Cybersecurity Challenges to Industry
Industrial infrastructure are becoming increasingly vulnerable targets for cyber-attacks. Read about cyber risk to industry and examples of how Secure-NOK protects industrial assets.
Industrial infrastructure such as Oil & Gas installations, the Electrical Power Grid, Manufacturing Plants, and many more are critical for our society as we know it. Ensuring that these functions perform as society relies on, has traditionally revolved around ensuring safe and reliable operation. At the same time, industrial infrastructure has always been an attractive target for politically or economically motivated attackers, causing owners to use security measures such as fences and CCTV cameras deployed to protect their industrial sites.
Today, most industrial infrastructure relies heavily on electronic systems that control the physical industrial process. Traditionally, security risks to such systems have been mitigated through maintaining an "air-gap" from other computer systems to stay secure from cyber attackers. This risk picture is however changing dramatically as control systems on industrial assets or plants are integrated with modern IT systems to an increasing degree. The motivation is to accommodate operation and maintenance activities, sometimes remotely, or to extract business intelligence data. Connections exists between the two environments more often than not, and transient equipment such as engineering laptops and USB devices, can carry viruses and worms or be an entry point for a perpetrator carrying out an Advanced Persistent Threat (APT) attack. The consequence is an increasing number of incidents where industrial infrastructure is the target.
For owners of assets as complex as oil rigs, there are no single quick and simple fix that will ensure protection from cyberattacks. Rather a combination of design, protection and detection mechanisms must be applied together to make sure cyber breaches are detected and mitigated in a timely fashion.
If a drilling rig is compromised by a cyber attack, the damage potential may be severe. Accidental transfer of for example a virus from engineering equipment brought to the rig is likely to cause downtime. The consequences of such downtime depends on the criticality of the system and the tasks that are interrupted. More concerning scenarios are related to targeted attacks where there a competent, resourceful perpetrator gains access to critical systems and carries out sabotage.
To protect against such threats, deploying an early warning intrusion detection system is key, providing you with real time insight into your systems. We have designed our SNOK™ Cybersecurity Monitoring System to cover as many blind spots on your asset as possible. Workers on a drilling rig have to pay attention to many systems at any given time. In addition to offering our own SNOK™ Local Visualizer, we therefore customize to send our alerts to the "panes of glass" of your preference, both locally on the rig and where your central expertise is located.
All our customers are different and have different needs. We therefore offer highly flexible technology and pricing models. The SNOK™ Cybersecurity Monitoring System is hierarchical and can be deployed to cover a specific part of your system or accommodate the full portfolio of systems on the asset. We also offer SNOK™ Enterprise Solutions to accommodate your entire portfolio of assets and your experts in central Operations Centers.
When selecting the best method for securing electrical substations from cyberattacks, it is important to find a solution that solves logistics and practical challenges as well as meeting security needs. Electric utilities often own have facilities such as substations at hundreds of sites, many are unmanned and in remote locations.
The SNOK™ Network Intrusion Detection System detects abnormal traffic on a substation network while being non-intrusive to the substation’s tasks and requiring minimal maintenance. The solution can also be extended with SNOK™ Equipment Monitoring to monitor any Windows or Linux based endpoint on site, including unsupported systems such as WinXP. Still with minimal installation and maintenance requirements. In addition to our own user interface, Secure-NOK™ can forward alert data to all major SIEM systems and will work with customers to integrate alerts to their Operations Center monitoring systems already in use.
Programmable Logic Controllers, PLCs, are the automation workhorses of modern manufacturing industry and processing plants. PLCs are rugged, reliable devices used to control often critical processes and activities performed by robotic devices. PLCs themselves and their networks have traditionally not been designed with security in mind, mainly relying on being air gapped from other networks. Unauthorized tampering with PLCs can cause production downtime at best, potentially accidents and destruction may be the consequence.
The SNOK™ PLC Threat Detection solution can be installed either as an appliance in the PLC network or as a software package running as a Virtual Machine on available hardware in the network. This solution monitors PLCs and will detect early signs of tampering. The solution can also be combined with the SNOK™ Network Intrusion Detection System that will detect any abnormal attempts to contact PLCs over the network. For a complete monitoring solution SNOK™ Equipment Monitoring should also be installed on Windows / Linux devices that communicate with PLCs, for example HMIs, servers, historians and workstations to ensure early warnings of attacks on these devices.
Maritime vessels rely on many different control systems with increasing elements of automation. Dynamic Positioning, propulsion and maneuvering systems and safety systems are examples of such systems. Currently there are strong and increasing trends towards increased digitalization driven by efficiency gains from utilizing Internet of Things and an increasing degree of autonomous operation of ships. At the same time, this opens new attack vectors for various cybersecurity attacks to compromise the vessel control systems. Passenger vessels and other types of large vessels often have a vast population of people on board posing a large risk if the vessel control systems and onboard IT systems are not sufficiently segmented, protected and monitored at every given time.
To protect against such threats, deploying an early warning intrusion detection system is key, providing you with real time insight into your systems. We have designed our SNOK™ Cybersecurity Monitoring System to cover as many blind spots on your asset as possible. In addition to our SNOK™ Local Visualizer providing the onboard personnel with real time alerts and view of system status, we also offer the SNOK™ Detection Server that is placed in central Operations Centers where the cybersecurity information is aggregated across your fleet.
To get started we offer the SNOK™ Trial Program where you can test the solution small scale and get the insight you need to plan a more comprehensive solution. Read about our products and trial program.