapped networks. You need a well-conceived, layered defense to make sure you’re covering all your bases.
A Defense-in-depth strategy deploys application security at both the host RTU and the network level, with tightly integrated multiple detection mechanisms. Fortinet’s Defense In Depth Strategy prevents threats from entering the organization stringent boundary controls by enabling organizations to:
Relying on perimeter security, such as a traditional edge firewall, to protect your internal network is no longer enough. The Fortinet Internal Segmentation Firewall (ISFW) is designed to sit between two or more points on the internal network to allow visibility, control, and the mitigation of traffic between disparate network segments, while protecting different network segments from malicious code as it makes its way through the internal network.
To better understand how these products work together, keep in mind that:
To truly protect ICS systems in your critical infrastructure, an approach like Fortinet’s ICS Layered Defense Model is the best solution. An ATP Framework allows you to detect and act on the latest, most advanced malware. A Defense-in-Depth approach provides you with tightly integrated, multiple layers of protection. And Internal Segmentation allows you to contain any malicious code that has made it past your external defenses, thereby containing a breach and limiting the damage. With the explosion of growth of IoT devices within industrial control systems, and so much at stake with Critical Infrastucture Protection, this is an area where we need to be concentrating our most advanced cybersecurity defenses.