Loading
Automation Today 82 | Feature Story

Implementing Cybersecurity in Manufacturing according to NIST Best Practices

A practical guide to safeguarding IT and OT systems in a tech-driven world.
Subscribe

Share This:

LinkedInLinkedIn
XX
FacebookFacebook
PrintPrint
EmailEmail
Tailor-cybersecurity-to-OT-environments
Issue 82
  • Feature Story
  • Management Perspectives
    • Risk Management
    • Risk Management
    • Critical Infrastructure Resilience
    • Critical Infrastructure Resilience
    • Semicon Manufacturer
    • Semicon Manufacturer
    • Church & Dwight
    • Church & Dwight
  • Latest News & Updates

How seriously does your organization consider cybersecurity as part of its business strategy?

The 9th edition of the State of Smart Manufacturing Report reveals that cybersecurity ranks third as an obstacle to growth, appearing in the top five for the first time. From this result, it’s clear that businesses need to improve the integration of cybersecurity within their IT and OT systems. Manufacturers are also already stepping up their technology investments by 30% to counter the risks of cybercrime, of which upskilling talent and hiring skilled employers are prioritized.

Additionally, in the 2024 State of Operational Technology and Cybersecurity Report by Fortinet, it is stated that 73% of OT professionals experienced intrusions that impacted their OT systems in some way. This is a stark increase from just 49% the year before. All of these point to an elevated need for cybersecurity awareness and action to mitigate the risk of cyberattacks.

 

Addressing Cybersecurity through the NIST Cybersecurity Framework

To address these challenges, the National Institute of Standards and Technology (NIST) developed a cybersecurity framework that provides a structured approach to managing cybersecurity risks. First introduced in 2014 to support critical infrastructures, NIST released version 2.0 this year with a goal to broaden its use-case to be applicable across organizations.

NIST Cybersecurity Framework

Credit: N. Hanacek/NIST

There are six parts to the NIST framework – Identify, Protect, Detect, Govern, Respond and Recover. According to NIST, the first four points should all happen continuously, while preparing the remaining two points – Respond and Recover – so they are ready to be implemented should a cybersecurity incident occur.

These foundational aspects guide businesses in the right direction and give them a starting point to addressing network security threats. 

As industries and the threat landscape rapidly evolve, the NIST framework introduces the adoption of practices to simplify manufacturers’ cybersecurity journey according to their risk appetite.
Loading

Building a Cybersecurity-first Mindset with NIST

An organizational culture that prioritizes cybersecurity doesn’t happen overnight. However, this is possible to achieve with the right mindset and guidance. Here’s a guide to get started, referencing the NIST framework.

Open All
Close All
Assessment and Planning
Chevron DownChevron Down

Identify the assets and risks that your organization has. Conduct a thorough inventory of IT and OT assets, including data, hardware, software, systems, facilities, services, even the people involved, as well as suppliers and any related risks from external parties. Then assess and identify the potential cybersecurity risks and vulnerabilities in each of them.

Next, conduct a gap analysis. Compare your organization’s current cybersecurity measures against the NIST cybersecurity framework core (CFC) to identify any gaps and identify the steps that need to be taken to bridge those gaps. Organizations should be looking at opportunities to improve policies, plans, processes, procedures, and practices, keeping in mind the other functions within the NIST CFC.

Governance and Policies
Chevron DownChevron Down

Establish a clear governance structure. Define clear roles and responsibilities, including the formation of a cybersecurity governance team. Governance is critical and necessary for incorporating cybersecurity into an organization’s broader enterprise risk management (ERM) strategy, as it will be the source of truth that aligns the entire organization in the development and execution of a cybersecurity strategy.

Develop policies: From governance discussions, create cybersecurity policies and procedures that align with NIST CSF and ensure that they are enforced across the organization. With clearly outlined roles and responsibilities, enforcing policies should be a seamless process. 

Technology and Tools
Chevron DownChevron Down

Upon assessing the needs and coming up with the appropriate policies and procedures, deploy the appropriate security solutions. Implement perimeter controls, network-based solutions, and endpoint protection. 

Integrate monitoring tools that are built for industrial control systems (ICS) and OT security. This ensures timely threat detection and response.

Training and Awareness
Chevron DownChevron Down

The best asset of any organization is their people. Conduct regular cybersecurity training sessions to keep employees updated on the latest cyberthreats and equip them with the knowledge so they know how to react if a breach happens.

Cybersecurity is a constantly evolving space that works in the dark, so it’s important to have ongoing awareness campaigns to keep it top of mind.

Incident Response and Recovery
Chevron DownChevron Down

Every organization should have arrangements made for a Security Operations Center (SOC) and a Cybersecurity Incident Response Team (CSIRT) so they are prepared around the clock, should potential cybersecurity incidents occur.

Develop OT-specific response plans. Be clear on the incident response plan and actions that need to be taken. Make sure to have a recovery plan in place to restore operations as soon as possible.

Continuous Improvement
Chevron DownChevron Down

Regular audits and assessments are critical to ensure compliance and identify areas for improvement. It’s important to continuously update cybersecurity measures to stay ahead of new threats and technologies.

Supporting manufacturers with end-to-end cybersecurity

As cybersecurity risks continue to expand with new technologies, managing those risks must be a continuous process. Regardless of where an organization is in their cybersecurity journey, there is always room for improvement.

Rockwell Automation can help manufacturers align with the NIST CSF and achieve compliance with a combination of the right expertise, technology, and tools. Securing OT networks with the NIST frameworks also fast-tracks compliance with future regulations such as the EU Cyber Resilience Act and the Machinery Regulation (EU) 2023/1230.

Industrial Cybersecurity Services by Rockwell Automation:

  1. A holistic strategy
    Covering enterprise IT and OT environments, we provide products, services, and solutions that are more secure and resilient across environments.
  2. Governance and structure
    Cybersecurity risk is part of our overall Enterprise Risk Management program led by security leaders including the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) with oversight from the board of directors.
  3. Defense in depth
    All perimeter controls, network-based controls, network-based controls, and endpoint protection are managed with a mix of human expertise and machine intelligence so that nothing gets past without scrutiny
  4. Incident response
    A 24/7 SOC monitors and detects incidents with CSIRT handling the incidents based on severity. This specialized team will immediately prioritize the handling of any incident, and work closely with customers depending on the nature, extent, and impact of any given incident.
  5. Employee training
    We provide regular security training and phishing assessments to ensure that employees not only know the cybersecurity best practices but also to act as a “human firewall” for the organization.

Ultimately, the safety of every organization comes down to the level of preparedness. By adhering to reputable compliance standards and working with partners that have the right expertise, businesses can operate with peace of mind knowing they have the best solutions in place at all times, in turn saving their businesses from costly cyberattacks that could severely impact the bottom line.

It’s never too early or too late to improve your organization’s cybersecurity practices! Get started here.

Subscribe to Rockwell Automation

Receive the latest news, thought leadership and information directly to your inbox.

Subscribe now
Recommended for You
Loading
  1. Chevron LeftChevron Left Rockwell Automation Home Chevron RightChevron Right
  2. Chevron LeftChevron Left Company Chevron RightChevron Right
  3. Chevron LeftChevron Left News Chevron RightChevron Right
  4. Chevron LeftChevron Left Implementing Cybersecurity in Manufacturing according to NIST Best Practices Chevron RightChevron Right
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose