Variable Frequency Drives, or VFDs, are a silver bullet for industrial energy conservation. They reduce the energy required to run motor systems by precisely controlling their speed. Depending on load characteristics, a motor running at half speed may require as little as 1/8 of the power it would require at full speed.

Although VFDs have been available for 25 years, they are more compelling than ever thanks to the push for cost and energy savings. Today I am going to explain a little bit about VFD technology and in particular look at why choosing the right VFD cable is important to the long-term success of the installation.

VFD Control of Motors 101

A simple representation of a VFD system

Above is a diagram of a VFD and motor system, which includes 3 key parts:
• The VFD itself with an operator interface
• The cable that connects the VFD to the motor
• The electric motor that is controlled by the VFD

The magic of the VFD is that it is able to control the rotational speed of the AC motor by controlling the electrical power supplied to the motor. Older motor controls weren’t precise enough to support variable speeds but today’s VFDs can very precisely and almost instantaneously alter the speed of a motor whenever its load or process demands change.

Besides energy savings, there are a number of other benefits of using the precision control provided by VFDs to run motors. These include:
• Improved process control
• Reduced manufacturing waste
• Longer useful life of motors
• Reduced maintenance of motors and mechanical components due to less wear and tear on them
• Higher reliability

Everything about VFDs sounds great, however, there are “side effects” from using them that need mitigation—and this is where selecting right cable comes in.

VFDs Generate Electrical Noise that Can Disrupt Nearby Equipment

The single most significant problem with VFDs is that they generate disruptive electrical noise in the environment around them that can create other problems in the manufacturing process. This noise radiates out to other devices such as electronic equipment, commercial-grade Ethernet systems and even simple instrumentation wire, decreasing their performance.

For example, one manufacturer spent a lot of effort trying to determine why a piece of equipment was not operating properly. When the cable attached to a VFD on the floor below the troublesome device was replaced with high-performing VFD cable, the problem went away. In other cases solid state safety relays have triggered emergency shut downs because of disruption from the noise of construction-grade cable between VFDs and motors.

Particularly if your facility includes noise-sensitive equipment or if you have long cable runs, you want to make sure that you install high-performing VFD cable.

VFD Cable Considerations

There are 6 important considerations when selecting the appropriate cable for a VFD system.

1. Ample Grounding Configuration and Termination
An improperly grounded VFD cable creates noise-related issues within the system and improperly terminated cables can release captured noise current. The more copper there is at ground potential, the more effective the cable will be.

2. Proper Shielding to Contain Noise
To avoid noise problems, VFD cable needs to be effectively shielded. Our research suggests that shielding systems that include dual copper tape or combination foil/braid types are the most appropriate for VFD applications. With such shields the cable returns excess noise to the drive, keeping the motor and nearby equipment running properly.

3. Sturdy Insulation for Superior Electrical Performance
Cross-linked polyethylene (XLPE) insulation far surpasses PVC/nylon as an insulator for VFD cables because it can withstand voltages as much as 3x higher. This allows for longer cable runs, protects the motor and increases the efficiency of power transfer from the motor to the drive.

4. Appropriate Stranding
VFD cables with tinned copper strands rather than just copper strands provide good corrosion resistance and thermal stability. Tinned cooper connections are much less likely to oxidize and degrade at hot spots.

In addition, a high strand count enhances cable flexibility and significantly reduces harmful noise.

5. Industrial Hardening
VDF cables need to be reliable and rugged enough to handle the harsh industrial environments in which they are placed. It is important to choose industrial-grade cabling that can withstand humidity, grit, sunlight, oil and other conditions that can break down less-robust materials.

6. Use Manufacturer Recommended Cable
It almost goes without saying it’s best to use VFD cable that is recommended by the manufacturer of the VFD.

Construction-Grade Cable versus High-Performance VFD Cable

A challenge in purchasing VFD cables is that there are no standards for them. Thus it can be difficult to differentiate between minimum construction-grade cable sold as VFD cable and high-performing VFD cable that protects motors and ensures the maximum benefits from using a VFD system.

Below is a quick guide to help you differentiate between the two.

Selecting the Right High-Performing VFD Cable for Your Application

The above guidelines will help you weed out construction-grade cable from your consideration. The final step is to carefully match your application and VFD drive to the range of high-performing cables provided by a vendor such as Belden. To help you do that, consult the white paper and guides available at the end of this article.

It’s not often that you learn about a straight forward way to significantly reduce energy consumption and save money with existing technology. That’s the great news about VFD systems.

Once you decide to implement VFD for motor control, don’t risk losing production time, damaging machines or causing a system failure by using the wrong cable. High-performing VFD cable ensures motor uptime and reliability, protects sensitive instrumentation adjacent to control systems and allows for long cable runs. In addition, it maximizes your investment in VFD.

How have VFDs helped you reduce costs? Have you had any noise problems after commissioning them? Let me know your thoughts and feedback.

