Do you know your vulnerabilities?
The amount of connectivity in today’s manufacturing environment means more attack surface – or vulnerabilities – for cyber threats to latch on to. Securing your production means looking beyond defense in depth strategies and addressing cyber risk across the attack continuum. But how?
Following the NIST cybersecurity framework is a good place to start.
- Identify what you have (asset inventory) and the associated risks.
- Leverage protective mechanisms like patching, tracking and access control to help protect what you have.
- Detect anomalies and events which bypass those protection mechanisms.
- Implement response capabilities.
- Develop a system to support rapid backup and recovery.
Successfully implementing these basic cyber hygiene tenets is the first step in building an effective cybersecurity program and improving your ability to defend against future cyberattacks.
How are you dealing with obsolescence?
There will be vulnerabilities. There will be obsolescence. And updates aren’t as easy as simply replacing hardware or applying a patch. You need to be mindful of the regulations and environment you’re in.
Consider the following when evaluating the risks of maintaining hardware or software:
- What is the impact of someone exploiting this vulnerability?
- Is there a way to address this vulnerability by applying an alternative mitigating control?
- If not, can you justify migrating to a supported platform/solution/product for this application?
There’s no one right answer. Depending on the controls and prevention mechanisms you have in place, you may choose to continue to produce or run a batch as-is because you feel protected and your risk mitigated. But asking these questions before an incident, understanding your security posture, and having proper documentation and controls in place, will help you be more confident in your decisions.