Digital transformation in manufacturing has created a new set of security challenges for operational and information technology stakeholders. The increase in connected industrial devices, such as programmable logic controllers (PLCs), human machine interfaces (HMIs), drives, and industrial PCs, has created a much broader attack surface.
Operational Technology (OT) stakeholders may not have access to the same network and security management tools as those used by IT. While IT follows the CIA approach to data — confidentiality, integrity, and availability — OT turns this on its head, prioritizing availability of production systems. Once manufacturing companies uncover vulnerabilities, they may not know what to do next.
To uncover, prevent, and respond to common security vulnerabilities that create costly downtime that disrupts production, manufacturing companies need to follow standards. Following the standards of a security framework, such as the NIST Cybersecurity Framework, will help manufacturers build and optimize a strong security posture.
To maintain a robust security posture, manufacturers should choose solutions and services that identify assets, segment and control access to networks, and provide ongoing threat detection. Organizations should also have a framework for incident response and steps to recover from a cyber incident.
Identifying what assets are connected to your network is an important first step in finding potential vulnerabilities. The NIST Cybersecurity Framework recommends an ongoing process that begins with identifying assets and progresses through protect, detect, respond, and recover.
To identify risk, manufacturers must first have visibility into their assets. While OT departments need to know what’s in their environment, gaining visibility can be challenging because industrial networks may have been implemented without structure, creating the problem of ‘network sprawl’. Lack of documentation further exacerbates the issue as new devices are added to the network.
Security software can capture and catalogue assets. A solutions provider may even go on-site to perform an inventory assessment to physically capture assets that are not connected via an IP-based network, such as serial connected devices.
Asset visibility allows manufacturing companies to uncover critical vulnerabilities, phased-out equipment, and “rogue” assets that aren’t known (or authorized) to be on the network. These assets need to be assessed to understand what could be at risk and the potential outcome of this risk.
Zero Trust security, with its principles of “never trust; always verify,” is supported by network segmentation. Network segmentation within the OT environment can limit devices and communication to only necessary resources.
The rapid growth of connected devices in manufacturing means that firewalls are only part of the solution in securing operational networks. Firewalls are important but only solve for certain vulnerabilities.
Controlling access based on level of authority can prevent the spread of malware, such as ransomware. Manufacturing processes are better protected when segmentation is designed into the system. Defining security policies for different zones will segment the network and analyzing traffic between zones will validate group segmentation.
Developing a security posture for IoT means monitoring the network 24/7/365 to detect any threats. Behavioral analytics will detect any OT risks by recognizing anomalies in network traffic patterns.
Contextual information helps identify a root cause for the threat. Using analytics for threat detection enables manufacturers to achieve enterprise-level security operations center (SOC) capabilities.
Incident response empowers manufacturers to remediate any attacks that manage to succeed. In addition to detection and prevention, OT stakeholders should have a plan in place to respond immediately, lessening the impact of the attack and keeping it from happening again.
Responding to incidents quickly will bring production back online, reducing unscheduled downtime. Having software that takes your company through the steps of options for remediation will speed up the response and recovery process.
Building a disaster recovery plan is part of incident response. Data replication is one of the keys to disaster recovery.
To qualify for a cybersecurity insurance policy, companies must satisfy a checklist of requirements that include disaster recovery, asset visibility, incident response, and continuous threat detection. Collaboration is key for IT and OT teams to implement an effective security posture.
Cisco Cyber Vision protects industrial control systems and networks against cyber risk through visibility, insights, and detection.
As a Cisco partner, Rexel Automation Solutions can help your company leverage Cyber Vision to gain visibility into your assets and segment your network to identify and contain threats to your connected devices. Rexel combines Cisco expertise with proven experience working with companies in the manufacturing industry. We offer full-scope business and technical assessments of your organization’s OT security posture.
Start improving your security posture for IoT. Reach out to Rexel today.