By Mark Cristiano, network and security services business development manager, Rockwell Automation
The food and beverage industry has seen great momentum when it comes to addressing cyber hygiene — the starting point for industrial control system (ICS) cybersecurity. Where we used to have a lot of conversations about network infrastructure, cybersecurity techniques and strategy are now taking center stage. But how did we get here?
The problem dates back 20-30 years, when the food and beverage industry was rapidly adopting advanced, proprietary technology on the factory floor. Due to the closed and isolated nature of these systems, cybersecurity was not a true concern.
Fast forward to the past 10 years, and the proliferation of ICS and Ethernet-connected equipment has revolutionized productivity, quality, compliance and speed to market. It has also simplified connection of these legacy systems to each other and to new systems. This open, unmodified Ethernet communication brought increased cyber risk and a new concern: legacy system patch management.
A recent Food Protection and Defense Institute report details how this outdated legacy equipment can expose your operation to malicious attacks. Ones that can disrupt business, destroy equipment and compromise worker and product safety. A holistic cybersecurity program has become a business imperative, and the patch management process plays an important role.
Take Inventory
The idea of an asset inventory isn’t new, and you may have already tried this exercise internally, or even enlisted outside help. But to capture everything is no easy task, and many still are working to get it right.
There are two ways to take inventory. And to set the right foundation for your ICS cybersecurity program, you need both.
- Electronic interrogation tools can scan your network and automatically identify assets. This will identify the bulk of assets.
- Manual identification will catch the rest, but requires someone to literally walk around, open panels and physically survey assets.
It’s important to use both approaches at all of your locations. If you only inventory nine of your 10 sites, I can just about guarantee the breach is coming through the one that was overlooked.