Sign In
Information about science based innovations, solid facts to support decision-making, performance and business development for VTT’s partners, customers and anyone interested in high technology and its applications.
A magazine on science, technology and business

Industrial cyber security improves through cooperation

Text: Pasi Ahonen | 14.12.2017

Sharing experiences learned the hard way is a prerequisite for the future continuity of industrial players. Through the KYBER-TEO programme, VTT and players in the sector have developed and tested services, usable by industry, to ensure cyber security and continuity.

Cyber threats and advanced attacks directed at automation systems have increased exponentially. Cyber criminals have closed communities and technologies that can be used to develop new technical and communal means of earning money illegally via data networks – an example is the Tor network, which enables anonymous use of the Internet.

Due to the rising cyber threat, industrial companies and officials must continually familiarise themselves with new, secretly developed cyberspace tools and develop their expertise to identify and prevent new forms of cyber crime. As cyber security requirements tighten, system administrators must continually adopt better protection and bug fixes.

The KYBER-TEO project, which was led by VTT, enables industrial firms to acquire cybersafe automation systems more easily and develop their own concepts, guidelines and practices to ensure operational continuity. The practices and solution models developed and tested through the VTT Impulse 27 project will benefit parties such as industrial players that need reliable industrial automation, as well as system vendors, software vendors and service providers.

Architectures and technologies are becoming more complex

The cyber security of each architecture and concept included in an automation system must be analysed at a sufficient level. Issues requiring analysis include the following:

  • physical and logical data network architecture, telecommunication architecture
  • automation system architecture
  • intelligent device implementation architecture
  • automation software and application architecture
  • management or maintenance architecture
  • information security architecture
  • monitoring architecture

 

As threats grow, telecommunications, security zones between data and computing, and safe implementation and monitoring of subnets and virtual environments in the production environment must all be strengthened. Ensuring cyber security requires actions such as the secure implementation and maintenance of gateway devices and software and wireless networks (e.g. building automation applications), and monitoring to ensure the right behaviour.

The best solutions are based on the involvement of industrial sectors, cooperation between businesses and the broader use of expertise in general.

A cyber security testing environment – the VTT Cyber Security War Room

In 2010, we noticed that global industry players were becoming interested in automation security vulnerabilities and the testing of systems. Finnish end customers too began to ask automation system vendors about documentation on well-managed information security, such as

  • cyber security test reports,
  • certificates or
  • other evidence that the appropriate cyber security had been ensured.

 

The main goal of cyber security testing is to make delivered automation systems and their support systems sufficiently cyber safe during the development phase. This requires cooperation between system vendors and testers, and the determination and development of matters such as the following:

Functionality: The most detailed understanding possible of the correct functioning of the test object, including automation functions.

Coverage of testing: Determining realistic test coverage and dividing testing into different types of periods, so that the most critical functions can be tested.

Quality of testing: Determining the most efficient test tools and methods applicable to the test object, and competence development.

Depth of testing: Using applicable test methods and tools to drill down into the particular problems affecting the test object.

Impact of platforms and integrations: Understanding the different applications and environments in which the test subject will be installed. This may provide indications of hidden, critical interfaces and functionality.

Sample progress of technical testing

The aim of cyber security testing is that the customer's own product development function can test for the most typical vulnerabilities. This requires moving onto the next phase, where cyber security testing is automated and deployed as part of the developer company's product development process.

1) Design: Begin by jointly defining the targets and use cases to be tested and, in particular, the content of the testing: what methods and tools will be used and how extensive will the testing be.

2) Testing: The cyber security testers perform testing to the best of their abilities and enter the results in a test report. The best result is often obtained based on several testers and the opportunity to consult the customer on issues such as the correct behaviour of the test target during testing.

3) Patches: The customer patches its product or has it patched, in accordance with the findings in the test report. A patched product should be retested after this, to ensure that all faults have been eliminated and the patches did not contain new vulnerabilities.

Confidential external assistance is often needed when an automation vendor develops cyber security testing for a company's automation systems.

A test report is a key element of confidential communication between cyber-security testers, developers or the customer.

Monitoring the cyber security of production

Production unit data networks must be monitored for many reasons. In typical cases, production must investigate and manage the following issues:

Production status: Does production work precisely as planned, or have deviations occurred?

Network faults: Problems concerning the normal operation of networks and the causes of faults must be identified in (almost) real time.

