the siemens cyber security operations center (csoc ... · pdf file... provides continuous...

The Siemens Cyber Security Operations Center (CSOC) provides continuous monitoring against current and emerging cyber activities.

December 2015 | AdvancedManufacturing.org 61

Manufacturing Software

Locking Down the Factory Floor

Patrick WaurzyniakSenior Editor

New cybersecurity tools and

techniques for cloud-based

manufacturing software show

promise in the fight to secure

critical factory-floor data

and machinery

Cybersecurity casts a long shadow over networks of all

kinds, from banking and retail businesses to govern-

ment, energy, healthcare, utilities, and large-scale

industrial manufacturing operations. Hardly a day

passes without dire headlines warning of the latest consumer,

commercial or government data breaches over the Web, as

clever hackers employ myriad phishing schemes, viruses and

malware that exploit corporate network vulnerabilities and,

quite often, the gullibility of users unaware of cybersecurity

dangers. With more factory assets getting connected to the

Web, particularly with the coming explosion of Internet of

Things (IoT) devices, today’s manufacturing management must

look for rock-solid technologies for securing their factory-floor

machinery and the mission-critical intellectual property assets

that now often reside in cloud-based software.

Photo courtesy Siemens

62 AdvancedManufacturing.org | December 2015

Hack attacks on industrial manufacturing

networks have been more rare, with the highest-

profile case being the Stuxnet worm that infected

the industrial equipment controlling Iranian nuclear

centrifuges about five years ago. Since the attack,

it has been widely speculated that it was the result

of work by the US and Israel. In that case, Stuxnet

was a zero-day exploit worm designed to embed

computer code into the Siemens Simatic PLCs and

STEP 7 software used to control the Iranian cen-

trifuges. The worm caused the centrifuges to run

improperly and eventually damaged the systems.

More recently, a German steel manufacturing

plant’s operation was severely hampered last year

and shut down after cyber thieves breached its

security defenses. The German steel mill’s blast

furnace was compromised by malicious code that

entered the network through the company’s busi-

ness systems, causing an eventual plant shutdown.

Connected Factories’ Vulnerability

As manufacturers move toward more-connected factory

systems, there’s even greater demand for highly secure sys-

tems to keep hackers away from manufacturing networks’

wealth of IP data and mission-critical plant-floor equipment.

“In the lifecycle of product development, there is a wide

range of systems, and a lot of the elements along that chain

were not designed for security,” said Jim Barkley, associate

director, Digital Manufacturing Commons, at the Digital Man-

ufacturing and Design Innovation Institute (DMDII; Chicago),

of PLCs, network streams, and other factors. “Manufacturing

generates more data annually than any other sector of the

economy. There’s a lot of potential there. You need controls

at every trust boundary—at the machine level, the operating

layer, and at the PLCs.”

Securing industrial networks is exacerbated by the sheer

volume of newly connected machines, as machine tool

builders and machine control suppliers have embraced

newer technologies like the open-architecture MTConnect

XML-based standard for machine tool data exchange on

the shop floor, connecting and gathering much greater

volumes of manufacturing data to leverage the goldmine of

manufacturing process metrics coming off the shop floor

(see “Why Manufacturing Needs Data Collection” in the

October 2015 issue of Manufacturing Engineering and at

http://tinyurl.com/oq7kodn.)


A new open-source Software Defined Perimeter (SDP) security approach

will bring easy-to-deploy, lower-cost cloud-based security to smaller

manufacturing operations. Waverley’s system is among those being

considered by the Digital Manufacturing Design and Innovation Institute’s

(DMDII) Digital Manufacturing Commons effort.

Imag

e co

urte

sy W

aver

ley

Labs


Industrial cyber attacks have largely

flown under the radar, without garnering the

widespread reporting required for those on

financial, government and other targets. “Most

manufacturing companies are not required to

publish information about cyber attacks. How-

ever, the Department of Homeland Security

ICS-CERT does maintain information, pub-

lished on an annual basis, on cybersecurity at-

tacks on industry,” said Rajiv Sivaraman, vice

president and Head of Plant Security Services,

Siemens US Digital Factory (Norcross, GA). In

fiscal year 2014, for example, the Department

of Homeland Security publication entitled ICS-

CERT Year in Review (2014) documented 245

reported incidents, he said. “Looking back at

prior reports, you will find that attacks focus-

ing on industrial networks and equipment are generally

increasing in frequency and sophistication.

“Aside from technological gaps, an important issue in

industrial control systems [ICS] cybersecurity is the general

lack of awareness,” Sivaraman said. “A lack of awareness

of potential attack can lead to reduced investment on early

detection and protection. This results in limited information

about whether or not an attack actually occurred and the

resulting impact.”

