It seems every week stories of major companies getting hacked make the news. Systems are held for ransom, production stops, and in some cases it’s a disaster to the bottom line.
A leader in petroleum refining and renewable fuels needed system enhancements. To protect this essential industry, the company embarked on a project to upgrade security systems at all their ethanol plants. To meet the established corporate standards developed on a Honeywell platform in their petroleum refineries, they needed a control systems partner that had cross-platform experience and could customize a system architecture that provided hybrid security for the ethanol plant running on Siemens PCS 7 platform.
“Their standards were well defined in the petroleum plants using the Honeywell platform. Developing an equal Siemens PCS 7 industrial hardening architecture would be a challenge” said Paul Bolwerk, Process IT Engineer at Trident Automation. “Siemens didn’t have a plan that met the security level the company was looking for, so we created policies and a hardware hardening architecture that met their standards.” One example was they required that process controllers were isolated with a firewall, but the default Siemens architecture didn’t have firewalls between PCs and the operating system.
Trident engineers divided the effort into two sections: system hardening for the PCs in the plant and the control system. The mission was to secure all computers inside the organization and any third-party systems outside of the organization that interfaced with the control system.
“One of the company’s rules was traffic was not allowed to go across multiple levels,” said Alex Schuh, Controls Engineer II at Trident Automation. “We had to restrict the inherent openness of the system as much as possible and still allow it to function. Any features that aren’t used regularly were just possible ways that a hacker could exploit the system.”
Over the course of several months, the Trident team identified the potential flaws in the system and created and tested the system multiple times to arrive at the sweet spot of functionality and security.
“The system as a whole has been reliable,” Schuh said, “It’s important that the plant is secure, but operators have the same level of functionality to do their jobs.”
System hardening (or cyber security hardening) is a process to uncover and secure vulnerabilities in your system. If you are already changing passwords frequently, you are doing one the basics of system hardening, but ICS dictates a more sophisticated approach. Some examples of system vulnerabilities that Trident engineers have encountered are:
- Not having enough group policies to secure the DCS network while ensuring it could do its job,
- Having too many ports open on your internet connection which leaves “back doors” open for attack,
- Allowing USB drives to plug into any computer in your system without proper anti-virus,
- Connecting your work devices to wireless networks,
- Using outdated software without the latest security patches,
- Poorly managed firewalls with very little group policy management.
Trident works with customers to establish firewalls, install security patches, and even establish security management policies and procedures for organizations. Trident system engineers offer a free cyber security assessment review for businesses, and then produce a cyber security plan to eliminate potential threats. To schedule your review, please contact Trident Automation at [email protected].