Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
1. Cyber Security in the Era of Industrial IoT
Discerning implications of cyber security in a converged IT-OT environment
A Joint Webinar
by
Frost & Sullivan & Bayshore Networks
01st June, 2017
2. Presenters
2
Karthik Sundaram – Frost & Sullivan
Kirby Wadsworth – Bayshore Networks
9+ years of industrial experience across diverse profiles ranging
from engineering, design, market research and strategy consulting.
Experience base covers a wide range of technologies, products
and solutions in the industrial automation space: Core Process and
Discrete Automation, Product Lifecycle Management Systems,
Industrial Internet of Things Opportunity Mapping, Industry
4.0/Future of Manufacturing Scenario Analysis
Began career in real-time and high-availability systems engineering
Patented a model for validation of trusted relationships
Launched security line of business at F5 Networks, and Limelight
Networks
3. 3
Agenda
Evolution of Industry 4.0
The Convergence of IT-OT
Industrial Cyber Security- An Industry Viewpoint
Current State of ICS Security
The Way Forward
The Viewpoint of Bayshore Networks
Questions
4. 4
Evolution of Industry 4.0
1st INDUSTRIAL REVOLUTION :
Power Generation
Mechanization | Water Power | Steam Power
2nd INDUSTRIAL REVOLUTION :
Industrialization
Mass production | Assembly line | Electricity
3rd INDUSTRIAL REVOLUTION :
Electric Automation
Computing devices | Automation
4th INDUSTRIAL REVOLUTION :
Data Driven Production
Cyber Physical Systems | Industrial IoT
The idea of cyber-physical systems and data-driven decision making will drive the need for a well-
designed industrial cyber security strategy.
Cyberthreats
Physicalthreats
2000s
1900s
1800s
1700s
Source: Frost & Sullivan
What has gone UP?
• Complexity
• Customization
opportunities
What has come DOWN?
• Maintenance Costs
• Reconfiguration Costs
• Single Vendorship
With the
introduction
of Industry 4.0
5. 5
Security
Reliability
Resilience
Security
Reliability
Resilience
Security
Reliability
Resilience
Safety
Privacy
ITEnvironment
OTEnvironment
Privacy
SafetySolutions from IT
Technology know-how
Customer reach &
marketing expertise
Solutions from OT
Deep domain
(industrial) knowledge
Understanding of
industrial customers
Understanding of
machine data
Converged IT-OT Ecosystem
The Convergence of IT-OT
IT-OT Convergence forms the cornerstone of the next-generation enterprise ; resulting in a rapid
explosion of industrial data and a greater demand for industrial cyber security and safety.
Initiatives driving IT-OT
co-optation
Industrial Internet Consortium
Plattform Industrie 4.0
Smart Manufacturing
Leadership Coalition
Made in China 2025
Data Data
Source: IIC / Frost & Sullivan
6. 6
Benefits
Risks
RoI
Concerns
Overflowing
big data
IT-OT Convergence: Risks, Benefits and Opportunities
Benefits from IT-OT convergence is touted to bring tremendous opportunities in manufacturing
despite existing risks and challenges
IoT Skills
Gap
Debatable
Ownership &
Governance
Privacy &
Security
Concerns
Interoperability
Surge in Connected
Industrial Devices
Swell in Economic
Value
Advanced IIoT
platforms &
ecosystems
Digital
transformation of
industries
New service driven
business models
Higher
efficiency
No more
unplanned
downtime
Reduced costs
Predictive Analytics
& maintenance
Improved
Accuracy
Source: Frost & Sullivan
New business
models
7. 7
Industry 4.0 and New Business Models
IIoT will play an important role in making strategic shifts in monetization models for industry.
Product to
Services
Subscription to
Consumption
Closed to
Open
Vertical to
Horizontal
Business models
have emerged from
mere product based
transactions to
customer service
based
engagements.
Business models
have emerged from
subscription based
payment models to
consumer based
pay-as-you-go
models.
Digital platforms
have evolved from
being closed to a
more open platform,
aiding
interoperability for
developing custom
apps.
Business models
have transformed
from offering vertical
solutions to specific
context based
solutions for the
industry.
