5 Strategies to Strengthen Industrial Cybersecurity

By Kamil Karmali, Sr. Global Commercial Manager, Cybersecurity Services, Rockwell Automation

In 2022, there was a 2,000% increase

in cybersecurity attacks targeting commonly used protocols, enabling threat actors to disrupt operational technology (OT) operations. Critical infrastructure environments rely heavily on OT and industrial control systems (ICS) to manage and control the vast network of power plants, grids and distribution systems. These systems have introduced unprecedented efficiency and productivity.

As reliance on technology deepens, so does our vulnerability. And while cyber threats have evolved across various sectors, the energy industry has become the most targeted industry, reporting three times as many attacks as any other sector.

This article will discuss the alarming rise of cybersecurity attacks on the critical infrastructure sector. It will highlight essential strategies for establishing a resilient cybersecurity framework tailored for OT/ICS environments, prioritizing safety and reliability to help secure operations and ensure ongoing availability.

Evolution of Cybersecurity Threats

Digital transformation has helped enterprises in every industry become more efficient, accurate and innovative. However, the increasing number of systems, networks and devices being connected in OT and ICS environments, coupled with legacy equipment, leaves organizations exposed to new vulnerabilities. In 2022, the number of U.S.-based threat actors attacking industrial organizations grew by 35%.

The infamous Colonial Pipeline attack in 2021 proved how severe attacks on critical infrastructure can be. As a result of the DarkSide ransomware group stealing a single password, 45% of pipeline operators were impacted, 17 states declared a state of emergency and we witnessed oil supply shortages throughout the country.

More than 80% of cybersecurity attacks, including the Colonial Pipeline incident, originate from compromised IT systems. IT attacks typically begin with network discovery helping attackers learn where assets are and how to get to them.

With OT attacks, threat actors are looking to disrupt industrial operations. Attackers can manipulate what operators see and, in many cases, take control of specific processes by using tools and exploiting remote services and application layer protocols.

Cybersecurity attacks are growing more frequent and sophisticated. Critical infrastructure companies must prioritize safety and reliability, and implement a strong, modern OT/ICS security program to help protect against cyberattacks.

The Three Phases of Cyber Defense

The ROI of effective cybersecurity is avoiding the risks of downtime and damage from a breach. By implementing comprehensive cybersecurity policies, companies can help protect valuable assets before, during and after an event or attempted event may take place.

Phase 1: The first step to develop a strong cybersecurity program is determining where the vulnerabilities lie in the organization’s systems and networks. This helps organizations prioritize vulnerabilities based on the severity and potential impact on critical processes.

To strengthen OT cybersecurity, manufacturers should follow these 5 strategies:

1. Identify all assets that need to be protected and gather all associated vulnerabilities and criticality associated with those assets.
2. Prioritize the assets and calculate a “risk score” that can be used continuously monitored during the life cycle of the cyber program.
3. Secure remote access, through stronger passwords and multi-factor authentication.
4. Segment IT and OT to make the most of firewall configurations that will help keep IT attacks from bleeding into OT environments.
5. Continuously train internal staff to keep up with the latest phishing scams and how to avoid them.

Phase 2: Cybersecurity assessments aren’t a one-time deal, continuous monitoring is vital to maintain protection. The threat landscape is constantly evolving, with new vulnerabilities and attacks emerging all the time.

This means organizations need to continuously monitor their networks and systems for threats. By implementing continuous monitoring tools, enterprises can detect and respond to security incidents in real time.

Phase 3: With backup and disaster recovery plans in place for applications and data, organizations can systematically respond to unusual events. When clear policies and procedures are in place to handle cybersecurity incidents effectively, normal operations can resume quickly after an event.

Using modern OT incident response techniques and adopting proactive security measures will enhance the safeguarding of critical systems and services. Efficient, well-coordinated OT incident response capabilities are essential for bolstering an enterprise's ability to withstand growing threats. Furthermore, this approach helps enterprises meet cybersecurity incident reporting regulatory requirements.

Evolving Regulatory Requirements

Since 2019, major companies have paid regulators an estimated $4.4 billion

in fines, penalties and settlements due to cybersecurity incidents, showing the severity of security compliance infractions. To help mitigate risks and reverse the chronic underreporting of cybercrimes, governments around the globe are compelling public and private sector entities to disclose cybersecurity incidents, data theft and ransom payments.

U.S. companies operating in critical infrastructure sectors must now report breaches, under the Cyber Incident Reporting for Critical Infrastructure Act of 2022

(CIRCIA), directing organizations in critical infrastructure sectors to disclose significant cyber incidents that impact their operations within a specified time frame. It also provides legal protections for organizations that report on incidents and ransom payments.

Globally, the United Nations is discussing the considerations of an international treaty focused on individual data protection and cyber resilience.

Organizations that put safeguards in place throughout the cybersecurity incident response journey will find it simpler to meet compliance requirements. These requirements are often built on principles from the NIST Cybersecurity Framework and current security approaches (see chart).

Actions such as keeping track of assets, ongoing threat monitoring, securing networks and having plans for responding to incidents all follow the NIST Cybersecurity Framework. This framework can be used to generate information suitable for reporting compliance.

Fortify or Fall

60% of cybersecurity incidents relating to OT/ICS networks result in operational disruption. To help prevent disruption, addressing cyber threats must be more than fixing vulnerabilities. It demands a proactive commitment to strengthening defenses against evolving challenges.

The NIST's "identify, protect, detect, respond, recover" framework provides a guide for modern cybersecurity practices in ICS/OT, bolstering critical infrastructure resilience.

By taking these proactive steps, manufacturers of all sizes can mitigate the impact of cyber threats and help fortify the security and resilience of their OT systems. This strategic approach safeguards against potential disruptions and lays the foundation for a robust and adaptive cybersecurity posture.

 

 

Like this article? Sign up for the digital magazine

(4X/year) and e-newsletter from The Journal From Rockwell Automation and Our PartnerNetwork.

^{The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Endeavor Business Media.}