In ITU-T Y.2060, we came across the following definitions for devices and things in the context of IoT (ITU-IOT): "Device: A piece of equipment with the mandatory capabilities of communication and the optional capabilities of sensing, actuation, data capture, data storage, and data processing. Thing: An object of the physical world (physical things) or the information world (virtual things), which is capable of being identified and integrated into communication networks."
In the IoT context, the capability to communicate and decipher data is an intrinsic property of things. With increasing digitization and connectivity in industries, industrial "things" include a wide spectrum of equipment and devices, starting with low memory, power, and computing footprints. In addition to physical assets, things include virtual objects, too. For example, certain IoT cloud platforms uses the concept of a digital "twin", which is an exact digital replica of its physical counterpart (for example, a wind turbine), to gain greater visibility and easier access to a CPS for efficient fault detection and remediation.
Technologies and platforms that come under the umbrella of IIoT are, in a sense, laying the foundations for greater levels of process efficiency and optimization, ushering in new business models and revenue paradigms. Connectivity is an inseparable dimension of these advancements, and one of the fundamental facets of connectivity is cyber threats, however unfortunate that may sound. As standard-based connectivity technologies replace proprietary industrial protocols, threats commonly seen in IT domains, for example, malware, data exfiltration, unauthorized remote access, and so on, become increasingly applicable to industrial networks as well.
OT refers to the hardware and software dedicated to detect or induce changes in physical processes. OT involves technologies that are used to directly monitor and/or control physical devices such as valves, pumps, and so on. As an example, consider the computing and connectivity technologies involved in an ICS/SCADA system of a power station or a railway locomotive manufacturing facility, which monitors and controls the various physical systems and plant processes.
By adopting IoT, as industries accelerate into the future, it is important to evaluate the current industrial assets and technologies in a typical industrial deployment, and to determine practical mechanisms to transition to greater efficiencies without compromising resiliency. So, before diving deeper into the subject of IIoT security, the prevalent industrial devices, systems, and technologies are discussed in this section.
Though often incorrectly confused with IoT, digital M2M has existed in industries for the last two to three decades. Broadly speaking, M2M refers to any technology that enables machines to exchange information and perform actions without any human mediation. From that end, M2M is foundational to the development of IoT.
To quote from (GART-IOT) ,"The key components of an M2M system are: Field-deployed wireless devices with embedded sensors or RFID-Wireless communication networks with complementary wireline access includes, but is not limited to cellular communication, Wi-Fi, ZigBee, WiMAX, wireless LAN (WLAN), generic DSL (xDSL), and fiber to the x (FTTx)."
The cellular M2M communications industry can be traced back to when Siemens developed and launched a GSM data module called M1 in 1995. M1 was based on the Siemens mobile phone S6, which was used for M2M industrial applications; it enabled machines to communicate over wireless networks.
In industries, telemetry was a very common use case for M2M, in addition to remote monitoring and the control of field assets.
SCADA is a distributed control system architecture used to control geographically dispersed assets. Distribution systems such as electrical power grids, oil and natural gas pipelines, water distribution, railway transportation, and so on heavily rely on centralized data acquisition and control. A SCADA control center monitors alarms and processes data for field sites, usually over long-distance communications networks. This information from the remote stations is used to push automated or operator-driven supervisory commands to remote field devices (which will be discussed later in this section) to control local operations such as the opening/closing of valves, breakers, collecting sensor data, and so on (NIST-800-82r2).
A DCS is functionally similar to SCADA, though it is typically used for localized control in continuous manufacturing process use cases, for example, a fuel or steam flow in a power plant, petroleum in a refinery, and distillation in a chemical plant. As DCS localizes control functions near the process plant, it is a more cost-effective, secure, and reliable option for uses cases where the control room is not geographically remote.
PLCs are extensively used in most industrial processes. PLCs are solid-state closed-loop control system components that are used in SCADA and DCS to provide operational control of discrete processes such as automobile assembly lines.
Being localized within a factory or plant, DCS and PLC communications use reliable and high-speed local area network (LAN) technologies. On the contrary, SCADA systems cover larger geographical territories, and need to account for long-distance communication challenges, delays, and data loss in remote sensor networks.
An ICS is an overarching industrial technology that usually includes SCADA, DCS, and PLC functionalities.
An ICS is a generic term used for all industrial systems that perform data acquisition, monitoring, and supervisory control of local and remote devices and assets. In the previous section, we talked about SCADA, DCS, and PLCs, which are the basic building blocks for centralized monitoring and control of distributed assets and operations, which are sometimes scattered over thousands of square kilometers. The following diagram shows the various functional levels of a manufacturing control system:
Figure 1.4: Functional levels of computerized manufacturing
From the preceding diagram, we come to know of the following:
- Field devices such as sensors and control valves in level 0
- Industrial microcontrollers and input/output (I/O) modules, which are shown in level 2
- Control room elements, including supervisory computers with consolidated process information and operator control screens, which are in level 2
- Production control, which is shown in level 3, is mainly concerned with the monitoring of production activities and assets
- Production scheduling functions are captured in level 4
Field devices are remote station control devices that can act on either automated or operator-driven supervisory commands from central control stations. These control stations generate commands, such as for opening or closing valves and breakers, collecting data from sensor systems, monitoring local environments for alarm conditions, and so on, based on information received from other remote stations (NIST-800-82r2).
