Cyber security of HMI systems

You can always depend on human error, both in environments such as company IT as well as in OT (operational technology), which includes automation systems. A careless click of the mouse on a link or file accompanying what seems like a mail sent by a colleague or business partners can create havoc in integrated company IT systems. Operational systems such as control or process control systems also increasingly come under attack by hackers. A recent study by Trend Micro – a company specialising in network security – showed that in 2021, 90% of German companies in electricity, oil and gas supply as well as in the manufacturing sector were the target of cyber attacks. On average, a successful attack resulted in damage to the tune of 2.9 million Euros.

Automation systems are increasingly becoming the primary target of such attacks. After all, whilst office IT becomes ever more secure, there are still a lot of companies with gaping holes in their OT security. When machines that used to be operated in isolation are being integrated into the company networks during a digitalisation drive or as part of IoT projects, these security gaps become the entry point for hackers. Latest at this point operators should check whether there is unprotected maintenance access to the machines, whether the security of all control systems is up to date, whether USB interfaces are deactivated, and, last but certainly not least, whether the default password of an operator station or a SCADA system has ever been changed. If the answer to any of these questions is "no", the door to the system is wide open for anyone to enter – as a simple internet search for "scada system passwords" will show.

Recent legislation has also recognised the importance of this subject, in the European Union for example by defining key requirements for operators of critical infrastructure in the DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL by numbering chemical companies amongst critical infrastructure, in addition to assets essential for the functioning of society and economy. Such companies have to go to great lengths to meet the statutory requirements for IT security and cyber resilience, and non-compliance could lead to fines of up to 2 million Euros.

Efforts to ensure cyber security have always suffered from moving goalposts: although staff awareness of cyber risks is on the increase, cyber criminals are constantly upping their game. Social engineering and phishing attacks are becoming ever more sophisticated. But the good old USB trick also still works: plausibly labelled USB sticks left lying around are connected by unsuspecting staff to operator stations and control stations. Private mobile phones are also often connected to company systems. Then there are easy to guess passwords or passwords written down on pieces of paper stuck to the screen, a notice board or a whiteboard for any visitor or video conference member to see. A post-it note under the keyboard is also not a safe hiding-place for passwords. A Trend Micro study from 2018 showed just how important safe authentication is: according to the study, almost half of the successful cyber-attacks on HMI systems were down to unsafe passwords and insufficient access authority management.

Often it is a question of ergonomics that leads to laughably easy passwords being used: which operator using several stations within a plant takes the time to enter a complex, 16-digit password via the screen keyboard every single time? Also, the software and hardware used in the process industry has often been in place for many years and has been developed at a time when integration, digitalisation and the Internet of Things were neither relevant terms nor development targets. Many operators simply have no idea exactly which devices and software systems are running in their plants.

During the development of the ORCA HMI series, launched in the summer of 2022, R. STAHL has addressed many aspects of cyber security. The Thin Client approach forms the basis: unlike independent on-site computers such as the ones used in Client/Server environments, the actual logic processes and data back-up for Thin Clients take place on a centrally administrated server. This means that many IT risks are immaterial for the on-site operator station. The operator's IT specialists can focus on security measures for the server. The ORCA HMI operator devices are closed systems with industrial-grade security. They have neither hard disk nor drives where malware could attack. To prevent manipulations at the level of the operating system, the UEFI-BIOS with the "secure boot" function is used: Windows is only booted up once it has been ascertained that parts of the firmware such as the boot loader have not been manipulated by unauthorised access. Also, the configuration supports customised security concepts.

R. STAHL is using the Remote HMI firmware for its Thin Clients. This has been designed as a closed system and is based on the Microsoft Windows 10 Enterprise 2019 LTSC operating system. LTSC stands for "Long Term Servicing Channel", an update channel through which the company guarantees a 10-year long support with security updates. The firmware is used to configure, establish and secure remote connections to application servers, or, in the simplest case, to a workstation. This allows remote access from one operating station to one or more workstations within a network. This is not only the case for the new ORCA devices, but also for the manufacturer's earlier device platforms.