Wireless networks invariably grow in many directions, which aren’t always visible. So, it’s crucial to cyber map a site. Cyber mapping will help a facility:
• Determine where the access points are along with the topology of networked systems and assets. You must understand how your cyber assets and networks are interconnected because a persistent hacker will certainly make the same effort.
• Map signal strength throughout the facility, measuring at various levels, at high and low elevations. A drone hovering above a router mounted on top of a tall structure may have a very strong signal.
• Find dead areas caused by large pieces of equipment blocking the signal.
• Identify areas where corporate IT networks spill into the plant from offices.
• Establish baseline patterns using a tool like NetStumbler to monitor normal Wi-Fi communication. Anything outside of these patterns may signal network surveillance, internal misuse or attack.
• Scan all frequencies in use, usually at least 2.4 GHz and 5 GHz bands.
While these larger-scale efforts are going on, you can do three things immediately:
1. Get rid of old Wi-Fi routers and switches. Replace any network device not new enough to use WPA2 with AES and CCMP encryption. The older encryption protocols are far too easy to penetrate.
2. Train your people how to respond if a drone is spotted. Your employees need to be vigilant. A drone (Figure 3) may be there to take photos or video, probe networks, or look for people on the ground. Staff should inform plant security personnel so they can alert local authorities. Few drone owners have legitimate licensing, and flying in close proximity to or within the fence line of a chemical plant is almost certainly prohibited.
3. Have a backup plan for loss of your Wi-Fi networks. Even if hackers can’t decrypt your communication, they can jam your wireless networks to the point of shutting them down. As mentioned earlier, radio is insecure and easy to disrupt. Can you continue operating without it? If you’re not sure, it’s best to find out now before an attack.
If there’s any lesson that can be learned from recent CPS attacks, like the Ukrainian electrical grid attacks, it’s that CPS operators always should have physical means to regain direct control of their systems. Plant personnel should be trained in those manual recovery and manual operating techniques where possible.
Wireless networks are certainly here to stay. Even with the known security issues they have become indispensable in many chemical plants and other industrial facilities. The technologies to secure industrial wireless networks have improved but so have the weapons used to attack them. Of course, this cat-and-mouse battle is going on within the larger world of cyber security, so carry out any efforts to improve your wireless networks as part of a larger overall cyber-security strategy.
JEFF MELROSE is principal cyber security manager for Yokogawa Corporation, Carrollton, Texas. E-mail him at Jeff.Melrose@us.yokogawa.com.