The Elephant in the Room
While there are many tangible benefits to digitization in industry, cybersecurity risks have to be taken into account. The good news is that with proper design, security policies and threat detection services manufacturers can avoid cyber related interruption or data theft.
And staying ‘of-grid’ is also not a realistic option, as the benefits of digitization and Industry 4.0 are just too great to be ignored.
But there is no safety in trying to stay offline either. As has long-since been shown, even systems that are air-gapped from the internet have network vulnerabilities that determined agents can exploit with remarkably low-tech consumer devices such as a USB key or Raspberry PI scanning local WIFI networks.
The stakes are consistently and widely reported, often front-page news. An internet search for “industrial malware attacks”, for example, gives chilling evidence of ransomware and industrial espionage, and worse – attacks on industrial safety systems that can endanger life on site.
Understanding the Risk
Risk is a part of life – Industrial cybersecurity is no exception – no company is completely safe, but there are various mitigations strategies available that significantly reduce risk, and further preparations that can reduce the impact of a successful cyberattack. Such action plans and recovery approaches should be part of normal operating procedure on the plant floor. Unfortunately, basic good practice around industrial cybersecurity is still often lacking.
You Can’t Secure What You Can’t See!
It starts with visibility. Every company needs an up-to-date inventory of intelligent assets, that’s how you can get visibility. Most industrial networked systems have grown organically over time – they might not have been designed with the present parameters in mind, and they may contain legacy systems that have been around a long time. Here are some simple questions to ask your network administrators and plant managers to get better visibility of your intelligent assets:
- Do you have an inventory of all your intelligent assets?
- What does your operational technology (OT) network look like?
- Is your network designed to meet current cybersecurity guidelines?
- Do you monitor traffic on your OT network?
Secure Your Network
To be cybersecure, we need to build an operational technology network that is fit for purpose. Here are a few simple, but vital questions for the leadership team:
- Are you running any systems that rely on technology that is no longer supported by the vendor?
- Are all your operating systems (Windows, Linux, etc) up to date?
- Do you have active patch management – the process by which vendors close security vulnerabilities with software updates?
- Do you monitor and identify unusual network traffic?
- Have you considered combining all your intelligent assets onto a virtual platform?
Taking action to resolve those two key factors of visibility and security should make your enterprise much more resilient. But maintaining this more secure state requires a continuous approach. Secure today is not necessarily secure tomorrow.
Putting into action simple management processes for keeping patches up to date, verifying additions & deletion to the network and regularly assessing vulnerability need to be second nature for your company to maintain a robust cybersecure stance. Moreover, as we know, even with an active plan that follows best practices, your security risk is considerably reduced but not totally eliminated. ‘DayZero’ threats that have never been identified could still infect your network…so you need to be prepared.
Be prepared AND have a Plan ‘just in case’
If your company can answer these questions, then you are well positioned to reduce the likelihood and the effect of cybercrime.
- What would happen if you suffered a successful attack?
- Would you know it was happening?
- Do you have active, real-time threat detection in place to recognize and isolate abnormalities?
- Is there a disaster recovery or incident plan?
- Do you have suitable Backup and recovery solutions standing by?
Get the right expertise to support you
None of this is difficult to implement, but you do need the right level of expertise to secure your industrial environment. And you do not necessarily need to have this expertise in-house which is too costly for many companies …with the right trusted partners, business processes and support services you can protect yourself against cybersecurity threats.
My advice is not to get lost in the details but do take cybersecurity risk seriously. Work with a reputable company that understands cybersecurity risk in industrial environments as it is different to the IT world.
Help is at hand in the form of this excellent technical guide.
Or you’d like to pick up the conversation about how to bring in trusted expertise from outside of your company, you can contact me at firstname.lastname@example.org.