Impact of security trends on test equipment
03 April 2017
As organisations look to shore up their defences against cyber-security threats, special-purpose test systems present unique challenges. A test system that is compromised can have a significant impact on an organisation’s reputation and revenue, so it is reasonable to take steps to reduce that business risk.
The challenge to reducing the business risk, however, is to account for the ways that test systems differ from traditional IT systems.
Trend 1: Applying IT Security to Test Systems
Your phone rings at 2:15 a.m. The subsequent conversation delivers news of an event that requires your urgent attention.
Production line C was halted in the middle of a run because of the failure of two PLCs used in the end-of-line production test system. The manufacturing control centre lost communication with the PLCs and can’t determine whether they are now in a trustworthy state to bring back online. Your manufacturing team are prepared and shift production to an adjacent facility with spare capacity. With hope, this will help to reduce the net production losses.
These failures were the result of a cyber-security incident. Because of the rudimentary software algorithms on the PLC that were developed decades before the security software existed, the nightly security scans overwhelmed the two PLCs with more network packets than they could handle, triggering a failure response.
The Key Issues
The trend of applying IT security practices to test systems makes sense for several reasons, most notably the increased cyber-security incidents that exploit unmonitored network devices.
The second reason is that security practices and technology for general-purpose IT systems are more mature. To protect systems and detect compromise, IT security staff have a range of options from network discovery scanners and intrusion detection technology to desktop antivirus and monitoring agents.
However, this trend does not make sense categorically. Primarily, IT-enabled test systems are less tolerant of even small configuration changes. Users of IT systems can tolerate downtime and may not perceive application performance differences, but special-purpose test systems often cannot tolerate them. Even small changes in performance characteristics because of a security patch or a new security feature can negatively affect test outcomes or even the quality of the collected test data. Similarly, even small amounts of downtime in production test systems can significantly impact an organisation’s revenue.
What You Can Do
The preferred approach for security test equipment involves two key components. First, use data to inform what IT security measures you adopt for your test system and how extensively you apply them. Second, supplement those IT security measures with test-system-specific security features so that you address unique risks.
You can reference the annual Verizon Data Breach Investigations Report (DBIR) as a source of data. By reverse compiling the vendor patch to discover where the vulnerability is in the unpatched software, the hacker then weaponises an exploit to play on that vulnerability.
You can use this data to make more accurate risk decisions about patching your test systems. Firstly, install security patches within seven days of their release. Second, minimise the installed software on your test systems. These steps are important for higher risk test systems such as those used in manufacturing or production.
The second key component involves making use of vendor-specific security features. Given how crucial calibration data, test parameters, and test sequences are to maintaining test quality, you can use technologies such as file integrity monitoring and calibration integrity features that are specifically configured for your test system and its components. Similarly, you can refer to security documentation from your test system vendors to guide your test system purchase, design, and deployment decisions.
Trend 2: Supply Chain Compromise
News of malware that targeted industrial control systems came with a surprise in 2014. This was not the work of hackers remotely penetrating the defences of a particular factory. Instead, the malware had been installed through vendor software that contained a trojan.
The campaign was originally dubbed “Energetic Bear” because it targeted electric power plants and was thought to have originated in Russia. They attacked three different software vendors whose websites had their industrial control system software available for customer download. When the hackers had access to the files on the website, they altered the legitimate vendor software installer by inserting a piece of malware into it and then saved the file in its original location on the website. It was only a matter of time before customers downloaded the trojanised software.
The Key Issues
The Energetic Bear campaign’s website compromise indicates that the integrity of a test system relies on the integrity of its components throughout their life cycle. Every place that the components change hands and every location where the components are stagnant for an extended period of time represents opportunity for compromise.
You must understand the trade-offs between supplier diversity and standardisation in addressing cyber-security risk. Standardisation reduces these sustainability costs but carries greater risk of a system-wide compromise.
What You Can Do
Standardisation has so many cost benefits that it is difficult to justify supplier diversity except in high-risk scenarios. The most feasible approach involves supplier standardisation where an evaluation of the supplier’s supply-chain security is a significant part of the decision criteria.
The most important thing you can do to address supply-chain security is talk with your suppliers. Your insights into any weaknesses in their processes can help to reduce your risk of supply-chain compromise and help your suppliers shore up their security.
Ensure that the dialog with your suppliers includes ways to detect when compromise has occurred. Make sure there are sufficient checks in the system and there are clear instructions about how to respond. Like the hard drive firmware compromise, an inquiry into the supplier’s firmware update design would reveal a protection gap with no way to verify the integrity of the installed firmware.
Trend 3: Growing Attention to the Insider Threat
The Edward Snowden leak of volumes of classified surveillance data from the National Security Agency is the most likely cause of increased attention to the insider threat. His actions have resulted in an estimated $22 to $35 billion in economic losses to the US technology industry because of the resulting distrust in US technology.
The Key Issues
The key issues in this area are multifaceted and are still a significant research topic. The issues include attentiveness to anyone who has access to critical test systems, regardless of their status as employees or contractors. They involve a clear identification of the most critical aspects of the business and the people who have a role in those aspects of the business and how authority is distributed among them. Solutions typically involve a significant degree of behavioural monitoring, which can negatively affect the interpersonal trust needed for operational efficiency.
Insider threats are low probability but high-impact events. Out of over 64,000 cyber-security incidents in 2015, only 172 involved a misuse of privilege by an insider.
What You Can Do
Except for high-criticality systems, addressing the insider threat is best done after you have tackled the basics described in the previous trends.
For high-criticality systems, address the insider threat as early in the design process as possible. After you have identified the most sensitive or mission-critical aspects of the system, design a privilege management solution that separates the duties into at least two roles.
Where to Go From Here
Realistically, perfect security is unachievable because every solution can theoretically be compromised given enough resources and time. Instead of either extreme, start by prioritising issues based on realistic scenarios and address the most import issues first.
Build a consensus among the people involved, addressing security threats is important to everyone. Next, allocate time and money specifically for cyber-security projects, training, and technology. After a realistic assessment of how cyber-security threats can impact your operations, allocate a proportional amount of your resources to address those needs.
Contact Details and Archive...