This blog is from Rockwell Automation and was written by Quade Nettles-Product Manager for Cybersecurity Services.
It’s a constant battle and the stakes are high. The fight against cyber threats is unending and the landscape is constantly changing. It can be hard to know if your industrial security strategy is enough, but one thing is certain. Failure to be ready comes at a high price and the threats continue to grow.
No one is surprised that cybercrime is increasing. Unfortunately, it pays to be a cyber-criminal – and it’s only getting worse. In the last two years, there was roughly $11.7 billion dollars in damages due to ransomware attacks, and at least 53% of industrial manufacturers have experienced a cybersecurity breach in their facility.
Industrial companies are particularly attractive targets for cyber criminals for a variety of reasons. First, many of these companies are working with legacy unpatched infrastructure and a lack of skilled resources to properly manage cyber risk. Adversaries know these environments have many vulnerabilities and, if attacked, would suffer significant consequences. So, given the seriousness of the situation, why do companies allow themselves to be in this position? The challenges are very real for many organizations, and it can be hard to have a complete security strategy without addressing them.
Challenges Facing Industrial Infrastructure
- Vulnerability – For many companies, security is simply an afterthought. Without proper policies and procedures in place, it’s very difficult to maintain a secure environment. A critical first step is to develop and enforce proper cybersecurity standards - and make sure you have buy-in from upper management. Keep track of evolving industrial security standards. Things change quickly and staying current will help you deal with aging industrial control systems and protocols.
- Skills gap – It’s no secret that there is a serious skills gap. The loss of qualified personnel through retirement puts many companies at a disadvantage. Having well-trained employees who understand and adhere to policies helps you address cybersecurity issues - and makes employees more productive.
- Inflexibility – If your company has low adoption of risk management processes, you need to find ways to get everyone on board. You may also have issues integrating new technologies or finding the right tools to manage your infrastructure, and sometimes there’s just too much data that lacks actionable information.
A second common source of vulnerability involves industrial automation environments that are poorly inventoried. If you don’t know what is connected in the environment, you can’t secure it. This important point can be addressed by enhancing your company’s Operations Technology (OT) visibility. It’s critical to know what assets you have and what their attack surfaces are. Not having answers to the following questions regarding your assets, may make your company more vulnerable to attack:
- Location - Where is the asset physically located? What is the operational purpose of the asset?
- Device – What is the type of device and who is the vendor? Record the model, serial number, firmware version, IP address, the operating system and Media Access Control (MAC)
- Applications – What apps are installed and what versions of the apps are running? What is the context of the device’s configuration?
- Communication - Neighbors, Protocols, Conversations, Frequency. What devices communicate with each other and what are those interdependencies? How often do these devices communicate? Do these devices only communicate within your internal network or do they communicate with the internet?
This is a big project and you may not be in a position to do this all without some outside help. Consider the value of working with a vendor who can help you perform anInstalled Base Evaluation™ that identifies all your OT automation assets. This is a good way to identify internal risks caused by antiquated equipment and legacy devices. And, by working with a trustworthy, experienced partner with domain expertise in the OT environment, you can be confident that you have engaged people who understand the complexities with securing the OT environment.
There are also other steps that can be taken to improve your industrial security strategy – if you do them well.
Next Generation Firewalls
Of course, a properly hardened and configured firewall is a key component of robust cyber security. Keeping cybercriminals out is, after all, one of your primary goals. But not all firewalls are the same or provide the same level of protection. So how do you know if your firewall is good enough? It probably isn’t if you’re not using a next generation firewall that offers features like:
- Intrusion prevention and detection
- Application visibility and control
- Analytics and automation
- Malware protection
- Network profiling
- URL filtering
While you’re working hard to keep the hackers out, you probably still want to be able to provide secure remote access for the people who need it. Employees, suppliers and third-party technicians are among the people who may need to access company resources. In addition to complex and frequently changed passwords, logging and recording every action allows audits and investigations in case of an information security incident. When you have sufficient remote access policies and procedures, they will:
- Eliminate direct interactions between remote users and network assets and enforce a single access pathway
- Define and enforce remote diagnostics and maintenance operations conducted via locally installed applications
- Monitor, record and observe user activity in real time and terminate the session as needed
If your remote access system can’t do these things, it’s time to upgrade.
Despite your efforts, there may come a time when your company is the victim of an actual cyberattack. If that happens, you want to be in a position to detect the threat as quickly as possible and respond in an effective manner. If you’re not sure of your company’s ability to quickly detect a threat, consider partnering with a company that can provide:
- Initial baseline of network traffic and data flows
- Real-time alerting on deviations
- Deep packet inspection for industrial protocols
- Multi-site visibility
- Functionality that is complimentary to IT tools
- Incident response planning
- Remote access session management and administration
- Remote support services
Recognizing that an attack has been made is key to addressing it quickly and minimizing its impact.
Clearly, there’s a lot to consider when developing and implementing your organization’s cyber security strategy, and you might not be ready to take on something this substantial without help. Having the right policies, people, and technology in place can be a huge undertaking. Fortunately, outside services are available to help you fully manage and secure your network. Services like an IDMZ design and implementation, or 24x7x365 threat detection and response are cybersecurity services aimed at assisting companies in improving their cybersecurity posture and providing customers with cybersecurity domain expertise to remediate cyber threats and with other related issues.
Many companies discover that having an outside source of highly trained cybersecurity engineers to help them keep up with the latest cyber threats, technologies and risks allows them to focus on what they do best - innovating within their application space.*
With hacktivists, nation states, terrorists, cybercriminals and even insiders all potentially trying to disrupt your operations, you simply can’t afford to be unprepared. The topics mentioned here are just some of the issues you’ll want to consider when evaluating your industrial security strategy. If you recognize a weakness in one of these areas, you may have others as well. Since having a robust industrial security strategy could mean the difference between being up and running and having production come to a screeching halt, you don’t want to take any chances. If your company is one of many that simply isn’t positioned to handle the complexity of cybersecurity on its own, consider getting outside assistance. To help protect your operations against security threats – and be confident that your strategy really is enough - look into Rockwell Automationindustrial security services.
*If you’re ready for outside help, Rockwell AutomationOT Managed Servicesofferings can help you stop worrying about problems like unplanned downtime and your plant’s ability to adapt to on-going changes in technology and the cyber threat landscape.
Have a member of the Kirby Risk Services Team contact you about Cybersecruity service offerings.