New Solution Enables Customer to Take Preventive Measures against Cyber-Attacks

Introduction

A cyber-attack is a deliberate exploitation of a computer system or network that involves the use of malware and other means to disrupt or gain control over essential processes and access sensitive data.

These attacks have become one of the most pressing concerns in recent years, and there is now an urgent need for control systems to adopt security structures that are reliable and consistent, particularly critically important facilities such as power, gas, and petrochemical.

As the techniques of cyber attackers continue to grow in sophistication, a new solution is required not only for endpoints but also for networks, because, cyber attackers try to attack control systems from the network. There is no question that cutting edge tools and technologies are necessary to stay one step ahead of cyber criminals today; therefore, a new solution has been developed for network security to analyze network communication in control systems and report on their health.

visualization of network traffic

Utilizing expert consultation services and software, cybersecurity experts at Yokogawa headquarters were able to provide a fit-for-purpose Network Healthiness Check Service  for a Japanese chemical company in 2015. The Network Healthiness Check Service is meant identify deviations from normal network behaviors so that appropriate preventive measures against attacks could be taken, and improved upon.

Verify communication between elements, quickly

Critically important infrastructures such as power grids, gas facilities, and water supply systems continually face the risk of cyber-attacks via web servers, which can lead to the shutdown of essential systems and/or the theft of key information.

Up till now, there has been no quick way to verify whether communications between the elements that make up a control system have been compromised. One had no choice but to analyze all communications traffic, which, in addition to being very time consuming and costly, leads to disruptions that can undermine plant performance and availability. This is an issue that our customer identified and needed to be solved. Coincidentally, our solution was in its final development stage, and instead of analyzing all communications traffic, the software and consultation focuses on the characteristics of the control system network.

 

Network healthiness check cycle

 

Vulnerabilities are clear through visualization technology

Normal control network communications control network

Compared to general information systems, it is easier with control networks to identify when a normal state exists in communications traffic, because, these systems are designed and used for a specific purpose. By singling out and excluding all normal control system communications traffic, it is much easier to spot packet transfers and other network communication activities that originate from outside the system and deviate from normal traffic patterns. What makes this possible is a new technology for visualizing network traffic which was jointly developed by the National Institute of Information and Communications Technology (NICT), Yokogawa, and Kyoto University. 

A COMPROMISED control network

In the above case, there is a surge in network traffic originating at a server in Control Room A that has been infected with malware. Note: The above images are provided for general explanation purposes only and are not representative of the type of information provided with Yokogawa’s analytical reports.

Utilizing this technology, Yokogawa developed the Network Healthiness Check Service. In Yokogawa’s Network Healthiness Check Service, Yokogawa collects network communications from the customer’s site, analyzes them, reports health in communications and advises on how to further improve communication in the network. The customer has been able to obtain analysis reports that visualize incoming communications traffic originating from unknown IP addresses, traffic using unspecified protocols and/or ports, unauthorized data transmissions, and other potential hazards.

Examples of detection in network communication from unknown source

The customer was surprised at the data in these analysis reports. Working together with Yokogawa in the consultation process, they analyzed where this communications traffic was coming from and sought to identify its source. With this information, it was then possible for this customer to take the appropriate preventive measures.

Conclusion

The customer was able to intuitively grasp the status of a control system’s communications traffic so that preventive measures could be taken in response to any and all potential issues – and as we all know, in the case of cyber-attacks, the sooner the response the better the outcome.

The Network Healthiness Check Service is specifically developed and dedicated for plant control systems -- which is an industry first -- and eases the task of identifying abnormalities in control network communications.

As there is no need to install detection software on each control system host (or server), this service is easy to introduce and does not impact control system availability. Network communication is regularly collected and analyzed by Yokogawa experts who prepare an in-depth analysis report. With this information, appropriate measures can then be taken by customers, ultimately leading to a safer future.