5 Steps to a Zero Trust Cyber Defense | Rockwell Automation

Cyberattacks targeting manufacturing operations have surged by 107% since 2021, with malicious actors using increasingly sophisticated tactics to circumvent multi-factor authentication (MFA). The alarming rise in cyberattacks underscores the critical need for manufacturers to swiftly adopt Zero Trust architecture, safeguarding both Information Technology (IT) and Operational Technology (OT) systems against MFA bypass attack and other cyber threats.

According to a 2022 Rockwell Automation study, “Cybersecurity Preparedness in Critical Infrastructure: Avoiding ‘The Big Shutdown’,” despite widespread acknowledgment of the benefits of Zero Trust architecture, only 49% of critical infrastructure organizations surveyed have implemented segmentation or micro-segmentation to protect vital systems.

Segmentation of technology systems is a core component of Zero Trust and is mandated by many government policies, according to the Cybersecurity & Infrastructure Security Agency (CSIA). And across the manufacturing and machinery sector, only 37% of companies have real-time threat detection in place. The other 63% are doing nothing.

New Attack Vectors, New Vulnerabilities

Critical infrastructure faces a significant cybersecurity challenge with the growing convergence of IT and OT systems. This convergence opens new attack vectors for cybercriminals, creating vulnerabilities and widening the attack surface. Industrial organizations grapple with OT and IT cybersecurity gaps, and the looming threat of global adversaries compounds the challenge.

Despite the CISA’s top recommendation of using MFA, cybercriminals increasingly use bypass attacks to overcome MFA. Well-funded actors, including ransomware gangs and nation-state hackers, target critical infrastructure organizations.

As cyberattacks escalate and vulnerabilities persist without mitigation, the risk of a large-scale disaster for the industrial sector becomes more tangible. Organizations can no longer afford to remain unprepared on the sidelines; proactive measures are imperative.

Huge Risk for Manufacturers

MFA bypass attacks significantly impact the industrial sector, causing disruptions, financial losses, and threats to critical systems such as industrial control systems (ICSs) and production lines. These attacks can lead to problems including:

Process manipulation.
Equipment sabotage.
Facility damage.
Risks of data breaches and compromising intellectual property.

In addition, tampering with critical infrastructure may result in severe environmental consequences and increased safety risks for workers.

Financially, cyberattack disruptions cause substantial production downtime, affecting revenue and profitability. Investigating and recovering from these attacks incur expenses, including incident response, system restoration and potential legal costs.

And successful cyberattacks can harm industrial companies' reputations, causing customer loss and decreased market value.

Various factors are fueling the pervasiveness of MFA attacks in the industry. Cybercriminals constantly develop new tools, exploiting vulnerabilities in MFA and user behavior through phishing kits, man-in-the-middle attacks and social engineering tactics.

MFA fatigue attacks overwhelm users, making them more likely to approve unauthorized access to avoid annoyance. Exploiting weaker MFA methods, such as SMS or push notifications, is a target for attackers due to easier bypass.

Human factors also contribute, as weak passwords may allow access despite MFA, and cybercriminals may trick users through phishing emails, fake websites and scams, potentially bypassing MFA. Lack of security awareness among users increases susceptibility to attacks.

On a technical level, poor network security or system vulnerabilities serve as access points for attackers. Some MFA may have inherent weaknesses, including vulnerabilities in authentication protocols, software or misconfigurations. While MFA improves security over password-only authentication, it is not foolproof, necessitating continuous vigilance and improvement to counter evolving cybercriminal tactics.

Dave Kang, Advisory Solutions Architect at Dragos

Podcast

Practical Steps for Protecting IT & OT Systems from Ransomware Attacks

In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Dave Kang, Advisory Solutions Architect at Dragos and Kamil Karmali, Senior Global Commercial Manager, Cybersecurity Services at Rockwell Automation.

Learn how manufacturers can prepare for an attack; 3 key considerations for developing a unified IT & OT strategy; common governance models and decision-making structures; why you need a business continuity plan; and more.

Listen on your favorite podcast app or on the web, or watch their conversation on YouTube.

