For manufacturing companies, a common weak link in their enterprise network is the production network. To establish secure manufacturing, several enterprise aspects must be addressed, ideally by a risk management team with support from senior leaders. The foundation is built on:

• Security awareness for the entire staff (most breaches are the result of human error)
• Secure product design and product life cycle
• Best practice security for the operations technology (OT) network, recognizing that information technology (IT) security is not OT security

With these and other internal system-related items in place, the focus must be on access points such as:

• Secure handling of shipping and receiving
• Vendors and customers implementing secure IT and OT networks
• Secure identifiers for products, anti-counterfeiting, forensics, and customer use
• Regularly gathering evidence that security is working (or not working)

Trusted and secure manufacturing must include protection of both the IT and OT networks, with IoT, ICS, SCADA, and related environments being the most vulnerable.

There are substantial differences in the mindset of people who secure IT networks compared to people who build and use OT networks. Companies with OT networks experience significant problems getting things like PCs and servers to talk to industrial control systems because OT networks are fragile. There are very few people who understand how to make them work and how to keep them working. As a result, there is strong resistance to change anything on the part of the people who use the networks. With this mindset, OT networks with unpatched Windows XP PCs running on them, or even older versions of Windows are not uncommon.

Another major difference is that IT networks are generally not concerned about latency, so secure software that slows response times down by hundreds of milliseconds or more is not an issue. In contrast, an OT network may have devices with zero tolerance for more than a 10 millisecond delay. These devices generally cannot function on a network that has common IT network security principles applied to it.

Finally, the overriding theme of IT security is CIA, or confidentiality, integrity, and availability (meaning it is there when you want it). The overriding concern in an OT network is safety: do whatever it takes to make sure no one dies during the course of operations.

Standardizing security of manufacturing networks

Industry efforts to create a standardized approach to improve factory security have been underway for many years. For example, the International Society of Automation (ISA) defined a generalized security architecture for the protection of OT networks called ISA99, also known as IEC 662443.

This security architecture intentionally leaves the implementation “details” to the customer. By doing so, the architecture remains relevant even as security technologies evolve and change. The Trusted Computing Group (TCG) defines trust technologies that enable implementations of ISA99 architectures.

Enclaves and conduits

A typical factory OT network includes many devices that have little or no ability to defend themselves. In ISA99, rather than deal with the idea that some devices can protect themselves while others cannot, the architecture assumes none of the endpoint devices can protect themselves.

The architecture dictates that endpoint devices be grouped according to some logic, such as all of the devices in a specific factory. In ISA99 terminology, this is called an “enclave” and the enclave is protected by network-based security technology. Any telecomm link that goes outside the enclave is called a “conduit,” and all of the security technology used to protect an enclave is present in the conduits. For improved security, each enclave should have as few conduits as possible and each conduit must have a trusted, heavily secured gateway where it joins an enclave.

To establish trustworthiness for enclaves and conduits, TCG uses dedicated security hardware to protect secrets and integrity information (hash values). This includes the Trusted Platform Module (TPM) and self-encrypting drives (SEDs). With this technology, devices can police each other and authenticate credentials before any communication occurs.

For legacy products that do not support TCG-compliant hardware, TCG’s Trusted Network Communications (TNC) protocols can be used to create trust evidence. The TNC specifications provide an open architecture for network access control as well as a suite of standards that define interoperability. One of the benefits of this approach is that any Linux or Windows-based device can run a client that gathers integrity information.

Trusted and secure OT networks are the result of security by design. Available tools to implement a higher level of security include open standard security architectures and the use of enabling trust and security technologies in those architectures.

Stacy Cannady, CISSP, is in technical marketing for Trustworthy Computing Threat Response, Intelligence, and Development (TRIAD) at Cisco and a member of the Trusted Computing Group’s Embedded Systems Work Group.