Asset management: Regular and cost-efficient inventories must be performed on the state of devices connected to the networks (the objects to be secured).

Capacity management: Network overload must be pre-emptively prevented through continuous monitoring.

Situational picture of cyber safety: Any cyber security breaches and data leaks in the networks must be identifiable.

Nowadays, strong use should be made of the status monitoring of production, network, assets and capacity when targeting the technical monitoring of the cyber security situation.

Monitoring networks in a production unit

Cyber security controls and monitoring of the status of cyber security should be tailored for, and integrated with, the production unit from the design phase onwards. This will avoid the need to add expensive cyber security solutions afterwards, which require changes to the architecture. Successful threat monitoring is seldom achievable through the services of a single automation system vendor, since the environment is almost always a multi-vendor one, which creates its own challenges.

The customer must also understand the production unit's cyber security requirements and their development across the lifecycle, so that issues such as system updates and monitoring can be properly executed in cooperation with the various parties involved.

Alongside experts, you must explore issues such as what you should log – e.g. system logins, software start-up attempts, system process changes, and changes to data connections. Good principles include the following:

  • Logs must be strongly protected so that no one can change them.
  • It must be ensured that log entries cannot fill up the memory, jamming the machine.
  • In the case of complex log entries, a professional log analysis should be ordered regularly if internal competencies do not suffice.

 

In industrial automation in particular, it may be advisable to follow instructions that force simplicity and a clear division of tasks: do not add separate information security software to an actuator – use the device's own security, storage and logging procedures. If separate information security systems are nevertheless added, their management and use must be separated from other equipment, because they will introduce new vulnerabilities and attack vectors.

Changes in trends could enable the more precise cyber security monitoring of suspicious objects. Trend monitoring should also be integrated with broader operational monitoring, in which anomalous activity stands out from normal activity by exceeding the thresholds for "normal." Detailed trends can easily be monitored, including graphically, using customisable indicators based on commercial and open source code.

Hands-on exercises in cyber security

By cyber training, we mean wellorganised workshops in which the participants' cyber security awareness and competencies are improved through lectures and practical exercises. These workshops include the basics on a chosen theme, followed by a demonstration or the participants trying out hands-on exercises related to the theme for themselves.

The exercises should be in accordance with the customer's needs. If the customer needs exercises on its own production system (target environment), a customised cyber exercise must be developed. In such a case, the cyber security specialists will pre-analyse the vulnerabilities or other serious problems detected in the demo environment of the client's automation system. Ultimately, in customised cyber exercises, developers and administrators can be encouraged to try out testing tools, cyber attack identification and the applicable protection methods that are just right for them.

Basic concept of the cyber training workshop

The basic concept of the cyber training workshop must be simple and understandable, so that all participants understand what is being done and why. Cyber training encourages and, for example, supports participants in developing their own cyber security skills. In the workshops, they can:

  • Learn about the perspectives of the attacker, the detector and the defender.
  • Operate in different network areas, depending on the phase of the attack
  • Use different tools to visualise incidents.

 

 

Pasi Ahonen graduated in 1994, as a Licentiate in Industrial Physics, from the Department of Physics of the University of Helsinki. His studies focused on measurement systems for external environmental conditions, particularly the development of ultrasonic sensors for the energy sector and air traffic. He is currently working as a Principal Scientist in VTT’s Cyber security team, and is in charge of developing the cyber security of industry

 

 