Related Content to Download

White Paper: Choosing the Right Cable for Your Variable Frequency Drive (VFD) System

Related Links

• Webpage: VFD Cable
• Document: Unarmored Variable Frequency Drive (VFD) Cable Termination Guide
• Blog: VFD Cable Line Extension with MCM VFD to Support Large Horsepower Motors
• Designnews.com blog: Engineering Directives Not Followed… Again

Our last blog, contributed by Thomas Nuth, highlighted the fact that industrial cyber security is now being discussed by heads of state within the international community – the Executive Order – Improving Critical Infrastructure Cybersecuritysigned by President Obama in February of this year being just one indication of the importance being attached to this issue. 

Let’s continue the discussion… 

Why the Threat Level to SCADA and Industrial Control Networks is Increasing 

In the past, the main reason for securing a SCADA/ICS network was to protect against inadvertent network incidents or attacks from insiders. The risk of an external malicious cyber-attack was considered minimal. 

And then we witnessed the rise of global terrorism in the new millennium – and the disclosure of Stuxnet. In 2010, Stuxnet was successfully introduced into an apparently ‘air-gapped’ facility with the intent to destroy an industrial process. As I discussed in my blogs on Stuxnet, the worm used multiple methods to infiltrate the target site, the most famous of which was the use of a USB key. Its discovery had multiple effects: 

1. The ‘bad guys’ switched their attention to industrial systems.

Stuxnet’s fame drew attention to the existence of industrial systems and devices. It also made it clear how insecure they really were. In 2011 more industrial control system (ICS) vulnerabilities were made public (many with exploit codes available on the internet), than in the entire previous decade. In 2012 there were even more vulnerabilities. 2013 shows every sign of breaking records again.

 2. New advanced persistent threats targeting industry began to emerge.

Stuxnet wasn’t the first advanced persistent threat (APT), but it was the first to focus on industry. As well, it was so well dissected by security experts that it became an “APTs for Dummies” cookbook on how to write attacks that target industrial companies.

 Most recent APTs have focused on industrial espionage to steal business information from the energy industry, but others like Shamoon (which was not all that ’advanced’ or ‘persistent’) have been successful at destroying large computer systems. Expect to see lots more APTs being discovered in the next few years. And if we don’t see more, it is likely due to the fact that we haven’t found them yet, not that they don’t exist. After all, industrial-focused APTs are clearly effective for their creators, so why would they stop creating them now? 

 3. Low-grade cyber “warfare” goes mainstream.

Stuxnet has been widely attributed to a joint U.S./Israeli project to destroy Iran’s uranium enrichment program. Its existence has given tacit approval to other nations and political groups to use cyber-attacks as a form of undeclared warfare. Most recently, we have seen large scale attacks on South Korea that have been attributed to North Korea.

 My advice? If you have critical industrial facilities in any politically sensitive region (such as the U.S., the Middle East or the Far East), now is the time to renew your cyber security efforts.

Stuxnet’s design provided a ‘toolkit’ for other sophisticated malware. Image Credit: Black Box Network Services Canada

SCADA and Industrial Control Networks Get Connected

While the threat has increased significantly, the opportunity to connect to a SCADA or ICS system has too. In the good old days, industrial networks ran on proprietary networks, used proprietary equipment, and were isolated from business networks and the internet. This was the era of both ‘security by obscurity’ and ‘security by air gap’ (if you are a regular reader of my blog, you’ll know my views on the air gap theory!).

But over the last decade, things have changed. Industrial networks have migrated from proprietary systems to commercial off-the-shelf technology like Ethernet, TCP/IP and Windows. What’s more, today’s industrial systems require a constant stream of updates from the outside world. There’s no denying it – the industrial floor is no longer isolated.

It’s also true that devices such as programmable logic controllers (PLCs) and distributed control systems (DCS) were designed with a focus on reliability and safety, rather than security. This makes many of them, particularly older units, easy to exploit. And the protocols that SCADA and ICS use to communicate are no different – designed to be reliable and easy to troubleshoot, most protocols lack even the most basic security features like authentication. As the Tofino test team likes to say, “If you can ping it, you can own it”. 

The Perfect Storm for the Attacker

Today it is clearly a game with the advantage going to the attacker – millions of decades-old systems that were never designed to be secure, increasing connectivity of SCADA and ICS, and a growing library of free tools and techniques to attack SCADA and ICS. 

Can our critical infrastructure weather the storm? Image Credit: Archival Photography by Steve Nicklas, NOS, NGS [Public domain], via Wikimedia Commons

It’s evident then that there’s no simple solution to securing our critical infrastructure. The process is going to take a lot of time and effort – and very careful planning. But regardless of the pain points involved, investing in industrial network security is not only responsible, it’s necessary for any mission critical application.

If our heads of state are taking this issue seriously then so should industry.

I’d love to hear your views on this topic. Do you think we are taking the subject of industrial cyber security seriously enough? Have we made any progress?