Leveraging Cloud Advantages

In many cases, going to cloud-based solutions offer orga-

nizations an edge in factors including lowered costs, speed

of deployment and software design. Cloud software also can

offer benefits in the cybersecurity realm, especially in costs

and cloud optimization.

“Cloud-based software and related network technology

enable more secure transmission of design data and

status information,” Sivaraman said. “The likelihood

of successful attacks that have the goal of stealing

IP [intellectual property] can be reduced if the data is

encrypted. Attacks that aim to disrupt operations, for

instance by injecting false data or instructions, similarly

can be reduced with encryption and other protection. With

cloud-based software and good security controls, the

confidentiality and integrity of design and production data

can be improved.

“In general, Industrial Security solutions require a holistic

approach based on different protection layers,” Sivaraman

said. “These involve plant security, network security, and

maintaining system integrity.” Plant security includes physical

LIFTING PERMANENT CLEAN UP• Flat lift ratings of 220 to 4,400 lbs.

• For OEM applications & machinery

• Push, hang & trailer-type sweepers


Concurrent Technologies Corp., an applied science research and development

professional services firm, offers high-level security help for government and

large businesses as well as smaller manufacturers.

Imag

e co

urte

sy C

oncu

rrent

Tec

hnol

ogie

s Co

rp.


access to plant and industrial controls equipment, security

policies and processes, and security awareness, he added.

“Network security deals with the protection of automation

components based on segmented production networks,

secure separation of production and office networks, and the

use of security cells/zones concepts.”

Costs are a major factor in cloud systems’ favor, par-

ticularly for any smaller to medium-sized manufacturing

operation looking for securing systems

in the cloud.

“I do think cloud computing can

help,” said DMDII’s Barkley. “A lot of

people have misgivings about cloud,

but by and large I think the cloud

industry is taking care of that. The

cool thing about the cloud is it allows

for virtualization of a lot of services.

That’s the elastic sort of element to it,

and it gives us new ways to disrupt

hackers.”

The flexibility of the cloud gives us-

ers a real advantage, Barkley added, in

dealing with the “advanced persistent

threats” that can occur in cybersecurity

breach attempts. “If you can rapidly

switch IP addresses or networks, you

disrupt that cycle,” Barkley said.

Lower costs of the cloud systems

play a huge role, especially with a lot of

the small to medium-sized mom-and-

pop shops, he added. “They typically

don’t have the capital to afford the

top-end enterprise software suites,

which can be pretty expensive, when

you add in the costs of service, which

often account for a larger share of the

total cost of ownership of the lifecycle

of use than the initial purchase price of

the software.”

Open-Source Solutions

To counter the cost barrier, DMDII

has an open project call—the DM-

DII-15-13 Cyber Security for Intelligent

Machines—offering up to $2 million in

funding for developers to bid to supply

open-source cloud-based security

software. One of the manufacturing

research institutes created by the

Obama Administration in 2014, DMDII



is working on developing an open-source software tool that

will be an open-architecture communication platform, and

which will enable plug-and-play functionality across the entire

digital thread. This software is called the Digital Manufactur-

ing Commons, or DMC.

“We want to provide affordable

tools,” Barkley said. “Many may be

more of a SaaS [Software-as-a-Service]

type—low cost, one-time pass, mostly

automated.” The open-source soft-

ware will aim to provide more of an “à

la carte” type of approach to cyber-

security, to remove the cost burden

from shops that typically can’t afford

enterprise-scale software projects.

“Even on the modern controllers, security is

not adequate.”

Affordable solutions for cloud com-

puting are critical for smaller manufac-

turers looking to secure their networks.

Concurrent Technologies Corp. (CTC;

Johnstown, PA), an applied science

research and development professional

services organization, has recently

worked with smaller manufacturers in

the National Institute of Standards and

Technologies’ (NIST; Gaithersburg, MD)

Manufacturing Extension Partnership

(MEP) program working in Pennsylva-

nia. About 90% of its clients are gov-

ernment agencies, but CTC has started

working with smaller manufacturers

on projects involving the company’s

cloud computing and Big Data analyt-

ics platforms, noted Vicki Barbur, CTC

senior vice president and chief techni-

cal officer.

Manufacturers like Lockheed or

Raytheon can afford large, sophisti-

cated, cyber-secure network archi-

tectures, but smaller manufacturers

simply don’t have the resources,

Barbur said, and hence are much more vulnerable to cyber

attacks. “How do we do that in a very cost-effective way?”

Barbur said. “Small manufacturers are looking for cost-

effective, simple systems.”

A Global Name In

Cutting Tools

SCT’s coolant through port tools each have coolant holes to either 3 or 5 flutes to help reduce chatter. Coolant lowers the surface

temperature of the cutting zone making our tools better equipped to deal with the high temperatures that occur when machining a part.

