Retrofitting cybersecurity

Retrofitting can benefit plants in many ways, but ensuring systems are cybersecure is essential

In 1982, long before a cybersecurity threat to control system networks was widely recognised, a Trojan horse attack on control system software reportedly caused a huge explosion in a Siberian gas pipeline. Even now, many systems that have been retrofitted for compatibility with the Industrial Internet of Things (IIoT) are not well protected.

Here, Robin Whitehead, strategic projects director at systems integrator and industrial networks expert Boulting Technology, explains the top considerations to ensure cybersecurity when retrofitting a system.

Connected devices have led to an increased value on data from real-time monitoring, as well as the creation of initiatives, such as the smart grid, digital oilfield and smart asset management in the water industry. However, these new technologies and applications have also led to a rise in potential security risks within a plant’s network.

Because very few companies find themselves able to build a new facility from scratch, many plant managers and engineers are choosing to retrofit existing systems with smart sensors and communication packages to take full advantage of the benefits of IIoT.

Many systems such as motor control centres (MCCs) and programmable logic controllers (PLCs) have an expected lifespan of decades and were originally designed to operate in isolation during a time of low cyber-attack risk. Connected devices can create vulnerabilities if substantial security systems aren’t in place.

Threats

Just one weak spot in a plant, such as an unprotected PLC can leave an entire network vulnerable to cyberattack, especially as there are currently no regulations or clear rules about how these networks should be protected.

Research agency Gartner estimates that more than 20% of enterprise security attacks will involve the Internet of Things (IoT) connections by 2020 and it is safe to assume that many of these attacks will use weak points such as improperly secured MCCs and PLCs to gain network access.

The Siberian pipeline attack is just one example of the devastating effects of control system vulnerabilities.

Attacks

Robin Whitehead

If a vulnerability is present, an insecure network can allow a threat such as a self-replicating worm to quickly become widespread throughout the facility.

Legacy systems typically worked on closed, proprietary communication protocols and the migration to open protocols including TCP/IP means security flaws are likely to be found quickly and patched before potential attackers discover the risk.

When connecting a legacy system to an open protocol security, patches can be vital in reducing potential cyber-attacks, however many manufacturers forgo their roll out due to high costs and concerns about potential downtime.

Just one missed patch can make it impossible to ensure a legacy system is protected.

Preventing vulnerabilities

Retrofitting existing equipment is the ideal way for many plants to take advantage of IIoT, but care must be taken when implementing older technologies into networks. Continual risk assessments are essential to determine potential points of attack and take all connections into account, predicting the worst-case scenario of a security breach. Boulting Technology works closely with partners to advise plants on the best way to improve cybersecurity for their unique network.

For a few plants, a complete overhaul of network security may be necessary, for example updating a protocol to one with continued security patches. However, the majority of plants will find that installation of additional software, security patch updates or a top down study of network connections will be sufficient to bring cybersecurity to the necessary levels.

Cybersecurity is an ongoing concern for any plant as the threat of cyberattack is growing year-on-year and is now significantly higher than during the Siberian pipeline attack in 1982. Additional care must be taken when integrating legacy systems into existing networks.

The author is Robin Whitehead, strategic projects director at systems integrator and industrial networks expert Boulting Technology

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES
Background design with neon fingerprint

WISeKey launches SeyID Digital Identity platform in Seychelles

Posted on: April 23, 2024

WISeKey has announced it has the project to deliver a new Digital Identity platform, “SeyID”, by the government of Seychelles. SeyID will be linked with different national initiatives covering eGovernment, eTourism and eHealth.

Read more
white house green cloth assortment

Smart home technology saves money and helps protect the planet

Posted on: April 22, 2024

In the global battle against climate change and to be more sustainable, the quest for energy efficiency has taken centre-stage. The focus on sustainability is an increasing emphasis on humanity’s finite resources and the effect of our energy-consumption habits on the world around us. This heightened awareness is leading to a radical rethinking of how

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more