Related Content to Download

 ”SCADA and CIP Security in a Post-Stuxnet World”

Related Links

•    Automation.com, Webpage: Cyber Attacks on Industrial Systems Increasing Rapidly
•    National Vulnerability Database (NVD), Webpage: Database search page
•    Blog: SCADA Security Basics: Why are PLCS so Insecure?
•    Blog: Securing SCADA systems from APTs Like Flame and Stuxnet – Part 1

•    Blog: Securing SCADA systems from APTs Like Flame and Stuxnet – Part 2
•    Blog: Cyber Attacks on U.S. Critical Infrastructure will Intensify
•    Blog: SCADA Security Basics: Why Industrial Networks are Different than IT Networks
•    Blog: SCADA Cyber Security: An International Issue

© Tofino Security 2013 | All Rights Reserved | Tofino Security is part of Hirschmann, a Belden Brand

The Offshore Technology Conference (OTC) is on in full force right now and Belden’s booth (7236) has been busy. Liaising with our booth staff I have heard that safety and security are hot topics with attendees this year. Well here is a topic they should know about, that is, why offshore networks need SCADA security with Deep Packet Inspection (DPI).

Let me give you some context. The critical systems managing production and safety on offshore platforms are largely based on legacy SCADA and Industrial Control System (ICS) products and protocols. Many of these products are decades old and were never designed with security in mind. Yet nowadays they are connected to other systems using Ethernet and TCP/IP. That has been great for efficiency but it exposes mission critical production systems to malware.

Given the 20 year life cycle common for industrial systems, it will be many years before more secure SCADA and ICS devices and protocols are in widespread use. This leaves thousands of legacy platform control systems open to attack from even the most inexperienced hacker, who can then disable or destroy most industrial controllers. Securing these systems requires using advanced technology that compensates for their limitations.

The Problem: SCADA / ICS Protocols have no Granularity

The difficulty with legacy SCADA / ICS protocols is that they have no granularity. A data read message looks EXACTLY like a firmware update message.

Thus if you allow data read messages, from an HMI to a PLC, to pass through a traditional firewall you are also allowing programming messages to pass through. This is a serious security issue.

You are faced with an impossible choice – keep the messages flowing that make the system run but expose it to malware, or block everything out. Since shutting systems down is not an option, accepting high risk has been the course taken by many. In a post-Macondo (Deepwater Horizon) world, this is not acceptable.

So what can an engineer do about this? Well, fortunately there is a solution.

The Solution: Deep Packet Inspection

The solution is a firewall that can dig deep into industrial protocols to understand what a message is being used for. This is beyond the capability of IT firewalls and is called Deep Packet Inspection.

Here’s how it works; after traditional firewall rules are applied, the DPI firewall inspects the content of messages and applies more detailed rules. For example, it determines if a Modbus message is a read or a write message and then drops all write messages.

In addition, good DPI firewalls can also “sanity check” traffic for strangely formatted messages or unusual behaviours (such as 10,000 reply messages in response to a single request message). These sorts of abnormal messages can indicate traffic created by a hacker trying to crash a PLC and need to be blocked.

An example of a Modbus DPI firewall is the EAGLE Tofino Modbus TCP Enforcer, a product that uses patented technology from our Tofino Security brand for DPI. A White Paper explaining DPI in detail, and providing a case study of its use, is available for download at the end of this article.

Why DPI is Needed Now

According to our cyber security expert, Eric Byres, five years ago he would have said that DPI is just a nice-to-have capability. Now, however, today’s generation of worms make it a must-have technology if you want a secure ICS or SCADA system.

The reason is that this today’s malware designers know that firewalls and intrusion detection systems will spot the use of an unusual protocol instantly. They know that if the protocols on a network are normally HTTP (i.e. web browsing), Modbus and MS-SQL (i.e. database queries) then the sudden appearance of a new protocol will put the smart system administrator on his or her guard.
 
Thus worm designers work to stay under the radar by hiding their network traffic inside protocols that are already common on the network they are attacking. For example, many worms now hide their outbound communications in what appear to be normal HTTP messages.

Even if you suspected something was wrong, you would be stuck if all you had was a normal firewall. The simple blocking of all Modbus traffic would impact production. Without tools to inspect the contents of messages and block suspicious traffic (i.e. deep packet inspection), your hands would be tied.

DPI technology is a very powerful tool in the security tool box. It allows the engineer to block the bad stuff, yet avoid needless impact on the control system. Without it, the designers of modern worms clearly have the upper hand.

Safe, Secure, Reliable Offshore Networks

Last week I discussed how our cyber security products work hand-in-hand with our zero failover switches to provide high availability networks. For those of you attending OTC I encourage you to visit Belden at booth 7236 and see for yourself how our cable, connectors, switches and cyber security products work together to provide safe, secure, reliable offshore production.

In order to stay ahead of the bad guys, DPI has become a must-have in industrial firewalls. How is this affecting your ICS security plans?

