Industrial Cybersecurity: 10 Things You Need To Know
Why Industrial Cybersecurity Matters: A Series
Over the following weeks, we will reveal 10 questions industrial enterprises commonly ask as they approach the topic of cybersecurity when it comes not only to their Information Technology (IT) networks, but to their Operational Technology (OT) infrastructures as well. These are important questions that must be answered. Only in this way can digital transformation be achieved in a way which does not severely threaten the business, its intellectual data and the viability of its operations.
Question 1: How concerned should Plant Managers be about Cybersecurity?
The job of any manufacturing plant manager is to ensure production continuity in line with a company’s business plan and to avoid unplanned downtime at all costs. To do that, plant managers must not only have an effective Asset Performance Management strategy in place, but must implement a reliable Industrial Cybersecurity plan to support and protect it.
As factories and industrial sites continue to transform and become more digitalized, more and more of their critical assets and infrastructures are becoming connected to the Industrial Internet of Things (IIoT). As a result, the security of their Operational Technology (OT) is becoming more and more important, and more and more at risk at the same time. Plant management must avoid the “security-by-obscurity” approach in order to reap the benefits of digital visibility without succumbing to its threats and risks. Today, managers must ask themselves not if their plants will be attacked, but when.
Question 2: If a hacker could access an industrial plant’s network or machines, what could happen?
Once they are in, hackers can do a number of different things to wreak havoc or interrupt production. A hacker can simulate that a machine is working properly when it is not, for example. Without intervention, this can lead to machine health problems due to overwork, and ultimately to machine damage or a full production line outage.
Alternatively, a hacker can simulate that a machine needs maintenance when it does not, leading you to lose time and money in order to stop production for unplanned (and unnecessary) maintenance activities.
A hacker can also try to access and modify your Programmable Logic Controller (PLC) firmware, damaging the product and production quality as a result, and leading to financial losses, excess time and material costs to set up new production, and delivery delays.
Remote access can be compromised by hackers.
Finally, a hacker can try to access a router, a PLC, an Internet of Things (IoT) sensor or an industrial PC in order to navigate from your industrial network to your enterprise IT network. Unsecured plant networks give hackers a way in, so they can seek out sensitive company data such as intellectual property information, customer data, financial balance sheets, and so on.
In other words, cybersecurity should not be an afterthought to Factory Digitalization. If your plant’s systems and assets are not being monitored and managed in a secure way, you are playing with fire.
Question 3: Who should be responsible for cybersecurity at an industrial plant – Information Technology (IT) or Operational Technology (OT) personnel?
This varies on a company-by-company basis. The correct answer is highly dependent on a number of different factors – in particular the size of the organization, the breadth of its digital ecosystems and the relationship between manufacturing and IT management.
Historically, cybersecurity has been regarded as a function of the IT department. Data is stored on computer systems, so IT leadership is made responsible for protecting it. As an industrial organization grows and digitalizes, however, it naturally follows that the complexity and volume of its OT infrastructure and connected assets do as well. In such cases, it is very risky not to have skilled personnel dedicated to overseeing and ensuring OT cybersecurity, albeit always in alignment and communication with IT and business leadership. In fact, we have seen large manufacturing organizations successfully create full-fledged steering committees dedicated to the cybersecurity of the company's industrial control systems. These committees are typically comprised of factory automation, risk management and IT personnel, with the automation group taking the lead. The largest organizations, on the other hand, put OT cybersecurity in the hands of a dedicated Chief Information Security Officer (CISO).
A final note! Cybersecurity is everyone's responsibility. The fact is that people represent the greatest risk to the security of your systems and assets. Not hackers, but employees. Modern attacks now take place on multiple levels - and they are no longer purely technical. If you do not invest in educating and preparing all personnel connected to your digital plant networks on the topic, cyber criminals can and will use your employees against you – although most of these people will have no idea that they are doing anything wrong.
Question 4: Where should industrial enterprises begin when assessing the level of cybersecurity at a plant?
