Networked machines, and the enormous amount of data generated from them that can be analysed by intelligent algorithms, promise untold potential for optimisation. It is not without reason that we speak of the emerging “Internet of Things” in this context. However, there are also growing concerns about cyber attacks on machines that are networked together in this way. Many controllers and frequency converters are now able to connect to the Internet using Ethernet or Wi-Fi, for example. Once this function has been activated, the components can often be identified by special search engines.
One example of a search engine that specifically returns the IP addresses of plant and machinery connected to the Internet is www.shodan.io. If you enter an IP address found by this engine (e.g. 192.168.10.1) in the address line of a web browser, you are taken straight to the login page of the controller or frequency converter. A special version of the Linux operating system called Kali Linux can be downloaded from the Internet free of charge. This Linux version specialises in cyber attacks and contains programmes for cracking passwords, for instance. Without delving deeply into informatics, these few lines of text suffice to make it clear that machines are vulnerable to online attack – and that the necessary tools are not only easy to get hold of but also require very little specialist knowledge to use. Ultimately, the scenario is similar to that of a PC which goes online: if no firewall or virus scanner is in place, connecting that computer to the Internet and storing valuable data on it is reckless and incredibly risky. This is why machines, too, must be adequately protected.
Options for protecting machines
First of all, it is important to remember that a secure connection to the Internet doesn’t simply depend on the technology. It’s not enough to install a firewall and then hope that everything will be OK. All company processes must be adapted to take account of the risk of cyber attacks. What happens, say, if an employee finds a USB flash drive in the company car park? This is a very widespread way of getting malware onto computers. It is therefore imperative to train staff how to deal with this situation and others like it. Risk analyses, which enable specific measures to be derived, must moreover be performed for all plant and machinery that is connected to the Internet. VDI/VDE Guideline 2182 issued by the Association of German Engineers describes one possible risk analysis method. It shows how the IT security of automated plant and machinery can be guaranteed by implementing specific measures and presents a very practical approach to risk analyses. Based on this, the most appropriate action to take in extreme circumstances could be to segment the networked machine and separate it from the rest of the network.
Differences compared with office IT
Although IT security in an office environment has many features in common with IT security for networked machines, there are also significant differences. It is vital to be aware of, and pay attention to, these when developing security concepts for machines. One key issue with regard to machines is that it is often hard to provide them with the necessary updates on a regular basis. This can have disastrous consequences in the case of security components such as firewalls or virus scanners because the systems can no longer afford protection against current threats. There are several factors that may potentially make it difficult to regularly install updates on a machine.
- Approvals and standards:
Many components of plants and machinery are subject to approval under certification schemes such as Atex or UL. As a result of this, it is often not permissible to change the software on a machine without having it re-certified.
- Deterministic real-time behaviour:
Machines frequently interact with other components, so that a consistent and sufficiently swift response behaviour is crucial to the functioning of the entire system. Software changes can critically affect the dynamics of individual components.
- Worldwide use:
If pumps, compressors and other machines are used in systems around the world, a suitably high-performance Internet connection for updates cannot be guaranteed at all locations at all times. In some instances, countries like China occasionally impose restrictions on Internet access.
What all of this adds up to is that machines must be protected differently from office PCs. A research project, in which a new approach to cyber security for machines of this type is being jointly developed by Kriwan Industrie-Elektronik, Mars Solutions and Aalen University, is described below.
Comprehensive protection for machines
Kriwan has specialised in machine protection for 50 years. For a long time, the issue was merely the temperature of the motor or a bearing, the electric current or a similar parameter. Nowadays, protecting a pump or a compressor from cyber attacks is also of major importance. The process begins by ensuring that the protection relay’s digital interface has been designed such that remote access is prevented.
This has now been taken one step further in the above-mentioned research project, with monitoring of the three phases L1, L2, and L3 already incorporated into many of Kriwan’s protection relays. As a result, any undervoltage, phase imbalance or phase failure in the pumps can be identified and critical states avoided. However, cyber attacks will also impact on the three voltages connecting the pumps to the frequency converter. In particular, attacks that can physically damage these pumps are mounted via the machine’s power supply. As part of the research project, the protection relay has been further developed so that cyber attacks can in future be identified by detecting patterns on the power lines. This has the huge advantage that the pump’s electric motor is very precisely known, both in theory and in practice. Limit values and permissible states can be defined and will not change over time. The situation is hence different to that in the IT sector, where new security loopholes are constantly being discovered and new problems appear with each new operating system or application software. This is why ongoing updates are essential in traditional IT – but in the case of industrial plants give rise to the problems described here. The research project aims to sidestep these difficulties and take greater account of the machine’s physical properties.
To reap the benefits of networking, it is important to bear security in mind right from the start. As part of this, it is crucial not only to install individual components such as firewalls but also to evaluate processes and risks.
Online search: cpp0118kriwan
Ask the expert: Risks of cyber attack
What damage can cyber attacks do to pumps or compressors?
Dr. Ellwein: The electric motors of the pumps or compressors could be physically damaged or destroyed. This is very different to an office environment, where a backup can usually be restored in order to limit the damage. With pumps and compressors, the machine may break down completely – which can result in considerable problems if the replacement times are long. It is also conceivable that selective excitation using a frequency converter (in other words, rapidly increasing and decreasing the rotational speed) could cause a machine to make pipes vibrate, leading to damage and leaks.
What exactly do you have to destroy, or do to the machine to achieve this?
Dr. Ellwein: Critical rotation speeds due to the specified frequencies, overheating of the motor as a result of deliberate undervoltage or mechanical damage by switching the machine on and off too quickly – these are all conceivable forms of attack.
How does the attacker get inside the plant? Isn’t the entire equipment protected?
Dr. Ellwein: A lot of the equipment is very comprehensively and competently protected, of course. However, our investigations have also revealed networked plants with no protection whatsoever. If the original access data (user name and password) for logging in over the Internet haven’t been changed and the manufacturer’s defaults are still active, the plant is at great risk. For many operators, dealing with IT security is a huge challenge.
What was it that provided the impetus for the joint research project?
Dr. Ellwein: Kriwan has specialised in machine protection for almost 50 years now and is a longstanding partner of many large OEMs. Previously, the focus was primarily on protecting machines against overload or excessive temperatures. We have now developed a number of concepts that will enable us to use our electrical engineering expertise and our knowledge of machine protection to also offer protection against cyber attacks. Experience shows that these new approaches are equally able to resolve some of the problems that arise with IT security in an office environment (e.g. installing updates on the machine). Kriwan has filed six patents relating to cyber security during the last few years.
When do you expect to have marketable results?
Dr. Ellwein: The research project I described is set to run for three years. However, we’ve already incorporated other technologies for communicating securely on the Internet into our current products.
Are you also factoring in other peripheral components such as valves, which could indirectly cause the pumps to be damaged due to improper control?
Dr. Ellwein: We regard this as an important topic. Although there are no specific projects dealing with this at present, we are starting to give thought to it at a higher system level with an increasing number of OEMs. Both IT protection and energy-efficient control are key objectives.