Related Content to Download

White Paper : “Understanding Deep Packet Inspection for SCADA Security of Offshore Production Facilities”

Related Links

• Blog: Safety, Security, & Reliability are Key for Offshore Operations
• Tofino Security Webpage: Tofino Modbus TCP Enforcer LSM
• Tofino Security blog: SCADA Security and Fault Tolerance – A Beautiful Pairing!
• Webpage: RSP Series Managed Switches
• Blog: Hirschmann RSP Switches Win 2013 Engineers’ Choice Award: Spotlight On Innovation

Keeping operations running at target production rates is the goal of many of our customers. The cost of downtime is particularly expensive if you are operating an offshore oil and gas rig. Next week the energy professionals who do that remarkable work are gathering in Houston for the Offshore Technology Conference (OTC).

This is a mammoth event that attracts over 60,000 visitors and fills up virtually all of the hotels in town. Belden is participating at the event, at Booth 7236, and today I am going to look at some of the offerings we are presenting at the show.

Belden and Offshore Drilling Have a Long History

Belden has been in business more than 100 years and was fortunate enough to participate in equipping the first oil rigs to drill in the Gulf of Mexico in the 1930s and 1940s. Since then the company has become the primary supplier of data and control communication solutions for offshore applications.

From:
• cables that are ruggedized and armored, or have low smoke, zero halogen jackets
• to connectors that are sealed and oil resistant
• to hardened switches for IP video surveillance
• to rugged redundant networking switches with zero failover time
• to state-of-the-art cyber security technology

we provide offshore operators with technologies that deliver the network safety, reliability and security required for continuous production. Today I am going to take a closer look at two of these technologies, zero failover switches and cyber security for control networks.

Secure, Zero Failover Hirschmann Switches

For maximum network availability in the toughest of environments we provide redundant networking switches (Hirschmann RSP switches). When used as part of a redundant network design, they provide two very important capabilities:

1. If a media or device fails, communication continues uninterrupted on a redundant link.
2. They stand up to the harshest environments, for example, temperatures of up to 70°C. Indeed the sturdy compact steel housings of the switches make them very hard to damage.

These switches support a number of recent IEC redundancy and other protocols which make them quite advanced and ensures they will support future networking technologies. They are also high performing compared to today’s installed base of switches on offshore platforms.

But don’t take my word for it. Know that Readers of Control Engineering voted the Hirschmann RSP switches as an innovative product that solves important problems with a 2012 Engineers’ Choice Award.

Figure 1: This network is protected by redundant systems with Hirschmann RSP Switches. However, the protocols used for redundancy could be the target of a cyberattack, if the EAGLE Tofino security appliances were not present. Instead, no matter where the master link fails, the security appliance passes through the fail status and the redundant link takes over. The result is high availability for a mission critical networks such as offshore platforms.

Robust Cyber Security with Tofino Security Appliances

To protect the control networks on offshore platforms from cyberattacks and harmful network incidents we provide cyber security products that provide superior protection for industrial protocols (the EAGLE Tofino family of products). Offshore platforms need cyber security now more than ever because:

• In the last few years the number and sophistication of cyberattacks targeting energy facilities has greatly increased.

• The complexity of their networks and the large number of devices attached to them can generate high volumes of traffic and crosstalk. Excessive traffic can be harmful and disruptive to the control devices that run production machinery.

For example, an offshore oil and gas platform processing natural gas and oil from multiple wells wanted to minimize costly downtime. To improve cyber security, they implemented a Defense in Depth architecture that separated layers of the business and process control network (PCN) using firewalls.

EAGLE Tofino Security Appliances loaded with a specific SCADA firewall module protected the PLCs and switchgear so that only necessary operating protocols were allowed through the firewalls. This controlled the volume and type of communications to the control equipment, making sure that neither malware nor excessive traffic affected production.

You can read more about this implementation in the Application Note “Implementing Cyber Security in Offshore Oil and Gas Platforms”.

Fault Tolerance plus Cyber Security for Safe, Secure, Reliable Production

In the past people who designed mission-critical networks tended to address fault tolerance and cyber security independently. However, today they are being recognized as interdependent elements. Here’s how they work together:

For those of you attending OTC I encourage you to visit Belden at booth 7236 and see for yourself how our cable, connectors, switches and cyber security products work together to provide high availability networks for offshore platforms.

Related Content to Download

• Application Note “Implementing Cyber Security in Offshore Oil and Gas Platforms”

Related Links

• Industrial Ethernet blog: Hirschmann RSP Switches Win 2013 Engineers’ Choice Award: Spotlight On
Innovation
• Tofino Security blog: SCADA Security and Fault Tolerance – A Beautiful Pairing!
• Webpage: RSP Series Managed Switches
• Webpage: EAGLE Tofino Industrial Firewall/VPN Router Systems

As a leading global provider of world-class network and connectivity solutions, Belden has a dedicated product portfolio to meet the Transportation Industry’s need for uncompromising safety and reliability. In a sector where domain knowledge is vital, we offer innovative future-proof solutions for reliable network communication systems through mutually beneficial partnerships.

 This year at the Mobility and Transport Exhibition running alongside the UITP 2013 World Congress in Geneva, we will be showcasing one such partnership with AXIS Communications. On the stand there will be a live CCTV system demonstration (including ring topology redundancy), clearly showing the benefits, we offer through combining our switching, cabling and connectivity product portfolio for the transportation industry.