Where does the industrial OT cybersecurity journey begin? First of all, and before solutions, management needs to verify that both their production plants and their company are compliant with government and industry cybersecurity regulations. Compliance with regulations is the first step towards security, because it forces companies to audit and understand their own internal processes. More often than not, this undertaking opens eyes to risky behaviors and procedures of which they were probably unaware.
Some regulations in scope of this assessment should be:
- NIST (National Institute of Standard and Technology) Cybersecurity Framework;
- NIS (National Intelligence Strategy) for Cyber Threat Intelligence;
- ISA/99 IEC 62443 Standard for Cybersecurity of Industrial Networks.
Because in-depth knowledge of these standards and regulations is rarely present internally within industrial enterprises, manufacturers should start with an assessment supported by ISA/99 IEC 62443-certified experts. This is the only way to ensure a comprehensive, complete and accurate analysis that identifies all the greatest risks and vulnerabilities threatening your operational technology today. Watch our webinar to learn more.
Question 5: What are the greatest weak points for cybersecurity within an industrial facility?
A plant can have many vulnerabilities. For example, an old version of PLC software being used. A PC with Windows XP OS installed but unpatched for production outage risk reduction. Unmonitored behavior of external engineering or maintenance personnel with access to the plant. Automation. Incorrect (or worse, missing) network segmentation. The list goes on.
One of the biggest vulnerabilities, and the one most overlooked, is the human factor. People pose the greatest threat to your plant’s security, and often not because they are maliciously undermining protocol, but due to lack of awareness. There is an easy solution for this. In order to mitigate the human risk, management must keep their employees informed and educated about expected security processes in the workplace, and do so continuously. They can set up training courses on best practices and cybersecurity standards. They can launch phishing campaigns and organize cybersecurity competitions to engage employees. When you integrate people successfully into your cybersecurity framework, rather than keep them outside of it, plant vulnerability is greatly reduced.
Question 6: Does a plant manager need to worry about a robot or machining center? Will old equipment need to be replaced to make it secure?
The first element to be looked at here is the physical equipment itself. Plant managers do not need to be worried about connected robots and machining centers if they are up-to-date with security protocols. Old equipment will not need to be replaced ahead of expected asset maintenance lifecycles as long as threat detection can be assured. Many machine vulnerabilities in manufacturing plants today are related to old software versions being installed or the lack of properly supported operating systems for older automation models. These vulnerabilities can be identified, addressed and mitigated, through virtual patching and other solutions, but this cannot be achieved without a comprehensive Enterprise Asset Management (EAM) strategy in place.
The second element to be looked at here are all the players and people responsible for designing, manufacturing, supplying, managing, maintaining and operating the physical equipment in question. With the convergence of IT and OT, cybersecurity is no longer somebody else’s problem. In the connected age of Industry 4.0, it is everyone’s responsibility, shared by robot designers and manufacturers, system integrators, maintenance teams and plant operators, all of whom can have a (good or bad) impact on the security level of operational technology. Asset Performance Management (APM) solutions that ensure traceability and compliance with industry regulations across the end-to-end asset lifecycle are the key to security in this case, as well as the continuous training of those whose behavior can put it at risk.
Question 7: What role does hardware vs. software play in industrial cybersecurity? Will we need to invest in new hardware and/or software for our factory?
Hardware and software are the two pillars of industrial cybersecurity. To remain safe from the threat of OT and IT cyberattacks, industrial organizations need both hardware and software solutions to protect their physical and digital structures.
Hardware security protects industrial machinery from cyber threats. Using specialized devices to help protect data through encryption and decryption, it offers immunity from inherent weak points of the existing operating system. Hardware security devices are not computers; they can only perform limited actions, which makes them very difficult to corrupt. However, outdated hardware can be vulnerable to crashes or physical damage.
Software security protects digital assets from threats using measures such as antivirus programs, password managers and firewalls. Of the two pillars, software is generally believed to be the major source of security issues due to the ever-evolving hacking methods of cyber attackers. On the upside, software security solutions are readily available for a variety of operating systems, are generally cheaper than hardware solutions and can be used to protect all devices within an organization under one system. Software is also much easier to update but requires time, money and specialized personnel to implement recommended security patches.