VTT Impulsehttps://www.vttresearch.com/ImpulseVTT Impulse
A birthday gift from us to ourselveshttps://www.vttresearch.com/Impulse/Pages/A-birthday-gift-from-us-to-ourselves.aspxA birthday gift from us to ourselves
A man driven by optimism and curiosityhttps://www.vttresearch.com/Impulse/Pages/A-man-driven-by-optimism-and-curiosity.aspxA man driven by optimism and curiosity
An export product tougher than nailshttps://www.vttresearch.com/Impulse/Pages/An-export-product-tougher-than-nails.aspxAn export product tougher than nails
Matti Apunen: At the core of the solutionhttps://www.vttresearch.com/Impulse/Pages/At-the-core-of-the-solution.aspxMatti Apunen: At the core of the solution
Before information gets lost in numbershttps://www.vttresearch.com/Impulse/Pages/Before-information-gets-lost-in-numbers.aspxBefore information gets lost in numbers
Brazil paves the way for bioenergyhttps://www.vttresearch.com/Impulse/Pages/Brazil-paves-the-way-for-bioenergy.aspxBrazil paves the way for bioenergy
Business for transportationhttps://www.vttresearch.com/Impulse/Pages/Business-for-transportation.aspxBusiness for transportation
Cell screening leads to new cancer treatmentshttps://www.vttresearch.com/Impulse/Pages/Cell-screening-leads-to-new-cancer-treatments.aspxCell screening leads to new cancer treatments
Converting rags to design clotheshttps://www.vttresearch.com/Impulse/Pages/Converting-rags-to-design-clothes.aspxConverting rags to design clothes
Designers needed in printed technologyhttps://www.vttresearch.com/Impulse/Pages/Designers-needed-in-printed-technology.aspxDesigners needed in printed technology
Developers of the futurehttps://www.vttresearch.com/Impulse/Pages/Developers-of-the-future.aspxDevelopers of the future
Energy solutions and the 2050 goalshttps://www.vttresearch.com/Impulse/Pages/Energy-solutions-and-the-2050-goals.aspxEnergy solutions and the 2050 goals
How to become a leading country in flexible energy production systemshttps://www.vttresearch.com/Impulse/Pages/How-to-become-a-leading-country-in-flexible-energy-production-systems.aspxHow to become a leading country in flexible energy production systems
Same old routine for the next 100 yearshttps://www.vttresearch.com/Impulse/Pages/Same-old-routine-for-the-next-100-years.aspxSame old routine for the next 100 years
Let's make bioeconomy a realityhttps://www.vttresearch.com/Impulse/Pages/Lets-make-bioeconomy-a-reality.aspxLet's make bioeconomy a reality
Open-source infrastructure in product development for the electromechanical industryhttps://www.vttresearch.com/Impulse/Pages/Open-source-infrastructure-in-product-development-for-the-electromechanical-industry.aspxOpen-source infrastructure in product development for the electromechanical industry
Jaakko Eskola: ”The ability to reinvent yourself is vital to success.”https://www.vttresearch.com/Impulse/Pages/”The-ability-to-reinvent-yourself-is-vital-to-success”.aspxJaakko Eskola: ”The ability to reinvent yourself is vital to success.”
Intelligent transport – a trump card for Finnish exportshttps://www.vttresearch.com/Impulse/Pages/Intelligent-transport-a-trump-card-for-Finnish-exports.aspxIntelligent transport – a trump card for Finnish exports
It is the duty of entrepreneurs to seek growthhttps://www.vttresearch.com/Impulse/Pages/It-is-the-duty-of-entrepreneurs-to-seek-growth.aspxIt is the duty of entrepreneurs to seek growth
Impulse 1/2018https://www.vttresearch.com/Impulse/Pages/Impulse-1-2018.aspxImpulse 1/2018
More than siliconhttps://www.vttresearch.com/Impulse/Pages/More-than-just-Silicon.aspxMore than silicon
Novel Cellulose products and applicationshttps://www.vttresearch.com/Impulse/Pages/Novel-Cellulose-products-and-applications.aspxNovel Cellulose products and applications
Ambassadors of service-mindednesshttps://www.vttresearch.com/Impulse/Pages/Ambassadors-of-service-mindedness.aspxAmbassadors of service-mindedness
Controlling friction and greenhouse emissions by digitalising materialshttps://www.vttresearch.com/Impulse/Pages/Controlling-friction-and-greenhouse-emissions-by-digitalising-materials.aspxControlling friction and greenhouse emissions by digitalising materials
Quantum standards for the new SI systemhttps://www.vttresearch.com/Impulse/Pages/Quantum-standards-for-the-new-SI-system.aspxQuantum standards for the new SI system
