There are well-defined steps to protecting operational security, with the first being a comprehensive, detailed analysis of operational vulnerabilities. The second step is to secure networks, and there are four key elements to this step, according to “2021 Cybersecurity: Assess Your Risk,” a new report from PMMI Business Intelligence.
While each manufacturer will have their own specific needs to address when it comes to cybersecurity, there are four common steps to improving security, including:
• Aggressively segmenting networks.
• Making sure networks and equipment are regularly updated/patched.
• Tightly controlling access permissions to networks.
• Maintaining an emergency recovery plan.
If manufacturers have multiple separate networks that are connected to one another, the more interconnected an operation is. A more heavily interconnected operation is more vulnerable to cyber intrusion. Cyber criminals gaining access to one network would be able to use it as a bridge to reach other networks within the organization, and this route enables attackers to move from IT operations to OT operations and vice versa.
Manufacturers can aggressively segment their equipment and their network with tactics such as using varying IP ranges, VLANs, and network micro segmentation. Fifty-eight percent of organizations state they use at least one of these strategies currently, but mingled networks remain a common problem exploited by cyber criminals. By carefully assessing components of their manufacturing process that need to be networked together, and whether or not that network needs to be directly connected to a larger enterprise-wide network, networks can be siloed. Access to larger, operation-spanning networks should be tightly controlled and limited to as great an extent as possible.
Another key element is properly maintaining systems and equipment by updating them on a regular basis. Software and hardware used by manufacturers receive regular updates and patches, and it is easy to fall behind on these updates if they are not specifically made a priority, creating serious vulnerabilities for cyberattack. This is especially true for manufacturing, as OT-based attacks continue to increase, carrying with them the risk of costly physical damage to the surrounding environment.
Outdated versions of software are target to exploitation by cyber criminals as they often contain well known security gaps that have been subsequently fixed in newer versions. Many new IIoT devices, such as individual machine sensors, do not receive any regular support or patching, making it more essential to keep the equipment they are connected to up to date.
Said one CEO of a security partner, “The first step is to assess your company’s risks with a proper audit, providing the foundation of where you are at today and where you want to be in the future. The second step is to keep your assets inventory updated for hardware, software, and firmware.”
Once networks are segmented as much as possible and have been thoroughly updated and patched, manufacturers should focus on managing access to them. Standard best practices, include utilizing multi-factor authentication, having unique logins for each person with access, and frequently changing unique passwords. Any remote access should also be operator controlled and time limited, to guard against lapses in security. In general, network access should allow employees access to the bare minimum number of files necessary to complete their tasks. By restricting access to only essential personnel and exercising some basic best practices for logins, manufacturers can go a long way toward securing their networks from outside intrusion.
In the event of a breach, manufacturers need to have an emergency recovery plan in place and ready to deploy. It is important that a recovery plan be well thought out and thorough, and it should also be vetted and tested for effectiveness. Making sure it works and knowing exactly how it will be executed before it is actually needed in a crisis is essential. Most companies do have a disaster recovery plan in place, but only 37% of them have ever actually tested it outside of a crisis, and if employees do not have experience executing and managing it, it will not be effective.
Download this FREE report below.
Source: PMMI Business Intelligence, “2021 Cybersecurity: Assess Your Risk”