1. What are the biggest security struggles you hear from customers in Asia-Pacific today?
Practically every security team struggles to keep up with the onslaught of operational challenges, budget constraints, and fast-evolving threats. Breaches happen regularly and any organization is vulnerable.
We asked this same question to attendees of webinars recently conducted here in the region. Among the top results from over 320 responses were:
- Unpatched legacy infrastructure
- Lack of IT/OT collaboration
- Skills shortage and gap to implement and manage the required tools, technologies in a complex OT environment
There are manufacturing organizations that have been around for 20, 30, 50 years, built during a period when securing networks was not necessarily top of mind – leading to unpatched legacy infrastructure. There is a lack of visibility with poor inventory of assets too, and this is an issue as you cannot protect what you cannot see.
As more Asia-Pacific industrial manufacturers adopt digital transformation to outpace their competition, IT-OT convergence is mandatory. However, IT and OT teams have different priorities and complexities. Implementing OT security is not the same as implementing IT security. It is highly recommended for both teams to communicate and collaborate to enable a more seamless integration since many of the best practices in using technology can be deployed in OT for a better ROI.
With the rise of such convergence across IT/OT, comes the rise of demand for new cross-functional skills in manufacturing to design and manage the protection of your industrial systems which many organizations do not have in-house. Working with qualified partners with the right expertise that can provide the necessary services can be a way for them to address their security needs.
Additionally, the pandemic has led to a rise in demand for a secure remote framework and that has compounded the need for a good security framework.
2. In which areas of the OT environment do manufacturers face the most breaches?
Cybercrime has increased by 600% since the start of the COVID-19 pandemic, and over the last three years, we have witnessed a growth of cyberattacks in Asia-Pacific, of which, many go undetected, and many are unreported. Attacks can occur directly from the enterprise IT network, into the plant network, and/or indirectly via a compromised VPN, USB devices in an industrial control system (ICS) supply chain via the onsite/remote maintenance route. There could also be insider threats where an unhappy employee may intentionally want to harm the company through methods including stealing intellectual property.
Many times, breaches originate in the enterprise IT environment. The breach lingers for some time before spreading to other networks including ICS.
Essentially, any asset where a piece of program can be executed or altered is a potential threat!
3. Could you share some key tips on the top controls all organizations should employ for a successful cybersecurity strategy?
Vulnerability management is the proactive process of identifying, analyzing, reporting, prioritizing and remediating any security threats or vulnerabilities across your IT and OT assets and systems. One way to begin this journey is by using risk and vulnerability assessment services. The findings can be used to prioritize tasks in the short term and build a roadmap for a defensible architecture paving the way for security by design.
This can be paired together with boosting your real-time monitoring and threat detection capabilities, all in the effort, to maintain constant vigilance to help identify and prevent any possible risks to your systems and networks, no matter what state they are in today.
Since the pandemic, the rise of remote work has intensified the need for secure remote access infrastructure and here in Asia-Pacific, we are seeing a pickup for such services. More customers – small and large – are becoming more mindful of the security implications of an unsecure remote-access connection to better protect themselves and their customers.
Another top control is to build a proactive OT-specific incident response plan so your team is better prepared to handle any potential security threats to minimize damage. An example is the Rockwell Automation Incident Response Framework, consisting of notification, assessment and containment, as well as remediation, incident post-mortem and improvement plan phases to help our customers and partners design the right plan for their business.
Last but not least, nurture a security state of mind among your employees on the importance of cybersecurity. Your people are your most important assets and they are critical in this continuous journey of securing your operations. Arm them with the information that they need to spot any potential risks through regular training sessions and sharing.
4. What would you suggest to a manufacturer who is eager to introduce cybersecurity measures in their operations but does not know where to start?
Every company is unique in terms of their maturity, risk appetite, budget availability, associated threat landscape, and what they have done, are doing, and want to do as part of their industrial operations. When we work with customers who need cybersecurity support, we recommend following the widely accepted NIST Cybersecurity Framework (Identify, Protect, Detect, Respond and Recover).
Engage the right partner with the relevant expertise and skillset to help create a tailor-made roadmap to help protect your infrastructure and assets now and into the future as cybersecurity is a never-ending process. The right partner should be able to act as a strategic advisor to help you meet your security goals in alignment with industry standards and frameworks, possess IT/OT security know-how and managed services capabilities, and be a trusted supplier with an ecosystem of collaborative technologies to best address your security concerns holistically.
We work with our customers on a “good, better, and best” model where they start with the basics from becoming risk-informed to operationalizing security capabilities such as monitoring and managed services in a repeatable fashion, to then learning from insights and becoming adaptive and evolving with any new risks or threats.
5. How is Rockwell Automation helping manufacturing companies interested in embedding modern cybersecurity as part of their business?
With 100+ years of industrial automation experience, we are continually expanding and integrating state of the art capabilities into our security portfolio to help customers simplify the journey and protect their company’s products, operations, and customers using solutions developed with security and risk-mitigation at the design level, by the world’s principal OT specialists. We have 16 remote support centers globally with 24/7 monitoring capabilities with a 99.9% service level agreement adherence.
As a manufacturer, we understand the security challenges fellow manufacturers face across the supply chain. With our growing expertise and skilled workforce, we can support a proactive cybersecurity stance with comprehensive services covering the entire attack continuum – before, during and after an event. We work with an ecosystem of key players in cybersecurity including Cisco, Claroty, CrowdStrike, Dragos, Fortinet and Microsoft to deliver and manage a comprehensive end-to-end suite of industrial security services including various “as a service” models such as Security Operations Center (SOC)-as-a-service and infrastructure-as-a-service (IaaS).
To learn more about our industrial cybersecurity services, visit our cybersecurity webpages.