Brought to you by Paptic: Wood fibre challenges plastic in carrier bagshttps://www.vttresearch.com/Impulse/Pages/Brought-to-you-by-Paptic-Wood-fibre-challenges-plastic-in-carrier-bags.aspxBrought to you by Paptic: Wood fibre challenges plastic in carrier bags
Transport gets smarthttps://www.vttresearch.com/Impulse/Pages/Transport-gets-smart.aspxTransport gets smart
At the digital forefront of mininghttps://www.vttresearch.com/Impulse/Pages/At-the-digital-forefront-of-mining.aspxAt the digital forefront of mining
The energy sector is jointly preparing for cyber threatshttps://www.vttresearch.com/Impulse/Pages/The-energy-sector-is-jointly-preparing-for-cyber-threats.aspxThe energy sector is jointly preparing for cyber threats
Gerontechnology providing everyday assistance and safetyhttps://www.vttresearch.com/Impulse/Pages/Gerontechnology-providing-everyday-assistance-and-safety.aspxGerontechnology providing everyday assistance and safety
Swift and agile in business and in the foresthttps://www.vttresearch.com/Impulse/Pages/Swift-and-agile-in-business-and-in-the-forest.aspxSwift and agile in business and in the forest
Passion spurs researchhttps://www.vttresearch.com/Impulse/Pages/passion-spurs-research.aspxPassion spurs research
Cleaner city traffic with wood-based dieselhttps://www.vttresearch.com/Impulse/Pages/Cleaner-city-traffic-with-wood-based-diesel.aspxCleaner city traffic with wood-based diesel
Multifunctional polysaccharides open up new opportunities for the food processing industryhttps://www.vttresearch.com/Impulse/Pages/Multifunctional-polysaccharides-open-up-new-opportunities-for-the-food-processing-industry.aspxMultifunctional polysaccharides open up new opportunities for the food processing industry
Pekka Soini’s Business Finland is an "internationalisation channel" for companieshttps://www.vttresearch.com/Impulse/Pages/Pekka-Soini’s-Business-Finland-is-an-internationalisation-channel-for-companies.aspxPekka Soini’s Business Finland is an "internationalisation channel" for companies
Minima Processor LTD – World record in energy efficiency accelerates development of IoThttps://www.vttresearch.com/Impulse/Pages/Minima-Processor-LTD-World-record-in-energy-efficiency-accelerates-development-of-IoT.aspxMinima Processor LTD – World record in energy efficiency accelerates development of IoT
Leca – filtering a cleaner futurehttps://www.vttresearch.com/Impulse/Pages/Leca-filtering-a-cleaner-future.aspxLeca – filtering a cleaner future
Impulse 2/2016https://www.vttresearch.com/Impulse/Pages/Impulse-2-2016.aspxImpulse 2/2016
Impulse 1/2014https://www.vttresearch.com/Impulse/Pages/Impulse-1-2014.aspxImpulse 1/2014
Can a phone help you achieve peace of mind?https://www.vttresearch.com/Impulse/Pages/Can-a-phone-help-you-achieve-peace-of-mind.aspxCan a phone help you achieve peace of mind?
Jari Gustafsson: Old and new workhorses as recession beatershttps://www.vttresearch.com/Impulse/Pages/Old-and-new-workhorses-as-recession-beaters.aspxJari Gustafsson: Old and new workhorses as recession beaters
We cannot afford not to have robotshttps://www.vttresearch.com/Impulse/Pages/We-cannot-afford-not-to-have-robots.aspxWe cannot afford not to have robots
Robotics – technology with multi-faceted potentialhttps://www.vttresearch.com/Impulse/Pages/Robotics-technology-with-multi-faceted-potential.aspxRobotics – technology with multi-faceted potential
Why do so many women feel chilly indoorshttps://www.vttresearch.com/Impulse/Pages/Why-do-so-many-women-feel-chilly-indoors.aspxWhy do so many women feel chilly indoors
Impulse 2/2015https://www.vttresearch.com/Impulse/Pages/Impulse-2-2015.aspxImpulse 2/2015
Industrial 3D printing takes offhttps://www.vttresearch.com/Impulse/Pages/Industrial-3D-printing-takes-off.aspxIndustrial 3D printing takes off
Impulse 1/2015https://www.vttresearch.com/Impulse/Pages/Impulse-1-2015.aspxImpulse 1/2015
The story of Finlandhttps://www.vttresearch.com/Impulse/Pages/The-story-of-Finland.aspxThe story of Finland
Three-dimensional virtual reality and augmented reality – Towards new worldshttps://www.vttresearch.com/Impulse/Pages/Three-dimensional-virtual-reality-and-augmented-reality-Towards-new-worlds.aspxThree-dimensional virtual reality and augmented reality – Towards new worlds

CONTACT US

P.O. Box 1000, FI-02044 VTT, Finland
Tel. exchange +358 20 722 111
Opening hours Mon - Fri 8:00 - 16:30,
UTC +3 time zone

CUSTOMER SERVICE

info@vtt.fi
Tel. +358 20 722 7070
Opening hours Mon - Fri 9:00 - 11:00 and 12:00 - 15:00,
UTC +3 time zone