Protecting your business from cyberattacks requires both hardware and software security. Your current cybersecurity solutions should be replaced if they are putting critical operations and data at risk; to understand that, an assessment of your hardware and software is imperative. Understanding your system’s current weak points will allow you to better identify the appropriate cybersecurity solutions and mitigate your industrial organization’s risk of cyber threats.
Question 8: What if a plant does get hacked or attacked? What should be done? How should plants prepare for that possibility?
If your plant falls victim to a cyber attack and your industrial machinery/data systems are hacked, the best case scenario is to have an educated workforce and the right software solutions to enable a swift response following a structured, standardized plan of action. Following this plan, the threat must first be identified. Next, the source of the cyber threat must be located, whether that be a virus, malware or unauthorized remote access. Third, stakeholders in the company must be alerted of the issue as soon as possible. Only then can they take immediate action to ensure that users on the infected network can minimize losses and users on clean networks can help stop the spread. From there, infected networks must be isolated and investigated to determine if the nature of the cyber attack has created any additional weaknesses in IT/OT infrastructure that will allow future access to hackers. Finally, a recovery plan must be implemented to restore systems to operational status.
The most important aspect of long-term cybersecurity is to take preventative measures going forward, strategies that are executed comprehensively and holistically. An effective prevention strategy has continuous employee training as its cornerstone, but it is also critical to ensure systems and assets are monitored and meet the most recent compliance regulations, which are continuously changing and evolving along with cyber threats. Companies should execute vulnerability assessments on a regular basis and implement security solutions customized to meet the needs of their Operational Technology. Finally, employing internal technical experts that are equipped to handle security threats is key. By carefully following each of these steps, your company can shield itself from the threat of plant hacking.
Question 9: What does the future hold? Will cybersecurity threats get better or worse?
Cyber attacks across every industry are becoming more frequent, targeted and complex. According to a recent cybersecurity resilience study, attacks on industrial organizations have increased by 31% since 2020, and successful breaches have increased from 44% to 61%. Despite these concerning figures, cybersecurity solutions are constantly being developed to handle increasingly sophisticated attacks. Upgrading your current systems and implementing these new technologies could save your company thousands if not millions of dollars in damages.
By combining the power of OT & IT cybersecurity solutions with user education, vigilance and preparation, your company can mitigate the risk of cyber threats and minimize losses by responding quicker to security breaches.
Question 10: Help! What can the Engineering Group offer in terms of solutions and support for Industrial Cybersecurity?
In today’s complex digital environment, handling cybersecurity threats requires a structured, holistic approach that will enable businesses to identify and detect cybersecurity threats, protect their data and machinery and swiftly respond to and recover from cyber attacks. Keeping these core values in mind, our Industries eXcellence specialists can create a customized digital security blanket where different technology platforms collaborate and offer progressive barriers to ensure that companies are adaptable and resilient. Our process starts with an in-depth assessment where we study current cybersecurity infrastructure and identify systematic weak points. From there, our experts determine the best solutions, form an implementation strategy, execute according to plan and provide support to IT/OT users throughout the entire process.
With over 550 Cybersecurity specialists worldwide and 4 proprietary data centers that oversee 21,000 servers and more than 10 petabytes of customer data, The Engineering Group boasts one of the leading cybersecurity centers of competence of its kind. Moreover, our organization’s continuous investment in people and research ensures that our offering and approach to cybersecurity evolve along with the complexity of the world around us. As a result, we have the vision, resources and experience required to protect and enable your organization as it embraces digital transformation.
To learn more, download the Engineering Group’s cybersecurity white paper.
Our Industrial Cybersecurity Expert
John Bataille is an Information Technology expert for the Industries eXcellence division of Engineering Industries eXcellence. John has 10+ years of experience in Application Support, System Administrations, Cybersecurity and Operational Technology (OT) Security. He handles all Information Technology needs for Engineering Industries eXcellence’s internal teams and offices and leads our global customer software support practice.