Greater connectivity and information sharing – enabled by technologies such as smart devices, inspired by concepts like the Internet of Things, and brought to life in The Connected Enterprise – are significantly transforming companies and their operations.
They’re converging information technology (IT) and operations technology (OT) systems and using new technologies such as mobile, analytics, cloud and virtualization to do more than ever before.
This increased level of connectedness allows manufacturers to benefit and address challenges that more traditional models and operating practices were not able to offer. Vast data streams are acquired, processed and transmitted often in real time. However, it's these very streams of data and interconnectedness that are putting industry at risk.
Just as the nature of manufacturing and industrial operations has changed, so have the security risks. More connected operations can create more potential entrance points for industrial security threats. These threats can come in many forms – physical or digital, internal or external, malicious or unintentional.
Taking a Holistic Approach to Cyber Security
Holistic industrial security is enterprise-wide, starting at the plant level and encompassing every individual end device. Taking a holistic approach to cyber security is of paramount importance, especially in today’s rapidly evolving digital manufacturing environment. It addresses risks from all sides: people, processes and technologies. In addition, it brings together IT and OT teams, both of which are indispensable in securing network architectures.
Forward-thinking companies use strategies and tactics to manage risk and help minimise or mitigate threats. Physical security strategies are no longer enough to protect operations. Today, manufacturers also need to understand and assess their industrial cyber security requirements and take a proactive approach to managing risks.
Proactive Threat Hunting
You may have a strong industrial security program in place and have implemented intrusion detection systems to avoid future incidents. But in the complex world of cyber security, you can’t stop there.
Despite all your efforts, latent advanced persistent threats (APTs) are still a concern. They are slowly at work trying to find chinks in your armor and exfiltrate data, bogging down your operations, and intrusion detection isn’t going to catch this activity.
Threat hunting is one of the next logical steps in your cyber security program. In its simplest form, you are searching the network for external threats or intrusions that went undetected by automated security systems. It is a very scalable exercise and can be done with varying degrees of automation, including none at all.
It can not only further protect your proprietary recipes and information, but has great potential for improving operational efficiencies as well. While this practice isn’t entirely new to the IT space, it is making its way into OT environments.
Threat hunting is proactive, and takes a step back from the scanning tools, traps and future-focused infrastructure already in place. In an age of technology, it uses gray matter to uncover malicious activity and infiltrations that have been hiding in your network for months, maybe years. Further, it can find correlations not otherwise detectable between network activity and production inefficiencies.
The good news is, you likely have what you need to get started. Your HMIs and servers are already creating activity logs you can gather and analyze offline so there’s no stress on the network or production interruptions. Go hunting for infiltrations before they impact your plant floor.
Protecting Critical Infrastructure
Analogous to the pharma industry, critical infrastructure such as power plants are an obvious target for security threats.
As a result, any company that generates power must be especially vigilant when it comes to understanding evolving cyber security threats. It is imperative that power producers keep current on the latest processes and solutions that can be implemented to combat these threats.
As cyber security threats significantly increase each year, what can you do to help protect your operations?
Defense-in-Depth (DiD) is based on the idea that if any one point of protection is defeated, additional layers will subsequently need to be defeated. Therefore, DiD security establishes multiple layers of protection through a combination of physical, electronic and procedure safeguards. A DiD security approach consists of six main components: policies and procedures, physical security, network, computer, application and device.
Your plant’s automation system is likely a small part of capital assets or costs. However, it can have a disproportionately large impact on helping you meet your security goals – similar to the impact it has on your production, quality and safety goals. Before selecting vendors for any system that will be connected to your network, request that they disclose their security policies and practices.
Rockwell Automation has a strategic partnership with Cisco to better understand evolving cyber security best practices and have defined five core security principles for designing products used in a control system:
- Secure network infrastructure
- Authentication and policy management
- Content protection
- Tamper detection
Power generators should look for a structured and tailored approach to meet physical and cyber security requirements. Multiple layers of protection, a highly integrated cyber security suite and other upgrades can help producers get ahead of risks already running throughout the industry.