An often-overlooked aspect of operations technology (OT) cybersecurity is the risk posed by unassuming sensors. These are the devices utilized across many manufacturing operations to monitor process variables such as temperature, humidity, flow, and pressure. In an era where millions of Industrial Internet of Things (IIoT) devices, such as sensors, are being added to industrial networks, the increasing cybersecurity risks of this expanding digital footprint must be accounted for. This blog post is part of a series on the Schneider Electric blog that addresses both internal and external OT cybersecurity-related issues.
While most traditional OT cybersecurity efforts are focused more on critical SCADA systems, PLCs, and other Ethernet-linked devices, sensors are often ignored, even those that are Ethernet-connected. Yet sensors provide the data from which many control-based decisions are made, and thus, also should fall under the critical assets category for representing the process. If a batch of product becomes tainted because hackers maliciously manipulate sensor parameters and allow temperature thresholds in ovens to become too high, the batch of product can be ruined. Or, worse, if the anomaly is not detected, that particular batch of product could become harmful to consumers. This is particularly true for life science industry R&D labs that manufacture drugs, as well as water and wastewater treatment plants.
Within industrial process control-related OT cybersecurity, very few component categories should be deemed “non-critical.” Although each situation is different, the plant management must evaluate the criticality of each component and subcomponent within their control system to the level of criticality of the control function dependent on their data. In other words, the decision on how to prioritize cybersecurity protection will depend on the criticality of the process that the particular device (like a sensor) is supporting, and how important the data being gathered from the device is to the proper operation of that process. A sensor costing less than $100 could easily be as critical as a PLC; component price does not equal level of criticality. If a vital sensor reports inaccurate information, an improper control decision can be made which negatively impacts operations, resulting in the possible production of a tainted product, equipment damage, injury to personnel, or even death.
Current Approaches for Hardening Sensor OT Cybersecurity
Most intrusion detection and prevention systems in place today fail to monitor or decipher unanticipated changes to sensor components. Since traditional monitoring does not address the issue, it is important to ask, “What can my SCADA system or other process tools do to help alert me to unexpected changes in the configuration of these components?”
Each sensor has its own unique configuration and operators must be able to monitor those configurations for changes. The operator or analyst must be able to observe how the sensor data correlates to other intrusion data that might be occurring in the broader system. This more holistic overview provides greater confidence in the quality of overall network intrusion data that is being analyzed.
There are two approaches that can be considered to achieve these more precise cybersecurity objectives:
- Install redundant sensors – By having two different sensors monitoring the same parameter, an operator can look for differences between the two. If the readings of the two sensors exceed the normal preset range of difference, then an alarm is generated. This prevents an unwanted intruder or unauthorized internal staff member from changing the configuration without being noticed. Deciding on which sensors should be redundant depends on how they are perceived to impact the overall risk to the OT system being evaluated. This can be used in conjunction with the method below for better overall coverage.
- Modify the existing SCADA system to include sensor monitoring – An existing SCADA system can be configured to monitor sensors on a regular basis. By checking the configuration parameters on each of the connected temperature or pressure sensors, for example, the system can quickly analyze each device, determine the current configuration parameters, and send out alarms when existing thresholds are breached or when changes are detected. In many cases, having the SCADA automatically check for configuration changes is a more robust and comprehensive system-wide solution.
Vigilance in monitoring sensor behaviors can pay dividends beyond raising the overall level of cybersecurity. Human error in configuring the sensor parameters can be more easily detected, and the sensor monitoring can also reveal an early indication that a particular sensor has failed. In each case, the early detection of anomalies saves money, ensures process consistency, and bolsters product quality and safety.
This post originally appeared on the Schneider Electric blog. It is republished here with the permission of its author.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.