 Our innovative solutions and products on display at the exhibition are equally applicable as solutions for On Board Communication; Train to Train Communication; Train to Ground Communication; Full IP Railway Networks; Industrial Ethernet Networks and Dynamic Passenger Information Systems. 

We invite you to put us to the test. Make your next challenge our partnered success. We’re looking forward to providing you with a superior solution that will open a whole new range of opportunities, both technological and business-wise.

 For more information, visit us at the AXIS Communications Booth 4C275 in Hall 4 or go to www.beldensolutions.com.

.

For those of you that don’t know me, I headed up the Tofino Security marketing group for five years and had the privilege of working with Eric and Joann Byres to pioneer a new approach to industrial security for the plant floor. This involves dividing networks into zones of equipment with similar security requirements and then protecting those zones with firewalls designed for industry such as the Tofino Industrial Security Solution. A key aspect of the Tofino solution is that it is designed to be simple to implement and maintain for those who work on the plant floor.

Now as part of Belden’s Industrial IT group, I am working with people and products that are addressing network simplicity and efficiency from a broader perspective. This involves looking at overall industrial networking best practices and applying them for particular applications. Today I am going to introduce you to a company and application that has been able to achieve significant cost savings and efficiencies by simplifying its industrial communications networks.

Automotive Bell Housings made by AAM. Photo courtesy of AAM.

Auto Parts Manufacturer moves to EtherNet/IP Communications

I was fortunate to see Jeff Smith, Technical Engineering lead for American Axle & Manufacturing (AAM) speak at last fall’s Belden Industrial Ethernet Infrastructure Design Seminar. AAM is a global Tier-One automotive supply manufacturer with more than $2.6 billion in sales of driveline and drivetrain systems. It operates at more than 30 locations in 13 countries around the world.

Jeff described how AAM’s various facilities had been using up to five different fieldbus protocols for communications with the sensors, instruments and motors etc. that are essential to its manufacturing. The complexity resulted in lengthy time-to-deployment of new assembly lines, multiple sets of training documentation and costly downtime for maintenance.

AAM selected EtherNet/IP for its standard communications protocol. EtherNet/IP met the company’s criteria of high speeds, reliable performance, industry standard accessibility and full capability of future expansion. An added benefit was its compatibility with the firm’s existing IT infrastructure and networking standards.
Many industrial engineers would define an Ethernet-based solution as a networking protocol first and foremost. For AAM, the fieldbus component was the most important attribute.

“For our purposes, EtherNet/IP is a fieldbus first and a network second,” said Jeff.. “EtherNet/IP had to be capable of controls functions such as reading inputs and writing outputs to allow us to achieve our goals. If it couldn’t have accomplished that, we would have kept on looking.”

Standardizing on EtherNet/IP required coordination with AAM production line equipment suppliers. The company informed suppliers that they would need to offer EtherNet/IP compatibility within a defined timeline and assisted a number of suppliers with that development to help them meet the goal on time.

Industrial Ethernet Infrastructure Best Practices in Action

In addition to adopting EtherNet/IP, Jeff’s simplification program involved a number of other networking best practices. For example, standard segmented network configurations were developed, tested and then deployed.

One of AAM’s standard network configurations is this production line network. It includes Hirschmann MACH 100 rack-mount and RS20 DIN rail-mount managed switches.
This strategy of developing standard configurations and deploying them globally was a success. Key outcomes of the standardization program are:

• “Cookie-cutter” network configurations reduce configuration, training and maintenance costs.

• Downtime events due to network related issues are now rare, and less downtime saves money and improves product delivery.

• Changeover flexibility. When AAM decided to move its assembly systems’ EtherNet/IP networks from star to ring topologies, they found the transition to be smooth.

Standard Industrial Ethernet Infrastructure Results in Cost, Time and Efficiency Savings

Prior to standardizing on EtherNet/IP and network configurations, it took four to six months and significant onsite engineering support to launch a new assembly system. After the new standards were defined, AAM flawlessly launched four assembly lines simultaneously in four months with no headquarters engineering support required.

At our Design Seminar, Jeff also talked about his approach to security, which is pragmatic and particularly interesting to me — however that is a topic for another article!

What is your experience with implementing networking best practices? Has your organization standardized communications on a particular protocol? Let us know about your successes and challenges.

 Related Content to Download

 • Belden.com PDF: Case Study – Hirschmann OpenRail RS20 Managed Switches Chosen to Network Automobile Parts Production Lines at American Axle Manufacturing
• Belden.com PDF: Brochure- Belden Solutions for the Automotive Industry

Related Links

• Belden.com webpage: Market Solutions – Automotive
• Automationworld.com: Ethernet/IP A Fieldbus First, Network Second
• Belden.com blog: Long-term Success with Hirschmann and EtherNet/IP
• Belden.com blog: Hirschmann OpenRail RS20 Managed Switches Chosen
• Tofinosecurity.com blog: SCADA Security Basics: Why Industrial Networks are Different than IT Networks

Editor’s Note: This article was contributed by Thomas Nuth, product marketing manager.

