With more and more automation systems and industrial devices being connected to networks, raw data from every device can be transformed into a treasure chest of valuable information. Granted, this data can help to optimize the process, but with connectivity comes new ICS cybersecurity concerns. Connectivity opens previously air-gapped or physically isolated control networks to the world of cyber threats where potentially damaging impacts to brand reputation, human safety, operational productivity and product quality can occur.
How are we mitigating this new risk?
Industrial cybersecurity is a journey. It’s one that is never-ending, as automation control systems are adopting information technology (IT) and cloud-based solutions at a faster rate than ever before. At the same time, the threat landscape of malicious activity is constantly evolving. As a result of these trends, previously isolated control networks are now potentially accessible to outsiders through increasing numbers of touchpoints including from the corporate IT network and the Internet itself. This can open up the control network to ransomware, malware, equipment failure, human error, malicious internal events and other cybersecurity-related incidents, even if these cyber events are not directly targeting the industrial control network. While no doubt familiar to the IT side of the organization, these ICS issues (and their costs) can be even more damaging in the industrial side due to the fact that producing and shipping products can be considered the lifeblood of the business. What are the potential business impacts?
- Productivity
- Quality
- Safety
- Profitability
- Brand reputation
What does a minute or an hour of downtime cost when plants are often run at maximum capacity? What is the financial impact when a product falls out of specification and needs to be reworked? What is the impact of having to issue a product recall? These threats are real, and the potential financial impacts to the business are massive.
What can you do to protect your ICS assets?
Control what you can Control
While it may seem that securing your plant is a daunting task, there are some foundational cybersecurity controls recommended by industry cybersecurity frameworks, some of which include IEC 62443, NIST SP – 800-82, NIST Cybersecurity Framework and NERC CIP, that you can turn to. Implementing these measures can help reduce operational risk throughout the organization. And even if you have not chosen a standard to adopt, you can start with these foundational cybersecurity controls:
- Asset Inventory and Discovery –Hardware and Software
- Network Segmentation
- Vulnerability Management
- Change Control
- Network Management
- Centralized log management
Gain Visibility
Take the guessing game out of the equation. How do you know what you need to secure if you do not know what you have? When you have holistic visibility to your control network, you can create and maintain ICS asset inventory (vendor, make, model, serial number, firmware version, etc) and do so much more like manage communication patterns between devices, see network topology variations, identify rogue assets on the network, outline configuration changes, provide vulnerability context and measure other environmental elements by fact.
Implement Protective Controls
Protective controls are controls that help prevent or lessen the impact of cyber events. Just don’t implement protective controls for the sake of implementing protective controls. You have to implement the right protective controls for the industrial process you are trying to secure and manage. What may be appropriate for one application may not be appropriate for another.
Continuous Monitoring
Just like you have a SCADA to help optimize and control your industrial process, you need a “SCADA”-like cybersecurity solution to help optimize and control visibility to industrial cybersecurity events as well as ensure the protective controls you have implemented are operating correctly. This is not a one-and-done activity. his needs to be performed continuously.
Conclusion
Know your network. If you don’t, someone else with a different motive will. You do not get to make the decision on whether you are a target for either an external or internal malicious intent. Come up with a strategy that is driven from executive management. Our control networks are defensible. With that said, the time is now to start with visibility, protective controls and continuous monitoring. Cybersecurity can be an enabler to the key performance indicators of the industrial process: safety, productivity, and quality. To learn more, you can head over to our friends and Belden and download their latest whitepaper, Cybersecurity Challenges in Discrete Manufacturing.
Editors note: Gary would like to thank Nick Shaw, Senior System Engineer at Tripwire, for his contribution towards this article and whitepaper.
