Securing Industrial Components with a Business-First Mindset
By Ilan Barda, Co-Founder & CEO of Radiflow
The digital revolution has ushered in a new generation of streamlined manufacturing, operations, and logistics. But beware, this new world of connectivity brings with it great risk.
Each new internet-connected device, whether it be a large manufacturing robot or a small sensor, carries with it the burden of joining your local network in accordance with the latest cybersecurity practices. The problem is that putting too many roadblocks, such as limiting access via firewalls or making access so difficult it impedes productivity, potentially limits its ability to communicate freely with other devices or send critical diagnostic reports back to stakeholders.
On the one hand, manufacturing is now the world’s most targeted industry according to IBM Security’s 2022 X-Force Threat Intelligence Index. On the other hand, the promise of greater business growth through connected devices (aka digitalization) has motivated many companies to continue forward while ignoring cybersecurity risks over plant efficiency and modernization.
For the first time in 5 years, OT facilities are an even bigger target than the finance or insurance industries. This can be attributed to both taking advantage of an industry where even an hour of downtime can have a significant financial impact on a company, making high ransoms more likely to be paid, in addition to the ease of hacking into these improperly secured Operational Technology (OT) networks that operate on legacy machines and components, made some 30-40 years ago.
With recent years showing us that manufacturing supply chains are as critical as they are vulnerable, asset owners and operators are facing their greatest challenge—applying the proper cybersecurity controls within their OT networks without hampering their production capabilities.
Long-term OT security requires action
Here are four pillars to securing your OT devices both in the short and long term.
Visibility reduces risk
The main challenge of OT-connected machines is that understanding their current security status is easier said than done.
CISOs are tasked with securing connected machinery that cannot be taken offline to review credentials, apply a manufacturer-approved update, or even for a general inspection. With so many devices operating in such synchronous precision, the risk of any downtime, including installing an update or doing a simple restart, may result in more lost revenue than it’s worth.
Gaining full visibility into your network, mapping it, and understanding what are your ‘crown jewels’ and how to protect them is a challenge CISOs and security decision-makers face on a daily basis.
Assess your risk
This brings up the age-old question, how much risk is acceptable? Or, if rephrased, where do I start, and how do I prioritize my security roadmap?
With the newly virtually mapped facility, carry out risk assessments by running simulated attacks and remediation techniques. Many times, teams are surprised that Facility A, which houses more critical equipment, is less impacted, while the impact on Facility B was worse than anticipated.
Here is an opportunity to compare previous hypotheses against newly produced data. Update playbooks, practice mitigation techniques, and consider which investments are critical to achieving your risk reduction goals.
Make a plan
Comparing new risk assessment data against operational needs and company goals pivots the role of an OT CISO from someone who’s always putting out fires to one who can make proactive data-driven decisions.
An actionable security plan should answer the following:
- Which devices are at the greatest risk?
- Which machinery has critical software updates ready to be installed?
- What security controls are available to help me assess and carry out a security plan? The right tool will paint a clearer picture of all devices and the software versions they operate. It will also allow teams to obtain the information they need to generate an active baseline to run against anomalous events.
- Cybersecurity hygiene policies that the organization must follow
In the short term, the plan should include limiting network access and reviewing credential information for every connected device. Long-term goals will be within reach only once the full network is mapped, and you have a virtual environment to understand device roles.
Patrol the network
Threat landscapes are always in flux. A secure network today may become exposed to a new vulnerability tomorrow. Even if cybersecurity teams could shut down a full facility and conduct a thorough manual risk assessment, the validity of this review has only a short lifespan.
Ongoing monitoring and the ability to run simulated attacks with your team are the only way for security decision-makers to keep pace with, and act faster than, attackers. Preventing all attacks is impossible, but the right approach will provide the oversight your new security goals demand without the operational interruptions that organizations fear.
An attack is imminent
Global attack data shows us that manufacturing, infrastructure, and supply chain operators must assume that a serious attack is imminent. The outcome of a successful vulnerability exploitation will be nothing short of ransomware payments, costly downtime, and exposed data.
Identifying a normal operations baseline and implementing an ongoing monitoring tool will allow teams to identify anomalous behavior early, signaling a breach attempt, and allowing time to stop a hacker in their tracks.
In conclusion, securing industrial environments is crucial to protecting a business’s assets, reputation, and customers. However, it’s essential to approach security from a business-first mindset, taking into account the business’s overall goals and objectives, the potential impact of threats, and the costs and benefits of security measures. By doing so, businesses can ensure that their security roadmap supports their operations and protect them against potential cyberattacks.