It’s a constant battle and the stakes are high. The fight against cyber threats is unending and the landscape is constantly changing. It can be hard to know if your industrial security strategy is enough, but one thing is certain. Failure to be ready comes at a high price and the threats continue to grow.
No one is surprised that cybercrime is increasing. Unfortunately, it pays to be a cyber-criminal – and it’s only getting worse. In the last two years, there was roughly $11.7 billion dollars in damages due to ransomware attacks, and at least 53% of industrial manufacturers have experienced a cybersecurity breach in their facility.
Industrial companies are particularly attractive targets for cyber criminals for a variety of reasons. First, many of these companies are working with legacy unpatched infrastructure and a lack of skilled resources to properly manage cyber risk. Adversaries know these environments have many vulnerabilities and, if attacked, would suffer significant consequences. So, given the seriousness of the situation, why do companies allow themselves to be in this position? The challenges are very real for many organizations, and it can be hard to have a complete security strategy without addressing them.
Challenges Facing Industrial Infrastructure
- Vulnerability – For many companies, security is simply an afterthought. Without proper policies and procedures in place, it’s very difficult to maintain a secure environment. A critical first step is to develop and enforce proper cybersecurity standards - and make sure you have buy-in from upper management. Keep track of evolving industrial security standards. Things change quickly and staying current will help you deal with aging industrial control systems and protocols.
- Skills gap – It’s no secret that there is a serious skills gap. The loss of qualified personnel through retirement puts many companies at a disadvantage. Having well-trained employees who understand and adhere to policies helps you address cybersecurity issues - and makes employees more productive.
- Inflexibility – If your company has low adoption of risk management processes, you need to find ways to get everyone on board. You may also have issues integrating new technologies or finding the right tools to manage your infrastructure, and sometimes there’s just too much data that lacks actionable information.
A second common source of vulnerability involves industrial automation environments that are poorly inventoried. If you don’t know what is connected in the environment, you can’t secure it. This important point can be addressed by enhancing your company’s Operations Technology (OT) visibility. It’s critical to know what assets you have and what their attack surfaces are. Not having answers to the following questions regarding your assets, may make your company more vulnerable to attack:
- Location - Where is the asset physically located? What is the operational purpose of the asset?
- Device – What is the type of device and who is the vendor? Record the model, serial number, firmware version, IP address, the operating system and Media Access Control (MAC)
- Applications – What apps are installed and what versions of the apps are running? What is the context of the device’s configuration?
- Communication - Neighbors, Protocols, Conversations, Frequency. What devices communicate with each other and what are those interdependencies? How often do these devices communicate? Do these devices only communicate within your internal network or do they communicate with the internet?
This is a big project and you may not be in a position to do this all without some outside help. Consider the value of working with a vendor who can help you perform an Installed Base Evaluation™ that identifies all your OT automation assets. This is a good way to identify internal risks caused by antiquated equipment and legacy devices. And, by working with a trustworthy, experienced partner with domain expertise in the OT environment, you can be confident that you have engaged people who understand the complexities with securing the OT environment.
There are also other steps that can be taken to improve your industrial security strategy – if you do them well.
Next Generation Firewalls
Of course, a properly hardened and configured firewall is a key component of robust cyber security. Keeping cybercriminals out is, after all, one of your primary goals. But not all firewalls are the same or provide the same level of protection. So how do you know if your firewall is good enough? It probably isn’t if you’re not using a next generation firewall that offers features like:
- Intrusion prevention and detection
- Application visibility and control
- Analytics and automation
- Malware protection
- Network profiling
- URL filtering
While you’re working hard to keep the hackers out, you probably still want to be able to provide secure remote access for the people who need it. Employees, suppliers and third-party technicians are among the people who may need to access company resources. In addition to complex and frequently changed passwords, logging and recording every action allows audits and investigations in case of an information security incident. When you have sufficient remote access policies and procedures, they will:
- Eliminate direct interactions between remote users and network assets and enforce a single access pathway
- Define and enforce remote diagnostics and maintenance operations conducted via locally installed applications
- Monitor, record and observe user activity in real time and terminate the session as needed
If your remote access system can’t do these things, it’s time to upgrade.