Scientific Cutting Tools

Tel: (805) 584-9495 www.sct-usa.com

[email protected] NEW WEBSITE & CATALOG

Port ToolsThread MillsSingle Point Cavity Tools

Coolant ThroughIndexable ToolsSpecialty Tools


“The small manufacturers really don’t have the ability to

employ large systems,” said Dom Glavach, CTC principal IS

security engineer. “Everyone is definitely aware of the poten-

tial for breaches, and they’re looking for a starting point.”

CTC is helping small manufacturers with assessment

tools for determining the best cybersecurity systems to

fit their needs, he added, using the NIST Cybersecurity

Framework as a model. “I really think that’s a question

that every manufacturer needs to answer,” Glavach said.

“Number one, you have to figure out what are your most

important assets.”

Cloaking Your Cloud Assets

Among the more promising new applications is an open-

source cloud version of the Software Defined Perimeter

(SDP), a “Black Cloud” system that hides data from hackers,

developed by cyber and digital risk management consultant

Waverley Labs LLC (Waterford, VA).

While not quite a Star Trek Romulan cloaking device,

Waverley Labs’ Black Cloud makes corporate or manufac-

turing data essentially invisible to potential hackers, moving

or wrapping a company’s applications within an on-premises

or in a public or private cloud, demilitarized zones (DMZ), a

server in a data center, or even inside an application server.

The Black Cloud concept, which has been deployed in large-

scale systems at Lockheed Martin and other big manufac-

turers, is being adapted

to an open-source

model that Waverley

is developing, and the

company has submitted

a bid for the contract

with DMDII’s DMC open-

source system.

“If you look at the

grand security prac-

tices that have come

out from NIST and other

agencies, they require

patching, updating and

monitoring systems at

the infrastructure layer,”

said Juanita Koilpillai,

Waverley Labs’ founder

and CEO. Cloud vendors

do a lot of work at the

network, operating system level, and at the Software-as-a

Service infrastructure layer, she said, but at the Infrastruc-

ture-as-a-Service (IaaS) layer, the customer is fully respon-

sible for securing the operating systems. “Therein lies the

rub,” Koilpillai said. “Everyone says ‘We are more secure,’

but what piece of it is more secure?

“Ultimately the security has to be implemented at all layers

of the network stack, all the way from your wires to the user

interface in the application,” Koilpillai said, “and that’s what

the Software Defined Perimeter is all about. It’s actually a very

new approach to protecting network applications. The model

is set up so that only TCP [Transmission Control Protocol]

connections from authorized connections are allowed, and

the perimeter also issues the user-level access at the port

and protocol level after user authentication, and that way

connections cannot be recast or hijacked.”

The layer that validates and authenticates users and

devices is hidden from potential network intruders, she

noted. “It’s able to bring all that together to communicate

with a server that’s literally hidden behind a firewall, and the

firewall is only open when the user requests access. There’s

a pinhole punched through the firewall, the communication’s

performed, and then shut down. So the server is completely

hidden from all network scanning and the common kind of

efforts that are done by hackers initially to start looking for

what they can hack.”


The cloud-enabled Esprit 2015 CAM software from DP Technology leverages machining tooling data

from MachiningCloud GmbH’s cloud-based databases.

Imag

e co

urte

sy D

P Te

chno

logy

Cor

p.


For most manufacturing operations, handling these cy-

bersecurity tasks is difficult and time-consuming. “You have

to make a lot of smart decisions based on your application,”

Koilpillai said. “We feel that there’s a need for this.”

The company is collaborating on

the open-source version with the

Cloud Security Alliance, Verizon, NDX

and the NSA. A lot of Waverley’s work

is with the Department of Defense, she

added, and the Black Cloud concept

can be easily adapted to the manufac-

turing world. “They’re worried about it.

The TCP/IP type of communications

have been used in the Internet

“The likelihood of successful attacks that

have the goal of stealing IP [intellectual property]

can be reduced if the data is encrypted.”

for a long time,” Koilpillai said. “What’s

happening now is once you hook up

the network, you should extend your

perimeter, so you can hide the infra-

structure. They [manufacturers] want

to share their Big Data. This system

uses Mutual Transport Layer Security

[Mutual TLS] with mutual authentica-

tion,” she said. “Every message is

authenticated and encrypted.”

Securing, Testing the Cloud

As cloud-based enterprise software

has proliferated and become more

popular for cost savings and other rea-

sons, questions arose whether those

cloud-secured assets are as secure as

the on-premises versions of enterprise

software. But many experts believe

cloud software has many distinct

advantages over on-premises software,

including security.

“It’s pretty clear that attacks happen regularly,” said Kevin

Hurley, executive vice president, Technology, KeyedIn Solu-

tions Inc. (Minneapolis), developer of the KeyedIn Manufactur-

ing cloud-based enterprise resource planning (ERP) software.