Three years ago, the concept of industrial cyber security became a popular discussion topic within the industrial networking community. Now the discussion has risen to the level of heads of state within the international community. The Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year is just one indication of the importance being attached to this issue.

What’s also interesting is the change in focus of this discussion topic. The key question has changed from an interested “Why do we need to secure our industrial network?” to a frantic “How do we do it?”

Obama’s Executive Order on Cybersecurity: A Sign of the Times? Image Credit: Mashable

US intelligence chiefs have said that cyber-attacks have replaced terrorism as the primary security threat. And they are taking these threats very seriously. For example, on March 12th 2013, US General Keith Alexander testified to Congress regarding an announcement made by the Pentagon Cyber Command. This announcement outlined a plan to create 13 teams, by the fall of 2015, charged with the national defense against large scale cyber-attacks that could knock out domestic electric power infrastructures.

Transportation, Energy and Manufacturing Industries Are Paying the Price

So who are the cyber-attackers targeting?

To answer this question, we can refer to the Mandiant Report, an annual report compiled from hundreds of advanced threat investigations, which aims to reveal:

“…evolving trends, case studies and best practices gained from Mandiant observations to targeted attacks in the last year.”

According to the Mandiant Report released in February 2013, transportation, energy and manufacturing are in the top ten most targeted industries for cyber-attacks. If there was any deliberation about it before, industrial cyber security is now without a doubt an international security topic.

The costs of these cyber-attacks are staggering – and difficult to estimate.

For example, the 2012 Cost of Cyber Crime Study from the Ponemon Institute put the cost of cyber-attacks within the USA at $8.9 billion in 2012. However, according to the Foreign Policy National Security Newsletter, “more recent estimates have put the cost of theft as high as $338 billion per year”. Frankly we think the second number is high, but the fact remains – poor security is getting expensive. And a large portion of this total loss is incurred within the industrial automation and energy sectors.

Attention Hackers – Only 416 days to Access the System Prior to Detection!

Built for reliability and stability rather than security, industrial infrastructure networks have long been easy targets for malware attacks. City and regional infrastructures depend on reliable access to energy and sound transportation systems. In a very real sense, all infrastructures are built upon the industrial infrastructure base. The concept of the ‘network of everything’ that futurists and city-planning commissions have spoken about optimistically for years has arrived.

But they forgot one thing: industrial security.

According to Mandiant, 416 days is the median number of days that advanced attackers have access to networks before they are detected. Yes, you read that correctly. 416 days! A lot of damage can be done in 416 days.

This much is certain then – many current cyber threats are yet undiscovered and unknown.

Industrial infrastructures are growing in size and complexity. And it’s all too clear that traditional enterprise IT solutions have not been successful at safeguarding them from cyber-attack. They do not meet the best-practice deep-packet inspection capability in the field, nor do they place an emphasis on zone protection network segmentation. As well, they tend to focus on preventing loss of confidential information, rather than what really matters in the industrial world – reliability and integrity of the system.

Many cyber threats are ‘hidden dangers’, lying undiscovered and unknown. Image Credit: The Allstate Blog

In the process automation sector alone, we typically find six to eight auxiliary networks outside of the central distributed control system (DCS). These auxiliaries can include the Safety Instrumented System (SIS), Systems of Events (SOE), Analysis Management Data Acquisition Systems (AMDAS), Plant Information Management Systems (PIMS), Vibration Monitoring Systems, Position Location Systems, Alarm Management Systems, Fire and Gas Systems, and Building Automation Systems. As well, most companies now have some form of remote support for each of these systems.

The reach and scope of industrial IT networking has increased mobility, efficiency and operational safety. However, without proper security considerations, these growing networks only increase the vulnerability to cyber threats.

How Can We Secure SCADA and Industrial Control Networks?

It’s evident that there’s no simple solution to securing our critical infrastructure. It’s going to take time and careful planning. A combination of best practices, utilizing technologies designed for industrial security, and focused effort is the only way to mitigate the risk of attacks on industrial systems.

Best Practices

It is important that staff is familiar with industrial security standards. We recommend the ISA/IEC 62443 (formerly ISA-99) standard. Major oil and gas and chemical companies such as Exxon, Dow and Dupont are using it and we have repeatedly seen its strategies used successfully in the field.

Particular industries also have their own standards – the North American power industry’s NERC CIP, for example.

At Tofino Security, we have developed, in partnership with exida, our own best practice for ensuring good security. To read the details about this process, download the “7 Steps to ICS and SCADA Security” white paper.

Use Network Technologies Designed for Industry

Look for technology solutions that are designed specifically for the plant floor, rather than for standard IT systems. Seek robust technologies that integrate with industrial network management systems. Deploy firewalls that secure industrial protocols, and practice Defense in Depth with zone-level security.

