Cybersecurity protocols to maintain plant reliability and productivity


As industrial control systems (ICS) merge with traditional IT environments and corporate networks at increasing speed, many of these systems are vulnerable to cyberattacks.

About the Author: Enrique Martinez

A challenge we often encounter with manufacturing organizations across all industry verticals is the lack of a common vocabulary and goals. IT doesn’t “speak” manufacturing and operational technology, and manufacturing often doesn’t “speak” IT or security.

The risks of this misalignment are high. Cyberattacks in manufacturing can disrupt critical infrastructure operations, inconvenience customers, increase your operating costs, and introduce security risks to your workforce.

For example, consider a scenario we see all too often: a factory employee receives and clicks on a phishing email designed to impersonate a reputable sender in order to obtain sensitive information. This computer is compromised, allowing malicious actors to harvest employee credentials and gain access to the plant’s ICS network. From there, hackers can move laterally across the network installing malware, exploiting unpatched vulnerabilities, and wiping out all check stations to cause a disruption in the production line.

Such attacks can be avoided with a few basic security checks. It is imperative that maintenance and operations teams work with their IT counterparts to identify the greatest risks of this convergence and update their approach to security accordingly. When done effectively, safety is manageable and helps factories stay reliable and productive.

A robust defense-in-depth strategy with multiple layers in the event of failure is a proven method to protect these critical assets as they become more digitized. Below are some recommendations on how to get started.

Implement an IT/OT segmentation strategy

An IT/OT segmentation strategy separates ICS networks from corporate networks to prevent malicious actors from entering corporate networks and gaining access to ICS devices. This segmentation model can integrate with an IT/OT integration boundary zone (DMZ) for management tools, security tools, and jump hosts, and can establish security zones to ensure that devices are logically isolated to allow only required communications.

A good initial strategy begins with segmentation by system or device type using zones, conduits, boundaries, and security levels, as described in IEC-62443. This will limit the range of a specific device and prevent it from communicating outside of its system or group of devices.

For example, World Wide Technology worked with a major manufacturer to redesign its old flat network that housed over 2,500 applications. These applications manage sensitive customer data, intellectual property and production processes.

We started by analyzing and grouping applications based on the type of data they used, how they were accessed, and their connection to critical business operations. Then, we used these groups to develop a risk scoring system that served as the basis for selecting a micro-segmentation solution.

Implement network access control

Take segmentation even further by using Network Access Control (NAC), which requires a device to be authenticated and meet certain requirements (e.g., up-to-date patches and current antivirus signatures) before accessing the ICS network.

Use multi-factor authentication. Although most ICS devices lack the capability to support Multi-Factor Authentication (MFA) implementation, it can still be a viable tool. A jump host that requires MFA can help prevent unauthorized access and direct connections from a lower security network to a higher network.

Automate asset discovery

Automated asset discovery in the ICS environment continuously inventories, benchmarks, maps and monitors ICS networks for changes. It also provides a way to monitor security-related patches and firmware updates, allowing the system administrator to have a high level of awareness of the status of systems.

Use anti-virus software

Antivirus (AV) software can be used on systems such as host computers or human-machine interfaces (HMIs) that run standard operating systems (eg, Windows). AV software typically works by comparing files to known malware signatures and/or performing heuristics (i.e. behavioral analysis) to identify code that looks like malware. Files identified as malware are then cleaned or deleted.

Safe list of approved applications

The safelist allows a predetermined list of applications to run and prevents any application not on the list from running and introducing an attack vector.

Find potential security vulnerabilities using network monitoring, intrusion detection, and threat intelligence

Network monitoring helps detect anomalies and alerts system administrators and operators to take corrective action. It can also be configured to automatically filter malicious or unauthorized traffic. Threat intelligence services provide identified threat signatures, indicators of compromise, and discovered zero-day vulnerabilities to help detect and respond to anomalies and threats.

Create a change management program

A good change management program ensures that all changes are properly submitted, tracked, and approved, and helps correlate changes with detected ICS network anomalies.

Tips for working with your IT team

Countering cyber threats is critical to maintaining plant operations and revenue, as well as keeping plant workers safe. It requires alignment of executives, business leaders, IT, and plant operations – teams that don’t typically work together and have diverse backgrounds, experiences, expertise, and priorities.

When you need to solve an ICS problem, do you know who to contact in your IT team?

We often see engineering and operations teams bypass their IT counterparts and purchase and install technology solutions without the proper security and IT approval. This “shadow IT” approach can introduce risks that impact the safety and efficiency of plant operations.

To avoid this common pitfall, take control of the conversation. Members of the IT security team are allies who can help plant managers identify risks and securely integrate technology to ensure the security, availability, integrity and reliability of plant operations. ‘factory. Here are some starting points:

  • Identify key stakeholders. Make sure all relevant teams are included across IT, OT, and engineering.
  • Have a clear understanding of business line requirements and consider critical system dependencies. These dependencies are often not well understood or discovered early in the process.
  • Ensure frequent and clear communication between IT, OT and Engineering. Engineering input is the key to success. Early buy-in from all sectors makes engagement easier and more effective.
  • Prioritize risk reduction and availability of critical processes.
  • Develop a strategy for your approach to security. Not all controls can be deployed at the same time. Your planning should include tactical actions and milestones as well as a long-term strategy. WWT recommends conducting an assessment to determine the priority of efforts. Organizations often have a framework that can be leveraged to accelerate the implementation of control.
  • Think safety. Physical security and cybersecurity should be the primary focus of any engagement in operational environments.

This story originally appeared in the August 2022 issue of Plant Services. Subscribe to Plant Services here.

Source link