- By John Parrott
- August 30, 2023
- Executive Corner
Industrial automation is supporting greater opportunities than ever before for improving operational efficiency, even as it is facing some of its greatest challenges in modern history in the form of cybersecurity threats. With skilled-workforce retirements leading to more outgoing than incoming personnel, technological innovation, especially related to data analysis and cloud transformation, can provide new capabilities, making jobs easier for personnel at all levels. But although this enhanced connectivity is essential to support corporate imperatives for remaining competitive, it comes with a shadow side: cybersecurity dangers that companies must work diligently to mitigate.
A multifaceted threat landscape
For production managers, unplanned downtime is public enemy number one, capable of derailing any day of productivity and profitability. However, the highly connected systems now essential for operating in the modern world also introduce openings for cyber breaches if not locked down effectively. Cybercriminals are now aware of the daily conditions business operate in, often with an acute understanding of the cost of downtime specific to a company. This knowledge enables more effective ransomware attacks, including financial demands for unencrypting data assets seized from an organization.
Data is at the core of modern manufacturing because it is used to make decisions and losing access to data limits operational efficiency. This loss is at the core of a cyber breach, and intrusion in OT environments carries the additional weight of potential equipment-imposed damage or safety risks.
Borrowing a term from the IT stack, cybersecurity must be established as a sustainable service. Within each company, it is a policy change that must be managed organization wide, applicable not only to devices and assets, but also to personnel and procedures.
Assess, protect, and detect
As the business landscape and networks become increasingly complex, it is critical to both strategically plan capital improvements and diligently maintain daily housekeeping. To navigate these sorts of procedures effectively in industry, companies can benefit by engaging consultants that understand OT threats and can provide informed and targeted guidance.
Cyber-preparedness begins with taking stock of all connected components within the walls of a facility. This includes gathering information on what is running where, at which address, and for what purpose. It is only possible to protect what is tracked and understood.
Next, companies should work with their selected consultant to develop and implement standard security protocols for individual devices, overall networks, and personnel procedures, all part of a defense-in-depth strategy. As organizations expand, it is critical to align with the standards while adapting, as necessary.
Many modern OT network security strategies rely on IT departments to airgap the automation system, with a single point or two for external access. But if the safeguard is breached from the outside or compromised by a user on the inside, the automation system must depend on its own set of protections, including:
- Network separation and segmentation.
- Protection against unauthorized access, or log-in.
- Protection against unauthorized modification and manipulation.
- Authentication support.
- Audit and security event reporting.
- Intrusion detection and alerting.
Intrusion detection is of particular interest because hacking does not occur in one fell swoop. Instead, it typically involves days, weeks, or months of bad actors snooping around the network to plan their attack. The best automated threat detection systems alert at first breach, providing administrators with advance notice to address vulnerabilities and either prevent or minimize the impacts of unauthorized access and manipulation.
These systems can even be set up to automatically begin mitigative measures. With the right backbone, AI algorithms can work in concert with industrial controllers to cut power in strategic locations, turn off device communications, initiate secure firewalls, identify and quarantine affected devices, and deny network access. Before unauthorized access can grow into highly consequential attacks, these quick intrusion detection and defense in-depth strategies can be used to drastically reduce the risk of disruptive incidents.
While cyber-preparedness comes with a price tag, today’s top industrial leaders understand the cost and risk of taking no action is greater. There are so many hypothetical scenarios to consider, and unfortunately, frequent headlines often preclude the need to use our imaginations. The cost of lost production at best, or safety compromise at worst, far outweighs the cost of putting protective safeguards in place.
Integrating an automated threat detection systems is one proactive step companies can take to significantly soften the blows. Today’s data-driven and highly interconnected processes leave no room for downtime when cybercriminals strike, and the world is depending on manufacturers staying online.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.