Collaboration and Teamwork

Last but not least, let’s not forget the importance of teamwork. IT and engineering teams must collaborate to ensure that best practices are in place and that innovative advances to security are developed and deployed.

Regardless of whether your organization is a critical infrastructure provider, or whether your enterprise has one or many industrial networks, securing your networks has never been more important.

In 2013, do you think enough emphasis is being placed on the importance of industrial cyber security? Are we making any significant progress in tackling this issue? What else needs to be done? I look forward to hearing from you.

Thomas Nuth, BA and MBA

Product Marketing Manager

Industrial IT

thomas.nuth@belden.com

+49 (0) 712714 1648
Thomas is responsible for market analysis and valuation for Belden’s global industrial IT business.

Practical SCADA Security thanks Thomas for this article.

Related Content to Download

White Paper – “7 Steps to ICS and SCADA Security”

Download this White Paper and find out:

• The 7 Steps to start improving your organization’s cyber security posture
• Tips for optimizing your spending and resource allocation on cyber security
• Real-world advice from security experts Eric Byres and John Cusimano

Related Links

• Automation.com, Webpage: Cyber Attacks on Industrial Systems Increasing Rapidly
• National Vulnerability Database (NVD), Webpage: Database search page
• Blog: SCADA Security Basics: Why are PLCS so Insecure?
• Blog: S4 Security Symposium Takeaway: Time for a Revolution

© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand

Tags: SCADA Security, Industrial Control Networks, Cyber Security

Actually, I think applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. If you never patch, you are leaving your system open to a decade of malware.

What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

In the words of Richard Brown, at Dow Chemical:

“Patch management is about managing the risk of change”.

Patches are changes to your system. Changes to your system need to be managed. One cannot blindly deploy new patches into the process control environment without risking disruption of operations. Thus careful policy and practice is required to balance the need for system reliability with the need for system security.

A successful patching strategy balances system reliability with system security. Image credit: A Perfect World

Prioritize Your Security Patches

There are a number of recommendations on patch management, but one of my favorites comes from the Edison Electric Institute (EEI). Their suggestion is to push down patches to machines on a priority basis. The priorities are based on two factors: the criticality of the system being patched and the criticality of the patch.

The EEI process requires two sub-systems to be set up. The first sub-system involves an inventory in which all machines are prioritized and categorized into groups that define when and how they are to be patched.

Some examples are ’Early Adopters‘, who receive patches as soon as available and act as Test/Quality Assurance machines. Typically, these are lab or training computers. ’Business Critical‘ machines are those that are patched automatically when early adopters have been stable for a set period of time (depending on the patch’s level of risk) and approval for the patch has been received from the control system vendor. This escalates up to ’No Touch‘ machines that require manual intervention and/or detailed vendor consultation before a patch is applied.

The figure below is an example from the pharmaceutical company Astra-Zeneca (A-Z), and shows the patch cycle for their systems. Note that none of the A-Z patching is performed in a rush – there is always a process to collect feedback from one stage before embarking on the next stage.

Astra-Zeneca Illustration from “SCADA and ICS Patching: On the Horns of a Dilemma” presentation. Source: Joakim Moby, Astra-Zeneca, ISA Expo 2006

The second sub-system is a procedure for keeping track of newly released patches and their level of importance to process operations. Whenever a new vulnerability is announced and/or a patch fix is available, it is tracked for its potential impact – good and bad – on the company control system. This patch is then evaluated and prioritized for adoption based on its risk evaluation.

For example, the risk evaluation could follow a set process of questions to decide on urgency of patching and level of testing required. These questions might include such concerns as “Are we currently being exploited?” or “What is the severity level designated by the vendor?” or “Has it been tested by the vendor?”

The risk evaluation would result in an overall implementation level being set. Considerable guidance for making this evaluation is available from vendor sites, such as Honeywell’s Microsoft Security Hot Fixes Qualification Matrix (you’ll need login credentials to access this), which reports on the testing status of newly released patches.

Implement a Patch Reaction Plan

The patch implementation levels are preset and tied to Reaction Plans. The table below shows an example of several different Reaction Plans. These vary according to the risk of not applying the patch.

For example, if the risk that a given patch addresses is low, then the adoption and testing cycle can be slower. If it is a very high risk, then the patch needs to be deployed more aggressively. More (or fewer) levels than the three examples below can be created as required.

Any patching plan requires close cooperation with all software and system vendors. Many vendors already have a system of prioritizing patches and approving their application that should be tied into the internal patch management system. As mentioned earlier, Honeywell maintains a patch approval process that usually approves patches for their newer versions of software within five days of a Microsoft patch release – and often within hours if the patch is critical.

Once the decision is made to patch a system, it is critical to have a secure method to distribute those patches. Distributing them directly from the business systems is not a good idea. For example, the Honeywell Security Guidelines state:

“It is not best practice to distribute Microsoft hotfixes, patches, and updates to virus definition files directly from the business network to nodes on the process control network as this is contrary to the goal of minimizing direct communication between nodes on these networks.”

