Unbreaking the record for cyber-attacks
23 August 2021
According to Forbes, 2020 broke all records for data lost in breaches and sheer numbers of cyber-attacks on companies, individuals and governments. These threats are also becoming more sophisticated with emerging technologies like machine learning, artificial intelligence and 5G.
Fortunately, remote telemetry units (RTUs) allow for better control and visibility when accompanied by advanced development and deployment techniques. Here, Matthew Hawkridge, Chief Technology Officer at Ovarro, explains why secure RTUs can mitigate threats against critical national infrastructure.
But why the rise in incidents? One explanation is that the increased move towards digitalisation and Industry 4.0 has raised cyber-security risks.
Cyber-attacks can also affect critical network infrastructure (CNI) like energy, water or oil and gas networks – the UK Government’s National Cyber Security Council (NCSC) is always concerned about the prospect of Russia or China hacking into Britain’s water supply chain. Cyberthreats to CNIs include espionage, targeted attacks from malicious actors, such as hostile states and criminals, and accidental data loss. All have the potential to disrupt our lives and damage the economy.
But how can CNI operators embrace digital transformation and all its benefits without inviting cybersecurity risks? The answer lies in RTUs and deployment with the latest NCSC Cyber Assessment Framework (CAF).
Secure ease of access
For decades, telemetry unit systems have been used for remote monitoring of power consumption and battery backup in networks for energy, water and telecommunications by gathering information about critical assets. They work on the simple premise that, if the condition of an asset is understood, then it can be managed efficiently and respond quickly to change. There is immense value in being able to optimise operations and to detect and respond faster to impending issues.
These systems are also equipped for Wi-Fi and the advent of 5G – for example, for process plants with servers in the cloud or in a nearby, air-conditioned control room, the RTU gathers information about critical assets. RTUs are emerging as one of the drivers for the IoT because they can gather and manage large volumes of data for analysis. Also, they are secure against cyber-attacks.
Ovarro’s TBox RTU is equipped with a Firewall with four levels of authority, HTTP session authentication and SSL/TLS & X.509 certificates. It also meets the IEEE802.1X standard for devices that connect with other devices on local area networks (LANs). Ovarro also works with highly qualified “CHECK” approved third party penetration testers, cybersecurity experts that help us investigate and discover potential vulnerabilities and weaknesses in our products’ defences. We also publish security advisories on new discoveries upon patching for complete transparency.
Going forward, Ovarro is committed to meeting the IEC-62443 standard to secure industrial automation and control technology systems. But how are these efforts applied in a real-world setting, and where do RTUs fit in?
Better Industry 4.0
PetroChina Southwest Oil and Gas Field Company approached Ovarro to support with a digital upgrade project at its Chongqing Gas Mine. The mine is located in the jurisdiction of 277 industrial gas wells with a daily production capacity of 20 million cubic metres. Specifically, the customer wanted to improve remote monitoring of all its key gas wells with a better use of data. A key feature of this digital transformation would be the installation of an internet protocol (IP) camera at each site, giving regular images of the well head. But how could this be achieved securely?
Ovarro’s solution was to install a total of 70 solar-powered TBox RTUs within a supervisory control and data acquisition (SCADA) system. The RTUs have the responsibility of capturing and transmitting an image snapshot each hour, or upon an alarm. In the case of a communications outage, the historian capabilities of the RTU can store months-worth of historical data on pressure, process shut-off valve position and more. This can be backed-up and transmitted to the central control station later, helping protect against data loss.
PetroChina has praised the TBox’s built-in cyber security suite with authentication and encryption technology, which provides state-of-the-art protection of the customer’s assets and data. This example shows that CNI managers can embrace the advantages of Industry 4.0 without compromising cybersecurity. With the right technology like RTUs in place, let’s hope that 2020’s cyberattack records remain unbroken in the future.