INDUSTRIAL INTERNET OF THINGS
Source: Frost & Sullivan
8. 8
$11.5
M
$2.75
M
$6.50
M
$7.60
M
$2.28
M
Power
Pharma Automotive
Defense Industrial
Industrial Cyber Security- An Industry Viewpoint
Alarming rise in cyber attacks on critical infrastructure and the subsequent rise in monetary losses
is a growing matter of concern for the manufacturing industry
Industry Wise Average Cost of Cyber Attacks
Source: Ponemon Institute / HPE / Frost & Sullivan
Important events that shaped the course
of industrial cyber security
The Ukraine Power
Station Attack
December
2015
December
2014
The German Steel
Mill Attack
November
2011
The Duqu Attack
in Iranian Nuclear
Plant
December
2010
The Stuxnet Attack
on the Iranian
Nuclear Plant
January
2008
The Poland Public
Tram System Hack
March 2000 The Austrailian
Maroochy Shire
Sewage Spill
9. 9
Decoding Industrial Cyber-attacks—Types and Motives
Outsiders
Cyber
Attackers
Primary motive of cyber threats
Hijacking industrial automation &
control systems (ACS) for economic
and political gains
Identifying weaknesses and improving
system networks by “White hat”
hackers (on contract)
Black hat hacking such as espionage,
extortion, theft, and vandalism
Economic motivations such as theft of
intellectual property or other
economically valuable assets
Inadvertent actions that are taken
without malicious or harmful intent
Insiders
• Disgruntled employees
• Thieves
• Unintentional mistakes
Amateurs
Hackers:
• Black
hats
• White
hats
Organized
Attackers:
• Terrorists
• Hacktivists
• Nation States
• Criminal actors
Different Categories of
Hackers
Cyber-security: Categories of cyber-attackers
Source: Frost & Sullivan
The world of
industrial
automation will
see the entry of
commercial IT
vendors with
industrial security
solutions.
Cyber-attacks have multiple motives but all of them leverage on technological loopholes that exist
in industrial legacy systems
10. 10
Morphing
Cyber Attack Points in Industry
Current cyber security measures may fall flat vis-à-vis broadening attack surfaces and increasing
complexities of cyber attacks
Cloud Networks
Can be compromised
if security controls
like firewalls are not
in place.
Supply chain
Can be disrupted by
Distributed Denial of
Service (DDoS) attacks
Intellectual
Property (IP)
IP can be at risk if proper
encryption methods are
not followed
Industrial Automation &
Control Systems (ICS)
Malware can be injected by
perpetuators to disrupt ICS
Government Data
Nation level espionages
are held that put highly
confidential government
data at stake
Product Data &
Configuration
Competitor corporate
espionages could steal
potential product data and
alter its configuration.
Product components
Product components could
be embedded with
malware that could infect
any portion of the product
life cycle.
Handheld devices &
wearables
Mobiles,wearables and
other handheld devices
used in the industrial
environment can leak out
personal information.
Source: Frost & Sullivan
Evolutionofcyberattacks
1980
2020
Password
cracking
Back doors
Packet
spoofing
Advanced
scanning
Denial of
service
Malicous
codes
Bots
Vulnerable Attack points in manufacturing value chain
11. 11
The difference really lies in the fact that all the
sensors have Internet Protocol (IP) addresses
now. This means that they can be accessed via
the Internet and are going to go after 50,000
versus 100 or 1,500 devices. They have to worry
about it.
– Operations Director, Discrete Manufacturing
“
”
The State of ICS Security—An Industry Perspective
The rise of industrial connectivity with the advent of IIoT will expand the cyber security threat
landscape for industry
Industrial Customer Perspective
We utilize defense-in-depth strategies—layering
design features with safe practices and preventive
measures while actively monitoring each and
constantly addressing known and emerging
threats.
– Director, Utility Company
“
”
Level of Awareness /Maturity
12. 12
Operational
Safety
System
Security
Integrity
Regulations
Information
Confidential
ity
Legacy
Assets
Source: Frost & Sullivan
• Insecure industrial systems
that were designed to
operate in silos
• Information silos
• Difficulty in integration
between organizations
Integration
challenges with
systems
• IT and security policies not
designed for the industrial
operating environment
• IT and security personnel
not familiar with the
operating environment
Misalignment
between IT and
OT security.
• Confidentiality—for e.g.,
chemical formulas
• Integrity—for e.g., smart
meters
• Availability—for e.g.,
process and control systems
Managing
sensitive
systems
Key Focus
Areas in
Critical
Infrastructure
Industries
Security Challenges in Critical Infrastructure Industries
Attacks on critical infrastructure industries are a major problem as the implications and costs are
considerably more when compared to attacks on a manufacturing plant.
13. 13
Security
Concerns
Challenges
Attacks
Case Example: Power Industry
Power transmission and power distribution segments are considered to be more vulnerable than
power generation.
• Privacy of
customer
information is key
(which could be
easily compromised
by a third party or
the utility)
• Compromising
the demand-
response
events in the
Energy
Management
Control System
(EMCS)
Targeting Availability :
DDoS Attacks cause delays, blocks
or corrupt communication.
Targeting Integrity :
Spoofing, Man-in-the-middle Attacks
modify or disrupt data exchange.
Targeting Confidentiality :
Eavesdroppers, traffic analyzers
acquire unauthorized information
from network resources.
• Utilities are skeptical about
using anti-virus solutions
to protect relay systems due
to processing power and
memory requirements.• Geographically
wide spread
segment,
making it difficult
to monitor and
control systems.
