In December of 2015, at 3:30pm, workers of the Prykarpattyaoblenergo control centre, an electricity distribution outlet for the Ivano-Frankivsk region of Western Ukraine, were preparing to wrap up their day and head home for the evening. That was until one particular worker, who was tidying his desk, noticed his cursor jump across his screen of its own volition. He then watched helplessly, as his mouse was unresponsive to any of his own inputs, as whoever was operating it clicked to take one of the substation circuit breakers offline, instantly dropping electricity distribution to an area just outside the city, home to around a thousand residents.
Then they switched off another. And another. And then another twenty-seven.
In total the hackers switched off thirty circuit breakers at the Prykarpattyaoblenergo control centre, but they didn’t stop there. They hit two other distribution centres in the city until more than 23,000 Ivano-Frankivsk residents were left sat in the cold and dark.
It wasn’t that Prykarpattyaoblenergo control centre’s OT security was more lax than others, nor was it particularly substandard. It could even be classed as a little more robust than that of some centres in the UK and the US, but in the end it wasn’t secure enough.
What is an OT network?
Most of us have heard of IT, and know what it stands for. OT, however, is a little less commonplace in everyday life. The term Operational Technology defines a setup of both hardware and software, which is used to monitor and administer physical devices, processes and events. SCADA systems are one of the archetypes of these systems, and one of the most popular, which are used to operate machinery, monitoring things like running temperatures and output in environments such as
factories and oil rigs.
It’s clear that if hackers can gain access to these IT systems, they gain access to any machinery connected to them.
What are we protecting our OT network from?
When hacks affect physical machinery, that’s when things become dangerous. Imagine a metal pressing factory, with numerous stations of heavy machinery slamming and punching thick metal into useful shapes. Even in the hands of a skilled labourer these machines are dangerous. In the hands of a remote hacker, with intent known only to themselves, most likely malicious, they can become deadly.
Halting production by shutting down a robot on a production line is costly and inconvenient to the company. But should the hacker take control of and disable something like a pressure release valve on a gas tank installed on an offshore oil rig, the consequences could be disastrous.
Since OT networks often control physical assets such as pumps, valves, motors, machines, and robots, it is not difficult to imagine what kind of damage could be caused by the altering the operation of any of these.
So, how can you secure your OT network?
There are many aspects to an OT network that don’t just fall under the hardware / software umbrella. Physical security and policies and procedures are just as important.
For instance, it’s great to have a stringent password policy — you know the sort, include five special characters, six numbers and a hand-drawn portrait of the Mona Lisa — but if a person can simply walk up to a device and pull the power cable, or insert a USB containing malicious code, passwords and security policies become redundant in an instant.
Having policies in place for access rights, encryption policies, passwords, and having procedures for hardware configuration and network segmentation, all contribute to securing the network. The
IEC 62443 standard sets some minimum configuration parameters with regards to password complexity, encryption, disabling unsecure protocols etc, which many of our networking products, especially those from
Moxa, are certified to.
But if anyone has physical access to these systems, they do no good at all.
Locking devices up behind some form of physical barrier denies these simple denial-of-service attacks. It seems simple, but it is surprising how many companies are blasé about the physical protection of their most vulnerable computing assets when the solution is so cheap and simple to implement.
Firewalls are another mainstay of OT and IT security, but as more physical devices are connected to the internet, the need for more robust security measures has pushed the possibilities of what can be locked down, and how. We now see Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) make headway into the OT networks — systems that continuously analyse the packets flowing through the network and scan for malicious activity. Depending on the security policies of the network, this malicious activity can either prompt a notification to network engineers, or be ceased completely.
In summary
As industrial systems become more and more connected, be it to the cloud or otherwise, the need for all these elements to work together becomes more and more important. Where we can never be 100% secure, due to the constant evolution of hackers and their tools, we can at least secure our OT networks to the point where they are highly locked down and a deterrent to hackers. If you would like more information on securing your network, feel free to call our Network Specialists on +44(0)1782 337 800, or
click here to get in touch.