Most vendors recommend that a dedicated patch manager and an anti-virus server be located in the Demilitarized Zone (DMZ) between the control system and the IT network. Both roles can be often performed by a single server.

Finally, there are a number of automated tools and services available to assist companies in performing patch management. These typically include methods to inventory computers, identify relevant patches and workarounds, test patches, and report network status information to various levels of management.

Using this type of tool can significantly improve the response time for deploying critical patches, while at the same time reducing the work load on process control or security staff. For example, a major company involved in food processing reported that a single individual was able to successfully manage all PCN patching over six large company sites once the company deployed a patch management tool.

Repeat After Me – “Planned Patching is Good. Reactive Patching is Bad”

Don’t get me wrong, I’m not saying don’t patch! Far from it – patching for vulnerabilities is critical for good security. However, as I noted in my last blog, the IT strategy of rapid, reactive, continuous patching on a regular basis just isn’t feasible for SCADA and ICS systems.

For a patching strategy to be successful it must be planned properly and it must include testing and change management controls. Without these processes in place, you are putting the control system at serious risk.

In my next blog, I’ll explain how compensating controls can provide a workable alternative to patching in a hurry.

Related Content to Download

Presentation – “SCADA and ICS Patching – On the Horns of a Dilemma”

Download this presentation and learn about successful patch management strategies in SCADA and industrial control systems, including:

• The ‘Defense-in-Depth’ strategy
• Patching by criticality
• Patching in waves
• Compensating control solutions for security vulnerabilities

This document is vendor neutral and is ideal for serious consideration of the topic.
 

Related Links

• ICS-CERT.US-CERT.gov, Webpage: The Industrial Control Systems Cyber Emergency Response Team
• Automation.com, Webpage: Cyber Attacks on Industrial Systems Increasing Rapidly 
• Blog: SCADA Security Basics: Why are PLCS so Insecure?
• Blog: S4 Security Symposium Takeaway: Time for a Revolution
• Blog: Tofino provides an Alternative to Patching
• Blog: SCADA Security – Welcome to the Patching Treadmill
• Blog: Patching for SCADA and ICS Security: The Good, the Bad and the Ugly
   

© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand

In Part 1 of the this GreenChoice blog, we discussed how choosing low smoke zero halogen (LSZH) cables can offer a much safer industrial cabling alternative. Now, we will discuss the business arguments for GreenChoice LSZH cables and offer an opportunity to download the new Belden GreenChoice white paper for the complete argument for LSZH cables.

Today, even though standards in North America do not require non-halogenated cables, incentives are in place. For example, builders can get Leadership in Energy and Environmental Design (LEED) incentives for using LSZH (green) wiring; it is possible to get LEED Pilot Credit 54 for up to 2 LEED points per installation. LEED is intended to provide a standardized framework for recognizing and actualizing practical and measurable green standards in design, construction, operations and maintenance for building professionals.

Many corporations and governmental agencies, as well as private citizens, recognize the benefits of less toxic materials for home use or for use in areas where many people are present, such as subways, theaters, restaurants, mines and office towers. Furthermore, because of the corrosive acids created by halogens when exposed to liquids, there is increasing interest in LSZH cables not only in areas that are sparsely populated by workers but also where valuable equipment may be at risk.

The flip side of safety is liability. When there is no argument for better performance or significant price differentiation from cables with halogenated jackets, it may be prudent to consider the use of non-halogenated materials. Regulatory agencies are also increasingly leaning toward LSZH cabling material.The European Union regulations against the use of halogens are stringent in industries such as electronics and automotive, both of which consume a vast amount of cable. Asian countries are also beginning to regulate the use of halogens in electronics. It makes good financial sense for a company to standardize on non-halogenated cables for global operations.

Click here to continue and download the new Belden GreenChoice white paper.

The International Security Conference (ISC West) is April 10-12 at the Sands Convention Center in Las Vegas. Hundreds of security companies will be exhibiting. Belden will be there in Booth 3139 and show off its latest networking products for secure, efficient networks. Belden, GarrettCom, and Hirschmann products will be featured in the booth.

ISC West will feature vendors touting their latest products in the following areas: Access Control, Alarms & Monitoring, Biometrics, Fire Control, Networked Security Products, Public Security & Safety, Remote Monitoring, Systems Integration, Video Surveillance, and Wireless Applications. The show is particularly beneficial for IT or Physical Security Systems Integrators as well as dealers/installers, consultants/specifiers and end users of physical security products.

For industrial and outdoor networking, GarrettCom and Hirschmann products featuring fiber configurability, thermal cooling techniques, Power over Ethernet (PoE), and advanced software security features will be on display. Of course, Belden hardened industrial cables designed for high reliability and security applications will help to complete the end-to-end solution.

Be sure to come and visit Booth #3139 to learn more.

The exhibit hall will be open Wednesday, April 10 and Thursday April 11 from 10-5PM and Friday April 12 from 10-3PM.

For all of the show information, including hours, education, and featured product categories, click here.

We look forward to meeting you at this year’s ISC West show!