Home / Blog / Industrial security predictions 2020-2029

Industrial security predictions 2020-2029

Posted on 04/22/2020, by INCIBE
Industrial security predictions 2020-2029

It is clear that, in recent years, industrial devices have improved to adapt to new technologies and market needs. Therefore, to correctly understand their evolution in the future, we have to look at the change they have made since the last years until now.

Basic devices of industrial control systems such as a PLC (Programmable Logic Controller), RTU (Remote Transmission Unit) or IED (Intelligent Electronic Device) are, together with sensors and actuators, the devices that have evolved most over the years within the industrial environment. All of them have improved in terms of hardware, in addition to implementing more connectivity-related features to meet the demands of industry 4.0 and the IIoT (Industrial Internet of Things). The use of devices not specifically designed as industrial devices, as cheaper alternatives (Raspberry, Arduino, etc.) is increasing, since they could perform the functionalities and maintain a control logic, similar to that of a PLC or other specific industrial control devices. These can be used by anyone, since they are low-cost and usually serve to automate small systems for everyday use, if required by the user.

Historical evolution of cybersecurity capabilities of ICS devices

The evolution regarding the hardware capabilities of the devices has been increasing over time. This makes it possible to increase the security measures that can be implemented. Allocating resources to cybersecurity is now increasingly normal; while before they did not take into account the aspect related to cybersecurity, today it is done from the design stage.

Some things have also been improved regarding old devices, since the computing capacity of the devices has been increasing over the years, in addition to lowering their cost. This has made it possible to increase and improve certain aspects related to device security.

Historical evolution of cybersecurity capabilities of ICS software

At first the devices that were in the control area within the infrastructures had very simple software and had barely any connectivity, because they were in isolated networks. Now, with the evolution of industry 4.0 and IIoT, devices dedicated to the industrial environment have progressively incorporated improvements, providing greater connectivity with the rest of the devices and networks, but, in turn, making way for new attack vectors. For this reason, a change in the development profiles or changing the profiles will be necessary, since they are more complex functionalities, in addition to the need for specialisation oriented towards cybersecurity profiles, through certifications or courses, and audits of external and internal software.

Technical predictions in industrial cybersecurity

The constant need to modernise industrial systems, improve operational maintenance procedures and increase productivity are driving the implementation of increasingly connected technologies, which, in turn, can expose control networks to vulnerabilities or threats which did not previously affect them.

IIoT technologies can help in predictive maintenance, improving supply chains and other features of cybersecurity. However, most devices are not designed with cybersecurity as a top priority. As a result, these devices can expose the industrial environment to a wide range of cyberthreats.

Since OT environments lack visibility and security controls, it is very difficult to detect such threats in real time or even after the cyberattack. Therefore, it is important to prevent and detect such threats before they take control of operational processes and critical services.

Another change that will be seen more slowly has to do with Building Management Systems (BMS) and Building Automation Systems (BAS). The need to connect more daily devices is ever greater; therefore, it is not uncommon to find smart homes or that, in the not-too-distant future, buildings are built from the base with a greater degree of automation within their systems. Although they are not considered industrial systems, they include common services, among which are: HVAC, lighting control, water management, fire extinguishing systems, CCTV and access control.

These BMS and BAS systems are connected to the corporate network and the Internet to allow remote control and management of some processes, while being exposed to possible new threats. These devices do not always have the necessary security measures and use protocols such as Bacnet, OPC, Modbus TCP or KNX, which do not have security features and are a possible attack vector as in ICS technologies. Increasing security and raising awareness about the importance of improving the security of these BMS and BAS systems in the future is important to protect them from possible incidents.

The most significant technical predictions that are expected for the near future are the following:

  • The security of ICS will become more “conventional”. More and more industrial organizations make investments to secure their environments or improve those they already have. With the possibility of more threats, not only large companies, but also SMEs, will want to improve the security of their industrial environments.
  • Proliferation of tools for exploiting vulnerabilities in industrial environments. The cyberattacks that the OT environments receive will multiply in the coming years due to more complex attacks and very specific objectives.
  • Use of active detection. The fact that cyberattacks continue to improve year after year will push organizations to act and fight new threats. Passive traffic monitoring in industrial networks will no longer be enough, in the future it will be necessary to look for threats more actively. This fact gives rise to some debate, since, as they are active analyses, they may have some impact on the process.
  • Collaboration on OT threats. It is possible that in the coming years there will be a growth in the complexity of threats in ICS; therefore, it will be necessary to improve when identifying, mitigating and informing about these new threats.
    This will require the use of external sources of security data or the integration of elements such as SIEMs, which collect events and records from different devices and centralise them, among other options into a SOC for analysis.
    Other elements to take into account, such as NG (New Generation) firewalls, will help solve very complex problems at the network level. In addition, these will improve the communication and exchange of information within the OT community, which will be key in quickly identifying threats.
  • Continuous monitoring in control networks. Despite the increase in security and the use of encrypted protocols, monitoring will be one of the most important aspects of industrial cybersecurity. This monitoring will identify new cyberattacks and assets that are incorporated into the monitored networks. These types of tools will have to evolve in order to deal with encrypted traffic, with the drawbacks that this may generate.
  • Use of a reference architecture or model for each type of existing industrial infrastructure. Although many organizations follow the Purdue model when implementing their network architecture, in the end each industrial sector has different types of infrastructure at the network level and may differ in several aspects. Among the modifications that may be noted there is a possible modification of the Purdue model itself.
  • The attack surface is increasing. The increasing number of automation systems, the variety of tools, the number of organizations and people with direct or remote access to these systems, as well as the emergence of communication channels for monitoring and remote control between devices that were previously independent, expand the opportunities of cybercriminals to plan and execute their attacks.
  • Growing interest of cybercriminals in industrial environments. The decrease in profitability and the increased risks of cyberattacks targeting traditional victims is pushing cyberattackers to seek new targets, including those in industrial organizations.
  • Red team and blue team exercises in industrial environments. These types of exercises, in which cyberattacks will be emulated or simulated, will allow both defensive and attacking teams to be trained. In terms of defence, they will provide knowledge about the guidelines to follow in the event of an incident; and, in terms of offence, it will allow to have a greater knowledge of industrial environments.

Predictions on legal compliance in industrial cybersecurity

Not only is the technical framework liable to change over time, in the legal field there will also be new approaches when it comes to following a guide to good practices with which to meet the requirements of the different standards or regulations that involve the different industries.

The most significant technical predictions that are expected for the near future are the following:

  • Emergence of standards for ICS security. It will be important to see the evolution of new regulations and specific standards for industrial control systems. In this area it is very possible that new specific standards appear regarding the sector and communications. On the other hand, the standards that make it possible to obtain product certifications such as IEC 62443 4-2 will increase.
  • Changes in legal compliance within industrial cybersecurity, which are usually found in the IEC standards and which, in turn, are driven by changes in technology. The current five-year cycle for these standards is extremely slow, but it is difficult to see how it can be improved. The current system ensures that the standard is a consensus document, which has been considered by many people from different backgrounds. In addition, it will be important for this evolution and compliance with regulations to be taken into account both domestically and at the EU level.

Technical and legal predictions in industrial cybersecurity

- Technical and legal predictions in industrial cybersecurity -

Conclusions

The evolution of the devices and the software used in industrial systems has generated a necessary transformation, both at the level of regulations and technical resources, to provide companies with new defensive elements to deal with new types of cyberattacks. To tackle this, it will be imperative to have knowledge of the predictions, both at a technical level and in the legal framework, in addition to future trends and technological advances that will appear in the coming years in the area of the industrial environment.