Current trends and challenges as regards IT/OT security
According to the Federal Office for Information Security in Germany, more than 300,000 new malware variants appear every day, highlighting the likelihood of a company and its digital infrastructure being affected by malware even when it is not the subject of a specific cyber attack. Nevertheless, targeted attacks on companies and their automation infrastructure are on the raise.
According to a report by Claroty, the OT systems were affected in 50% of the companies surveyed that were subjected to ransomware attacks, causing production process malfunctions or outages in 80% of those cases.
The following significant examples illustrate the current situation in terms of IT/OT security:
- 2010: Stuxnet, the first malware specifically designed to attack OT systems
- 2012: Malware incident at Saudi Arabian Petrol industry (approximately one billion in recovery costs, 35,000 computers had to be replaced)
- 2014: Attack on a German steel mill with massive damage to the plant
- 2019: LockerGoga ransomware incident, with damage totaling around $40 million in the first week
- 2022: 28 production lines brought to a standstill at Japanese car manufacturer
The challenge faced by plant owners today is to develop a concept aimed at guaranteeing physical security, ensuring network security, maintaining the integrity of the plant, and setting out policies for dealing with IT/OT systems.
IEC 62443 is one of a series of standards covering cyber security aspects for automation infrastructures in relation to their lifecycle. This takes into account the specific components, such as PLC control systems and corresponding sensors, which are used together with standard IT components, such as Ethernet networks including WiFi and client/server infrastructures for plant automation. One element of this series of standards is the interaction between manufacturers, integrators and operators of the relevant systems.
X-Pact® Defense in Depth – Holistic concept for IT/OT security
As one of the leading system integrators in the metals industry, SMS group combines operational technology (OT) and information technology (IT) to increase the profitability, sustainability, security, and reliability of its plants and equipment. Consequently, SMS can indeed fulfill all three roles: as a manufacturer of digital products (software) and selected automation components (hardware), SMS group integrates systems to bring together a variety of its own components as well as systems from subsuppliers, in order to offer customers the full range of integrated solutions.
For this reason, the world of X-Pact® electrical and automation systems at SMS group has been expanded to include an important module. The X-Pact® Defense in Depth concept for IT/OT security is based on IEC 62443 and takes a customized solution approach by combining several measures according to the level of protection required for the automation infrastructure in the customer's plant.
All measures implemented are based on a risk analysis. This lists all components and systems used in the automation infrastructure in terms of their risk and evaluates their protection requirements in a worst-case scenario. Using this risk analysis, the components used are no longer grouped solely according to their functionality but also on the basis of the protection requirements determined for them. This results in a zoning diagram that assigns the components to different zones. The communication possibilities between the different zones are limited to those that are essential, thereby making the rapid, unchecked spread of malware more difficult, for example.
Other modules used during implementation range from various antivirus protection approaches, through the standardized system hardening of components and restriction of user authorizations, up to monitoring and backup concepts as well as asset- and vulnerability management-systems.
Customers are also offered a range of tailored service options that are performed alongside the engineering and implementation of the defined security concept and that provide them with ongoing support on a long-term basis. Since, as mentioned earlier, the potential threats and risks are constantly changing and the relevant cyber security measures have to be kept up-to-date, the service packages are categorized as follows:
Standard service
- Availability monitoring of critical components
- Backup service
- Regular and continuous updates of operating systems
- Evaluation of unusual event logs
- Regular virus scans
- Regular reporting
- Update agreements for different software
Extended services
- Asset and vulnerability management, with the option of vulnerability scans
- Regular recovery tests of backups
- Continuous or periodic repetition of the risk analysis
- Extended log analysis
- Regular renewal of security technology (e.g. replacement of firewall systems)
- Optional penetration tests
SMS group's Defense in Depth approach ensures IT/OT security for the customer's specific automation infrastructure, which in turn helps to maintain high availability levels for the plant concerned. SMS group works with its customers to develop solutions tailored to their specific use cases. Thanks to the integrative nature of its competencies in hardware, electrical equipment, automation, digitalization, and services, and the combination of its solutions with performance-based business models, SMS group is the ideal long-term partner for its customers for the entire lifecycle of their plants and equipment.