Zero trust model is the need of hour for the current Industrial Revolution
Industrial facilities like manufacturing plants, oil and gas refineries, power plants, etc are starting to see great value in leveraging the connectivity, situational awareness and operations intelligence enabled by the Internet of Things (IoT). The biggest hurdles to connecting critical assets to the internet are the risk of security threats and privacy of valuable data. We have seen cyber attacks where attackers broke into the US power grid causing mass blackouts. There was the infamous data breach of India’s Aadhaar database which compromised sensitive information of almost 1.1 billion registered citizens. Architects of industrial networks are paying more and more attention to cyber security and adopting strategies that will ensure the safety of their assets and data. One such strategy that is gaining popularity in modern industrial control systems is “Never Trust, Always Verify” – also known as the “Zero-Trust” model.
It is impossible to foresee all possible types of attacks but the zero-trust model provides an effective approach to improve security and be better prepared to mitigate risks. Cited initially by Forrester researcher John Kindervag, zero-trust is based on the principal that “Trust” is a vulnerability that is its own exploit. This is extremely relevant for industrial systems. Industrial security standards like ISA-99 and IEC 62443 do a very good job defining segmentation zones, secure conduits between zones and endpoint security to make sure the systems are secure. However, at the core, they are based on the model of trust. They provide a layered security approach and focus heavily on users getting securely authenticated into a trust zone. However, once the user is inside, most restrictions are lifted off – by definition of trust zone. We often don’t have proper logging to check what activity was done by which user. We rely so heavily on the first line of defense that we expose our systems to major vulnerabilities, if that goes down. This is exactly what zero-trust model advice against.
Zero-trust is a way of designing network security such that focus is on securing the critical data and resources. The first step is, of course, to have a resilient multi-factor authentication method in place. Older security systems relied on a strong and shared “root” password that would let you get unlimited access to specific resources – PLC, Historian data or HMI screen. While this was very convenient, there are many security holes in this method. Zero-trust approach requires each user to be correctly identified by a multi-factor authentication. Username and password are not enough. Just like all banks today use either SMS passcode or biometrics to authenticate users, so also must industrial systems before granting access – maybe a finger-print match of an oil and gas plant manager before making any major temperature change – and definitely one before shutting down a turbine.
Next step is to make sure you implement application and data-level security. All privileged access need to be individually verified, from inside or outside the network. All resources need to be controlled with role-based access and only those that absolutely need privilege access must be given so, after management approval. At a power plant, only certified plant operators should be able to access the HMI screen to make any changes in operations profile of a boiler. Moreover, the HMI screens should auto-lock in order to prevent unauthorized access with a verified re-entry mechanism.
Finally, it is absolutely critical to audit who is doing what in the system. Every logged-in user accessing every database and issuing every command on a screen or remotely should be logged. This is an area where cyber security can take advantage of the smarts of AI systems. Advanced Machine Learning (ML) algorithms can continuously monitor the activity of users inside a plant network and try to find patterns of anomalous usage. Your
system should be smart enough to recognize that a command issued over the network to change a load on a power transformer is not matching the usual patterns of loading seen during that hour the of day. Or that a certain command is coming from a different geographical region than normal and the system should solicit further authentication. Especially for critical assets – it is imperative to monitor usage and have the intelligence to alert upon any unusual operation. The banking industry already has this in place – where they require re-authentication before making non-normal transactions. Remember, when you got a call that your credit card was used in different country late at night – that was an AI catching that anomaly!
As our industrial systems get smarter and start crunching more and more critical data, we cannot afford to have security as an after-thought. We need to design our network cyber security with a zero-trust mindset so we are prepared for threats, detect them quickly and contain them to minimize damage to our industrial assets.
_20240911192319_original_image_15.webp)