These are industry-specific components that interface with digital or analog systems and expose data to the outside digital world. They provide machine to machine, human to machine, and machine to human capabilities for ICS to exchange information (real-time or near real- time), thus enabling other components of the IIoT landscape. This includes sensors, interpreters, translators, event generators, loggers, and so on.
Plant devices and equipment include sensors and actuators, control valves, and so on, which sense and act on commands from ICS.
The following diagram shows the various components of an ICS/SCADA system:
Figure 1.5: Functional components of a SCADA system; Source: (NIST-800-82r2)
An overview of the various ICS/SCADA control components is provided here:
- Control server: The control server hosts supervisory control software (for DCS and PLC), which communicates with subordinate control devices over an ICS network.
- Master terminal unit (MTU): MTU or the SCADA server acts as the master in a SCADA system, while remote terminal units and PLC devices, which are located at remote field sites, act as slaves.
- Remote telemetry unit (RTU): The RTU supports data acquisition and control in SCADA remote stations. As field devices, RTUs are equipped with both wired and wireless (radio) interfaces.
- Intelligent electronic devices (IED): These are smart sensors/actuators containing the intelligence required to acquire data, communicate to other devices, and perform local processing and control. An IED could combine an analog input sensor, analog output, low-level control capabilities, a communication system, and program memory in one device.
- Human-machine interface (HMI): The HMI is usually stationed in centralized control rooms, and includes the software and hardware that allow human operators to monitor the state of a process under control, modify control settings, configure set points and control algorithms, and manually override automatic control operations in the event of an emergency. The HMI displays process status information and reports to supervisory personnel, who usually have internet access.
- Data historian and IO server: The data historian is a centralized database for logging all processed information within an ICS and supports various planning and report generation functions, while the IO server collects and buffers information from PLCs, RTUs, and IEDs.
Industrial control networks involve a lot of connectivity across the various levels of the control hierarchy, as shown in the following diagram:
Figure 1.6: Distributed ICS/SCADA connectivity diagram; Source: (NIST-800-82r2)
Field devices and sensors usually communicate with a Fieldbus controller, which can uniquely identify them. For long-distance SCADA communications, routers are used to connect the LAN and WAN segments. Network segregation strategies are implemented using industrial firewalls. Firewalls enable fundamental network-based access control of resources on a particular network segment. Furthermore, depending on deep packet inspection (DPI) capabilities, there is the potential to get into protocol-level filtering as well. Consider an example of a firewall with DPI that is looking at Modbus traffic to manage read versus write versus read/write privileges based on the data source.
Considering the nature of OT traffic and the protocols involved, these firewalls are quite different from IT or next-gen firewalls, which we will discuss in greater depth in subsequent chapters. And yes, modems are still used to enable long-distance serial communications between MTUs and remote field devices in SCADA systems. DCS and PLCs use modems and remote access points to gain remote access to field stations for command, control, and configuration changes for operations, maintenance, and diagnostic purposes. Examples include using a personal digital assistant (PDA) to access data over a LAN through a wireless access point, and using a laptop and modem connection to remotely access an ICS system.
ICS networks involves deterministic, tight control loops. Fieldbus refers to the family of ICS networks used for real-time distributed control. These protocols are usually defined to satisfy the requirements of specific industry verticals, are proprietary, and as such have limited interoperability. Examples include the Common Industrial Protocol (CIP), Modbus (Modbus-serial, Modbus-TCP), DNP3, Profibus, Profinet, Powerlink Ethernet, OPC, EtherCAT, HTTP/FTP, GOOSE, GSSE for automated power substations (defined in the IEC 61850 standard), and so on.
Many of these protocols support both serial and Ethernet-based TCP/IP stacks, and have been in deployment since as far back as the 1960s. Many vulnerabilities exist in these protocols, and these will be examined in Chapter 5, Securing Connectivity and Communications.
To sum up this section, OT technologies have evolved over a very different runway than information technologies, with a life cycle that runs into decades. In industrial operations, maximizing equipment uptime is critical. So, many industrial deployments today adhere to age-old technologies, which were never designed with security and interoperability in mind. Understanding these technologies is important for planning and designing secured IIoT architectures.
Even though security technologies for OT deployments exist today, the Industrial Internet pushes the boundaries much further with state-of the-art software, firmware, and connectivity paradigms, thus calling for a major shift in mindsets. How does IIoT provide an evolutionary path for existing ICS systems? Let's discuss that now.