The growing significance of industrial cyber protection is a consequence of several security breaches that could happen in a manufacturing environment. These include incidents such exfiltration of industrial data, unauthorized access to industrial control systems, and manipulation of industrial processes or equipment. Security breaches could result in loss of control over production which in turn could lead to revenue loss and damages to brand reputation. Unfortunately, the consequences of industrial cyber threats are tangible and can include large scale disasters impacting populations and the environment.
Before applying industrial cyber security within a plant unit, it is imperative that companies understand the different layers of security that need to be applied in order to completely protect a manufacturing plant. In this blog post, we will delve into the method of “Defense in Depth” or the “Castle Approach”. The Defense in Depth philosophy is aimed at securing multiple aspects of a plant including personnel, procedural, technical and physical. The various layers of security controls include government policies and security frameworks, physical, network, system, application, and data layers as indicated in exhibit 12.
Adopting defense in depth involves a sequential and conditional approach. The different levels of security adoption include the following.
Security measures at the administrative level
These include the laws, regulations, policies, rules and guidelines that govern the informational security practices of the organization. Manufacturers looking to adopt cyber security should look at understanding in detail the cyber security laws and frameworks governing the specific region where the organization is operating.Common Misconceptions about Cyber Security
- It will not happen to me
- Not all end points require protection
- Anti-Virus and firewalls are sufficient
- End-point security cannot provide
For instance, the Department of Homeland Security (DHS) has recently issued strategic guidelines that emphasizes IIoT security. As a mushrooming number of connected devices are increasingly being relied upon by the national critical infrastructure, securing these systems has become a major priority. Manufacturers can adopt these principles as they design, manufacture and use connected systems. These guidelines are extremely important to help industrial enterprises make informed security decisions. The main high-level principles as defined by the DHS include the following:
The main high-level principles as defined by the DHS include the following:
- Incorporating security at the design phase - With an intention to maximize profits in less time, manufacturers fail to suitably secure their systems and processes. This leaves room for black hats to manipulate information in the network. The guidelines set by DHS however instruct manufacturers to incorporate these principles of cyber security right from the design stage.
- Enable security updates and manage vulnerabilities - Legacy industrial machines are still prone to attacks. These vulnerabilities can be addressed by thorough patching, delivering security updates and effective management of vulnerabilities.
- Employ proven security best practices - Proven and tested security best practices can be the starting point for implementing effective security measures in IT and OT environments.
- Prioritize security according to impact - Risks arising from cyber threats and the corresponding counter measures vary with the kinds of things being connected to the internet. These security measures would need to be prioritized based
uponthe intensity and nature of the potential impact.
- Promote transparency - Increased transparency and visibility into plant processes can help determine where and how to apply security measures.
- Careful consideration of connectivity - Industrial enterprises should carefully analyse their businesses and understand whether continuous connectivity is needed considering the risks associated with connectivity.
Security measures at the plant (physical) level
Plant security measures can help companies build and maintain a positive reputation among their customers. Improved plant security is also synonymous with improved productivity as it helps prevent unwanted theft or loss of data. This in turn can help in expanding business opportunities. At all times, manufacturing organizations are required to secure the physical aspects of their plant facilities including identifying and monitoring individuals who enter and leave the plant premises. Organizations also need to keep track of movement of industrial assets across the plant floor and supply chain and control access to sensitive areas within the plant facility. They also need to be constantly alert by optimizing response time to potential threats and alarms.
Security measures at the technical level
This includes technology components of a cyber-security system that helps in securing connected assets. These include security measures such as firewalls, anti-virus, data encryption, data back-up, user rights management etc. Many IT security vendors offer endpoint protection solutions, but not all of them offer comprehensive security to ICS endpoints and networks. For industrial end-users, any attack on the ICS could mean downtime and hence loss of business. The increasing complexities and intensity of cyberattacks is driving the need to not just prevent a possible attack, but also to sufficiently predict and pre-empt an attack. In addition, the convergence of IT and OT further necessitates a demand for security solutions that can be applied to legacy infrastructures as well.
Interested in learning more?
Register for our upcoming webinar “Cybersecurity in the Era of Industrial IoT” where we’ll expand on the recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
As Chief Marketing Officer at Bayshore Networks, Kirby is on a mission to educate and inspire leaders to act now to protect our industrial infrastructure - and our way of life - from cyber threats. Bringing more than two decades of executive leadership in both public enterprises and emerging startups, Kirby is a published author, keynote speaker, teacher, and frequent contributor to over 20,000 online followers.