** Named “Best Podcast” 3 Consecutive Years! 2022-2024 Apex Award of Publication Excellence.

Listen Now Watch Now

Zero Trust, Many Benefits

Zero Trust is crucial for mitigating MFA and other cyberattacks, significantly reducing risk for OT and ICS. It minimizes the attack surface by segmenting the OT network into isolated zones, restricting attackers’ lateral movement even if they bypass MFA. Zero Trust continuously verifies and authorizes every access request, making it harder for attackers to exploit compromised credentials.

Enforcing the principle of least privilege, Zero Trust grants minimal access, limiting potential damage and restricting an attacker's reach to sensitive data. Beyond MFA, Zero Trust integrates various security controls, including micro-segmentation, network monitoring, endpoint protection and vulnerability management, creating multiple hurdles for attackers.

Zero Trust's continuous monitoring allows early detection of suspicious behavior, facilitating faster incident response and containment, minimizing the impact of cyberattacks.

Five Steps to Zero Trust

CISA’s executive order (EO) 14028 encourages IT/OT leaders in the industrial sector to take a stepped approach enforce Zero Trust standards within their organizations and bolster OT cybersecurity to thwart MFA attacks. These steps include:

1. Introduce the Concept of Protect Surfaces

In contrast to conventional security methodologies that often concentrate on the expansive and ever-evolving attack surface, a more intelligent strategy has emerged: the concept of protect surfaces.

Defining protect surfaces involves purposefully safeguarding critical elements such as data, physical equipment, networks, and essential assets. This targeted approach aims to address specific security needs, presenting a more manageable challenge compared to the broader attack surface. By identifying vital assets, including sensitive data and operational technology, organizations can establish a prioritized list for effective security and access management.

2. Map Transaction Flows for Prioritized Protect Surfaces

The next step involves analyzing user access, inter-system interactions, and optimal security conditions, such as multi-factor authentication (MFA), time/location checks and expected tasks. This meticulous analysis lays the groundwork for constructing a Zero Trust environment, one secure surface at a time.

This approach enhances cyber resilience and minimizes risk. For instance, a user's access to terminal services might necessitate MFA, specific time and location criteria and adherence to predefined tasks. Once protect surfaces, priorities and transaction flows are clearly defined, the process moves forward to architecting a Zero Trust environment, starting with the highest priority protect surface.

3. Architect a Zero Trust Environment

Zero Trust isn’t a standalone product but rather a harmonious combination of tools, with MFA, identity and access management (IAM), encryption and tokenization serving as instrumental components.

The key orchestrators in this symphony are smart segmentation and dynamic firewall policies. Envision policies based on factors such as who is requesting access, what resources are being accessed, where the request originates and when the request occurs. This nuanced approach gradually constructs a secure perimeter around critical assets, fortifying cyber defenses step by step.

4. Create a Zero Trust Policy

The establishment of a comprehensive Zero Trust policy is imperative, governing activities such as access controls and firewall rules. This policy should extend beyond intranet postings, incorporating educational programs to instill strong security practices throughout the organization. Regular cyber awareness training plays a pivotal role in reducing risks.

5. Monitor and Maintain the Network

Ongoing monitoring and maintenance are crucial for verifying the functionality of the Zero Trust environment and associated policies. Continuous assessment helps identify any gaps or areas requiring improvement, allowing for prompt course corrections.

Organizations can enhance their security posture by engaging a trusted Managed Security Services Provider (MSSP) with specialized expertise in OT cybersecurity, particularly for deploying and maintaining global-scale security measures.

Trusted Approach

Deloitte's 2023 CFO Insights report highlighted that organizations with mature Zero Trust models experienced $1.51 million lower breach costs compared to those in the early stages of implementation. This suggests Zero Trust effectively limits the spread of attacks within networks, minimizing the impact and facilitating faster containment.

Although not a cure-all, Zero Trust signifies a substantial change in security posture that can greatly enhance the security of OT and ICS environments.

Through the implementation of layered security controls, reduction of attack surfaces and continuous verification of access, Zero Trust significantly raises the difficulty for attackers to exploit vulnerabilities and jeopardize crucial industrial systems. Ultimately, this marks a triumph for manufacturers.

Like this article? Sign up for the digital magazine (4X/year) and e-newsletter from The Journal From Rockwell Automation and Our PartnerNetwork.

^{The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Endeavor Business Media.}