Water supplies are threatened by hackers
Cyber attacks are becoming more frequent
As shown by the TÜV-SÜD Honeynet Project, 60,000 attacks by hackers are possible on a single water treatment plant in just 8 months. The TÜV created a system which simulated a water treatment plant in a small German town. Attempts to access the system were made from some 150 countries, with most IP addresses being situated in China and the USA. The access attempts didn’t just occur using standard protocols, they also occurred using industry protocols such as Modbus TCP and S7Comm. As a result of this, control systems have been found to have security gaps, making the systems vulnerable.
Industrial process IT has new requirements regarding sustainable IT security
So far, automation and control technology has been characterised by systems that communicate with each other on the basis of their own techniques and protocols. The ubiquitous network technology on the basis of Ethernet and TCP/IP is continuing to gain ground in these environments, however. The PC workstations are networked first, followed by the steering and control technology. Memory programmable controls (MPC) are increasingly being connected to the LAN, and compact control units on the basis of embedded systems are increasingly being offered with LAN interfaces.
As a tried-and-tested transmission path, TCP/IP continues to gain ground in what used to be the “TCP/IP-free” areas of production and control technology. Industrial Ethernet has arrived in the market, and even WLAN components are now suitable for and finding use in the tough requirements of manufacturing environments.
Risks due to the use of Ethernet and TCP/IP
Ethernet and TCP/IP offer a hacker or malware a standardised distribution channel. A lower level of specialist systems knowledge is required all the time. This also allows for standardised attacks. The existing and new implementations of TCP/IP protocols in equipment are error-prone. These errors can also be security-relevant.
The increasing rates of networking are creating synergies, but unfortunately, they are also creating more risks
The newly created transitions mean that all of the threats from the office environment and the internet are suddenly omnipresent in manufacturing and processing networks. This fact and the arising consequences can bring process IT personnel to their limits in terms of what they are able to assess and solve using their know-how in the area of safety. Process IT is obliged to address threats that are new to them and to assess the use of additional security technology.
Process IT has specialist requirements regarding IT security
It is almost always the case that the IT security solutions which are typically used in the office environment are also thought appropriate for neutralising the new threats to the process IT. These solutions are only of limited use to process IT however, and are sometimes of no use at all. The security solutions that are frequently used, such as patch management, anti-virus protection, firewalls and IPS are only suitable for the area of building automation to a limited degree, either because additional know-how is required or the operation of the solutions is very time-consuming. This is expressed, for example, in the high levels of maintenance outlay that anti-virus systems require.
To provide the process IT with sustainable protection, a completely different approach is therefore required.
For the operators of industrial systems, ensuring that the availability of the systems is not put at risk is the overriding goal. Therefore, in every situation, a honeypot must remain transparent for the rest of the LAN, and it must not influence other systems in the event of a failure. Since the honeypot hosts only act on a passive basis, no impact on the other areas of the LAN is to be expected.
Therefore, security technology that was originally adopted from the office environment can be supplemented to optimum effect. With a correctly configured and adapted honeypot, operators of industrial systems are able to establish an important additional security level which sustainably ensures the active protective mechanisms such as firewalls, anti-virus or intrusion prevention systems.
The honeyBox® has been developed especially for the industrial environment
Commercial honeypot systems, such as the honeyBox® industrial, have been developed especially for the industrial environment. The honeyBox® and other solutions are able to provide both low- and high-interaction honeypots in industrial environments. In the process LANs, they simulate virtual victim systems as bait so as to attract hackers. During their manual or automatic exploration of the network, the intruder comes across virtual honeypots in the LAN which appear to have a poorer level of security than the other systems.