ERITOOLHOLDING SOLUTIONS

www.eri-america • [email protected] • 877-374-8005

High Performance Holder Introductory Promotion

· Extreme temperature stability · Extreme high holding stability

· Vibration dampening effect· Extremely high transferable torque

· Usable with all cutting tool shank types

www.eri-america • [email protected] • 877-374-8005

KIT INCLUDE: 3/4” HPH TOOLHOLDER 1/8, 1/4, 3/8, 1/2 & 5/8” reduction sleeves

Part No. Taper Clamping Capacity

Gage Length

Standard Price

Promo Price

CV40-HPH-KIT CV40 1/8 - 3/4" 2.54" $890.00 $499.00BT40-HPH-KIT BT40 1/8 - 3/4" 2.85" $890.00 $499.00

C

M

Y

CM

MY

CY

CMY

K

ERI AMERICA-DEC-2015-ME.pdf 1 11/10/2015 4:55:12 PM


Securing cloud applications is a top priority, Hurley said,

and KeyedIn employs high-end security from third-party

supplier Dimension Data to lock down its ERP customers’

data. “You walk into some installations and it’s almost like

a prison—some of these facilities use biometrics to enter,”

Hurley said.

Cloud applications, properly executed, can offer users

more effective security than some on-premises installations.

“In some cases in an on-premises facility, people are busy

doing other things—maybe

security’s not the main prior-

ity, or they missed a security

patch, maybe they’re not

doing a denial of service

security, or the software’s

not the best from a security standpoint,” Hurley said. “Some

of these software systems can be 10, 15, 20 years old. Any

of those factors could put your on-premises systems at risk.”

With KeyedIn Manufacturing, users get an ISO 2700 com-

pliant SaaS application, and KeyedIn makes sure its custom-

ers follow up on security policies, Hurley added. Customers’

data also is segregated from other customer data, and even

within the client companies themselves, added Paul Leghorn,

KeyedIn vice president, SaaS Infrastructure.

“There’s only a very small number of people here that

can touch the data,” Leghorn said. With KeyedIn applica-

tions, customers also use two-step authentication, which

bolsters security levels. “Typically we don’t re-authenticate

within the session,” Leghorn added. “Your client administra-

tors are in charge of that. They can have the confidence

that no one can break in, because it’s your weakest point in

your chain.”

For cloud-based PLM software developer Arena Solutions

(Foster City, CA), security ranks at the top of the stack of

priorities. “When we start with a customer, we actually start

with how to secure their applications,” said Wenxiang Ma,

executive vice president, Engineering and Operations.

In addition to multiple firewalls, Arena offers users

dynamic access control, allowing administrators to have a

very limited number of people who can access information,

Ma said. “From the beginning, we do multiple firewalls. It’s a

combination of hardware and software,” he said.

Arena PLM’s security model features Secure Sockets Layer

(SSL) encryption, and username and password verification

is provided by a hardened authentication service maintained

separately from the main application service. Arena offers cus-

tomers IP-based access restriction as an option, as well as a

two-step authentication option, and data management secu-

rity is the strongest available currently supported by browsers,

using a 2048-bit RSA public key and up to 256-bit encryption.

Vigilance Required

Keeping hackers at bay requires not only innovation in

cloud-based designs, but also vigilance by cloud users. Per-

forming penetration tests on cloud network security is a must

in today’s world, and these

tests are best done by a

third party, Ma said. “We

go through a penetration

test with a third party, which

involves an application test

and a network test,” Ma said. “The third party actually sets it

up, but we pre-write it and then nobody knows when it will

happen.” The company usually does the network tests at

least once a year.

“We do our pen testing with a third-party IT security

consultancy,” said KeyedIn’s Leghorn. “They test the code,

the system and the SQL database, and the firewall itself.

What ports are open? What they can discover about your

system is important, because for hackers, this is their day

job—understanding what people can do. It provides useful

information and you have to do this on a regular basis, at

least annually.”

With its pen tests, KeyedIn’s policy is to share that

information under non-disclosure agreements with clients,

Leghorn added. “You don’t want to give anything away. As a

policy, we don’t allow the clients to do the pen testing, for the

protection and stability of the entire service.”


?Arena Solutions 650-513-3500 / arenasolutions.com

Concurrent Technologies Corp. 800-CTC-4392 / ctc.com

DMDII/UILABS 312-281-6839 / http://dmdii.uilabs.org/

KeyedIn Solutions Inc. 888-960-5470 / keyedin.com

Siemens US Digital Factory 800-SIEMENS (800-743-6367) / http://www.siemens.com/businesses/us/en/digital-factory.htm

Waverley Labs LLC 800-401-5180 / waverleylabs.com

“That’s the elastic sort of element to it, and it gives us new ways

to disrupt hackers.”

the siemens cyber security operations center (csoc ... · pdf file... provides continuous...

Documents