Automation Today 82 | Feature Story

Implementing Cybersecurity in Manufacturing according to NIST Best Practices

A practical guide to safeguarding IT and OT systems in a tech-driven world.

How seriously does your organization consider cybersecurity as part of its business strategy?

The 9^th edition of the State of Smart Manufacturing Report reveals that cybersecurity ranks third as an obstacle to growth, appearing in the top five for the first time. From this result, it’s clear that businesses need to improve the integration of cybersecurity within their IT and OT systems. Manufacturers are also already stepping up their technology investments by 30% to counter the risks of cybercrime, of which upskilling talent and hiring skilled employers are prioritized.

Additionally, in the 2024 State of Operational Technology and Cybersecurity Report by Fortinet, it is stated that 73% of OT professionals experienced intrusions that impacted their OT systems in some way. This is a stark increase from just 49% the year before. All of these point to an elevated need for cybersecurity awareness and action to mitigate the risk of cyberattacks.

Addressing Cybersecurity through the NIST Cybersecurity Framework

To address these challenges, the National Institute of Standards and Technology (NIST) developed a cybersecurity framework that provides a structured approach to managing cybersecurity risks. First introduced in 2014 to support critical infrastructures, NIST released version 2.0 this year with a goal to broaden its use-case to be applicable across organizations.

There are six parts to the NIST framework – Identify, Protect, Detect, Govern, Respond and Recover. According to NIST, the first four points should all happen continuously, while preparing the remaining two points – Respond and Recover – so they are ready to be implemented should a cybersecurity incident occur.

These foundational aspects guide businesses in the right direction and give them a starting point to addressing network security threats.

As industries and the threat landscape rapidly evolve, the NIST framework introduces the adoption of practices to simplify manufacturers’ cybersecurity journey according to their risk appetite.

Building a Cybersecurity-first Mindset with NIST

An organizational culture that prioritizes cybersecurity doesn’t happen overnight. However, this is possible to achieve with the right mindset and guidance. Here’s a guide to get started, referencing the NIST framework.

Open All

Identify the assets and risks that your organization has. Conduct a thorough inventory of IT and OT assets, including data, hardware, software, systems, facilities, services, even the people involved, as well as suppliers and any related risks from external parties. Then assess and identify the potential cybersecurity risks and vulnerabilities in each of them.

Next, conduct a gap analysis. Compare your organization’s current cybersecurity measures against the NIST cybersecurity framework core (CFC) to identify any gaps and identify the steps that need to be taken to bridge those gaps. Organizations should be looking at opportunities to improve policies, plans, processes, procedures, and practices, keeping in mind the other functions within the NIST CFC.

Establish a clear governance structure. Define clear roles and responsibilities, including the formation of a cybersecurity governance team. Governance is critical and necessary for incorporating cybersecurity into an organization’s broader enterprise risk management (ERM) strategy, as it will be the source of truth that aligns the entire organization in the development and execution of a cybersecurity strategy.

Develop policies: From governance discussions, create cybersecurity policies and procedures that align with NIST CSF and ensure that they are enforced across the organization. With clearly outlined roles and responsibilities, enforcing policies should be a seamless process.

Upon assessing the needs and coming up with the appropriate policies and procedures, deploy the appropriate security solutions. Implement perimeter controls, network-based solutions, and endpoint protection.

Integrate monitoring tools that are built for industrial control systems (ICS) and OT security. This ensures timely threat detection and response.

The best asset of any organization is their people. Conduct regular cybersecurity training sessions to keep employees updated on the latest cyberthreats and equip them with the knowledge so they know how to react if a breach happens.

Cybersecurity is a constantly evolving space that works in the dark, so it’s important to have ongoing awareness campaigns to keep it top of mind.

Every organization should have arrangements made for a Security Operations Center (SOC) and a Cybersecurity Incident Response Team (CSIRT) so they are prepared around the clock, should potential cybersecurity incidents occur.

Develop OT-specific response plans. Be clear on the incident response plan and actions that need to be taken. Make sure to have a recovery plan in place to restore operations as soon as possible.

Supporting manufacturers with end-to-end cybersecurity

As cybersecurity risks continue to expand with new technologies, managing those risks must be a continuous process. Regardless of where an organization is in their cybersecurity journey, there is always room for improvement.

Rockwell Automation can help manufacturers align with the NIST CSF and achieve compliance with a combination of the right expertise, technology, and tools. Securing OT networks with the NIST frameworks also fast-tracks compliance with future regulations such as the EU Cyber Resilience Act and the Machinery Regulation (EU) 2023/1230.

Industrial Cybersecurity Services by Rockwell Automation:

A holistic strategy
Covering enterprise IT and OT environments, we provide products, services, and solutions that are more secure and resilient across environments.
Governance and structure
Cybersecurity risk is part of our overall Enterprise Risk Management program led by security leaders including the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) with oversight from the board of directors.
Defense in depth
All perimeter controls, network-based controls, network-based controls, and endpoint protection are managed with a mix of human expertise and machine intelligence so that nothing gets past without scrutiny
Incident response
A 24/7 SOC monitors and detects incidents with CSIRT handling the incidents based on severity. This specialized team will immediately prioritize the handling of any incident, and work closely with customers depending on the nature, extent, and impact of any given incident.
Employee training
We provide regular security training and phishing assessments to ensure that employees not only know the cybersecurity best practices but also to act as a “human firewall” for the organization.

Ultimately, the safety of every organization comes down to the level of preparedness. By adhering to reputable compliance standards and working with partners that have the right expertise, businesses can operate with peace of mind knowing they have the best solutions in place at all times, in turn saving their businesses from costly cyberattacks that could severely impact the bottom line.

It’s never too early or too late to improve your organization’s cybersecurity practices! Get started here.