The PI System in critical infrastructure security and resilience
November is Critical Infrastructure Security and Resilience Month, a nationwide effort in the United States to raise awareness and reaffirm the commitment to keep our nation's critical infrastructure secure and resilient. OSIsoft is committed to doing our part by enabling secure and resilient operation for our customers' PI Systems deployed in critical infrastructure.
What is critical infrastructure?
The nation's critical infrastructure is the collection of systems that provide the essential services underpinning American society. The US Government defines 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic stability, national public health or safety. There are many dependencies among sectors, and in particular, Energy, Communications and Transportation link with almost every other sector.
How does the PI System fit into critical infrastructure?
The PI System can be found to varying degrees in 15 out of the 16 sectors of critical infrastructure, with financial services being the only exception. CyberX, an ICS/IIoT security firm, published a Global ICS and IIoT Risk Report where they analyzed operations network traffic from 375 networks worldwide and across many industries related to critical infrastructure, including energy & utilities, critical manufacturing, pharmaceuticals, chemicals, and oil & gas. PI System traffic was observed on 14% of all networks in the study, placing PINET fifth among industrial protocols.
Even this figure likely underrepresents the impact of the PI System. Architecturally, the PI System resides at a critical junction, communicating across strict network boundaries. The core value of the PI System is its ability to collect data from hundreds of disparate systems and offer that data in context to operators for situational awareness as well as to corporate roles for business decisions. Providing access to production data is important for the health of a modern business, but a secure perimeter must be maintained around the critical systems. Only the people performing control activities or working on the critical systems should have access to them, and the PI System allows everyone else to operate on a real-time passive copy of the data. Under this paradigm, the PI System becomes the 'safe harbor' for the data, defending critical systems by reducing the number of users inside the security perimeter while enabling growth in the number of users getting value from OT data.
How is the PI System built to meet the security needs of critical infrastructure?
OSIsoft develops and manages in accordance with a reliable process based on Security Development Lifecycle (ISO 27034 Appendix A). We focus on security proactively with training even before starting a project. The advisory team plans training, prioritizes security requirements and handles incident response. During development phases, engineering security champions are responsible for the reliability and resiliency of our system of products. Champions guide threat modeling, secure coding practices and implement regular use of automated tools to test for security issues. Pulling this all together, makes our software security superior in the following ways:
- Lifecycle Security: Bugs get fixed! We strive to eradicate classes of issues, not individual bugs. For example, the PI API 2016 release was essentially a complete code refresh to provide customers a path forward to use Windows Integrated Security. Since we leave no customer behind, the API also provided backward compatibility.
- Modern Bits: Code built a decade ago is 'pathologically unfit' for today's threat environment. OSIsoft leverages the latest technologies in development, for example acting as an early adopter of modern testing tools like Microsoft “Security Risk Detection” service.
- Future Ready: An application can never be more secure than its operating platform. To enable customers to use the most secure platform, the PI Server is officially supported on the latest version of Windows Server Core.
- Authenticity: Critical infrastructure requires professional, authorized code, therefore unauthorized code must be detected and eliminated. Digital signatures help automate and enforce a code authorization via whitelisting known good software. OSIsoft digitally signs all installation packages and every running software module.
- Native Application Security: For years, industry guidance promoted hiding applications behind firewalls, using antivirus as a safety net, an approach that has failed. Antivirus is only able to stop known threats. Firewalls never truly protected applications. By design, holes are opened to receive legitimate communications, which are then used by attackers. PI System communications are natively protected by transport security and support platform defenses built into the operating system, such as AppLocker, BitLocker, Credential Guard, and Windows Defender.