Each of the sub-stations
represents a node that can be
compromised, causing damage
to personnel as well as
equipment.
• Cyber attacks in the
distribution segment can
cause supply failures and
compromised data
collection may result in
incorrect reporting and
decision making.
• False readings
due to tampered
meters and
attacks on the
sensor networks
14. 14
The Industrial Cyber Security Market- Key Trends
While ICS security is approximately 10 years behind IT security, APTs are changing rapidly, making
existing solutions obsolete.
New Operating Models
Partnerships will be crucial to the
development of in-built security solutions
for ICS, opening up opportunities for
security endpoints, the network, and the
edge.
v
Cyber Security as a Service
Managed security services (MSS) and the
development of a Main Cyber Security
Service Contractor (MCSC) capable of
assessing, implementing, monitoring, and
managing the security lifecycle of the
enterprise will become plausible investments.
2S Approach—Safety and Security
These 2 factors have similar objectives—
to protect the people, the assets, and the
process. Solution providers are
considering the opportunities in merging
these 2 capabilities.
Industry-focused solutions
Data encryption, endpoint and
network access management,
security intelligence and forensics,
and security gateways are becoming
mandatory security solutions to
protect the different ICS levels.
Digital Engineers
As the IT and OT worlds continue to
converge, there is a growing
requirement for a new age workforce
of digital engineers who can
understand and develop solutions
that can be utilized to defend ICS.
Source: Frost & Sullivan
1
2
3
4
5
15. 15
0% 50% 100%
Response
Detection &
monitoring
Prevention
Current State of ICS Security
Security Domain State of Automation systems Adoption level
Patch Management ICS software incompatibilities and
resources not easily available
Cyber Security Testing
and Audit
Testing expected to be thorough and
specific to the control systems
Security Breach
Response and
Forensics
Critical response time
Security Compliance
and Regulation
Industry-specific guidance in some sectors
Physical Security Fairly strong
Security Development Not an integral part of the system
architecture
Anti-virus Solutions Not common in control systems
Firewall Security Often used as a protection device for the
entire system
SolutionType
Adoption Level (%)
Source: Frost & Sullivan
High
adoption
Medium
adoption
Low
adoption
A majority of customers are focused on preventing solutions rather than monitoring or managing cyber
security.
16. 16
Which is why we
would need to
re-look our
approach to
security…
18. INDUSTRIAL CYBER PROTECTION ROADMAP
Innovation
Revenue
Efficiency
CostDetect
Prevent
BusinessValue
Maturity
Plan
Organize
Catalog
Report
• Opportunity
• Proactive
• Filtration
• Blocking
• Process
• Predictive
• Internal
• Optimization
• Risk
• Reactive
• Visibility
• Alerting
• Awareness
• Learning
• Concern
• Education
Visibility Protection Connection
• Partners
• Integrated
• External
• Transformation
All paths to the Industrial Internet of the future
require industrial cyber protection of the present
19. BAYSHORE’S INDUSTRIAL CYBER PROTECTION PLATFORM FUNCTIONS
DISCOVER
• Automated asset
mapping
• Reports
• Real-time monitoring
DETECT
• Anomalies and
deviations
• Known & zero-day
intrusions
PREVENT
• Attacks and accidents
• Enforce Policy
• Segment industrial
networks
• Central policy
management
OPTIMIZE
• Transform industrial
protocol content
• Enable business
analytics
• Integrate OT with SOC
/ SIEM
INNOVATE
• Managed remote
access
• Connect to Industrial
Internet
See ConnectProtect
20. CASE IN POINT – MANUFACTURING
Major US enterprise with
40+ installations
CISO first raised concerns
Initial Request
Discovery, visibility
Monitoring / threat detection
21. FIRST STEPS
• Gathered cross-functional team
• Plant teams
• IT Security teams
• Facilities / Operations teams
• Situational Analysis
• IT concerned about performance impact of
security
• OT (facility) team not aware of risk
• Start small, learn fast
22. Wide skepticism that
apertures and risks even
existed
Bayshore Automated
Discovery
Initially mirror port, passive mode
Identified undocumented
vulnerabilities
Physical – old and new assets,
down revs, passwords
Application and data loss/theft –
undocumented network
connections
INITIAL ASSESSMENT
23. Determined normal baseline,
began monitoring/alerting
Added policies to enforce
acceptable access and
commands
Alert on policy violation, SEIM integrated
Protect / block blacklist and critical
violations
Certified solution cross-
functionally
Replicated globally
PILOT TO PRODUCTION
24. DD
BAYSHORE PROTECTS INDUSTRIAL INFRASTRUCTURE SO YOU CAN CONNECT
Deep, Granular Content
Inspection of Industrial
Protocols
Automated Mapping and
Reporting of Industrial Assets
Enforcement of Content-Based,
Context-Aware Policies
Transformation of Industrial Data
for Use in Business Applications