Optimizing your OT/IT cybersecurity strategy for an Industry 4.0 world
Organizations that depend on operational technology (OT) as the critical backbone to their ability to generate revenue are coming under more pressure than ever before to have systems and metrics in place to prevent or significantly reduce the likelihood of cyberattacks. In the European Union, all manufacturers will need to be compliant with NIS2 regulations by October, or they will be sanctioned and fined.
While in the U.S., the National Institute of Standards and Technology’s (NIST) best practices for OT cybersecurity are currently not mandated, it would not be surprising if that changed in the future to further protect our supply chain and the U.S. economy.
See also: IT/OT convergence: The making of a modern plant
Every day, organizations are being attacked by cyber criminals. According to a recent study by IBM, manufacturing is the most attacked industry for the third year in a row, making up 25.7% of incidents in the top 10 attacked industries.
Reading the headlines alone should be impetus enough for leaders to do everything in their power to mitigate risk. While losing money from stalled operations is terrible for the bottom line and shareholder value, power grids and drinking water supplies that are compromised can be dangerous, if not deadly.
See also: Webinar: Tons of tips from three experts on ‘Being Digital’
So, how do you take advantage of the benefits that come with Industry 4.0 without exposing your operations and your people to vulnerabilities?
No. 1: You can’t protect what you don’t see
Having visibility into every asset connected to your OT network is a critical first step.
The challenge in manufacturing, public utilities, and other regulated industries historically has been keeping all parts required to run an operation organized and moving. With IT networks connecting to historically isolated “legacy” OT networks and IT and OT converging, the potential for cyber criminals to capitalize on vulnerabilities can increase.
Knowing what you need to protect is half the battle. According to Ponemon Institute’s survey, 69% of organizations either have “no inventories or inaccurate and outdated inventories,’ which means they are not documented properly for an IT environment.
See also: How to choose security for your OT operations
Go beyond having merely a list of your assets to a more visualized hierarchy to produce information for each department and different levels of management within your organization.
Look at your organization’s networks that have servers, switches, and access points, that may also have turbines, generators, and PLCs connected to your network.
When you have a consolidated view of the assets on your networks through monitoring, you can identify unauthorized activities and stop them before they turn into problems that can halt production.
No. 2: Ensure your IT and OT network admins stay in touch
This may seem elementary, but it is critically important that your OT and IT network admins develop a strong relationship and engage in a frequent flow of communication on what is happening on both network types and how anomalies can impact operations.
OT network admins are highly specialized and understand certain changes in their network may not be dire or require immediate review, so having an open—and productive—dialogue between OT and IT teams will help to keep your networks and your operations running smoothly.
No. 3: Don’t overlook the obvious—physical security
You would be surprised how many organizations come under attack or experience unintentional problems with their operations because someone who shouldn’t have access to a facility found a way in.
See also: Risk is different with AI. Here’s how to think about it
Ensuring that your CCTV cameras and access controls are operational, and that the data is being transmitted and stored properly, can help prevent unauthorized access to your facility. Without a holistic view of both your OT and IT networks, there is no way for your organization to truly know.
No. 4: Create and continually update disaster recovery plans
Unfortunately, experiencing a cyberattack is not an “if” scenario. Three methods of attacks that prey upon the growing number of vulnerabilities in legacy OT systems that are among critical concern are ransomware, session hijacking, and advanced persistent threats, or APTs.
Having a solid plan that changes as your infrastructure evolves is critical to not lose production time, critical data, and money. In your plan, make sure you have backups, including a disaster recovery site. Stay up to date on the latest firmware for everything you have installed, making the possibility of a crippling attack less likely.
No. 5: Only use vendors with earned compliance credentials
Technology vendors that have gone through rigorous approvals to obtain certifications like ISO-9001 demonstrate that they take security seriously and can assure high, consistent quality, customer satisfaction and well-functioning processes.
See also: Episode 2 of (R)Evolutionizing Manufacturing: Data is everything
Using only vendors, especially ones related to network monitoring, with these high standards of excellence, is an additional assurance that there are less ways for cyber criminals to break through. If you aren’t sure if those in your current stack are certified, ask them, or search the regulating body’s website.
Organizations must adopt comprehensive security measures, including continuous monitoring, strong isolation strategies, and a proactive approach to vulnerability management, to mitigate these risks effectively.
See also: Securing OT’s future: Strategies to adapt in an evolving environment
Remember that active monitoring, regularly scheduled checks initiated by your monitoring solution to probe the operational status of network devices and services, helps obtain timely information about the state of your industrial systems, possibly offering early warnings of potential performance degradation and anomalies that make your network vulnerable to cyberattacks.