Cybersecurity for manufacturers in 2022: no margin for error

by FM Media
0 comment
warehouse factory interior photo

IT and OT teams have their work cut out for them in 2022. Dick Bussiere outlines three key actions for ensuring security objectives are met.

As our digital and physical worlds become increasingly intertwined, the manufacturing sector in Australia has become one most frequently targeted by cybercriminals. Technology trends, combined with tech deployments triggered by the pandemic, are impacting operational technology (OT) environments, generating an increased volume of remote access instances and posing potential security risks. 

This year, major cyberattacks on top-tier manufacturing and critical infrastructure players have provided eye-opening illustrations of the potential large-scale impact such events can have on broader society and the economy. And it’s a stark reminder that there’s no margin for error when it comes to cybersecurity. 

Within the sector, both IT and OT teams will have their work cut out for them in 2022. Traditionally, the two have struggled to collaborate efficiently, due to misaligned priorities and perceptions of risk, but as our world becomes increasingly digital, IT and OT  will have to collaborate as a unified team  to build security frameworks that keep OT environments safe, while adjusting to new technology developments. 

A more interconnected world

OT operators manage physical processes and their presence is usually required on site to ensure operations are running smoothly and instruments are accurately reporting what is happening physically. That said, COVID-19 forced some monitoring and operations to be done through remote access as plants were forced to limit the number of personnel present in the facility. 

This trend will continue due to the operational efficiencies that this model has introduced. Remote access to OT for certain functions is here to stay. It is worth noting that some remote access solutions were done rapidly in response to the pandemic and should be re-evaluated for their overall security. Major technological developments will also increase the volume of indirect interaction between the OT environment and the outside world. 

Large and interconnected networks such as smart cities, intelligent buildings or smart power grids, and the increased use of IoT, or connected devices and sensors, will trigger a shift from closed and isolated OT environments to more periodic access from essential external organisations or devices. These external entities very often will be owned and operated by external entities and therefore not under the direct control of the OT operator. 

More access, more risk

To help maintain safe and continuous operations of critical infrastructure, specific and strict security adjustments should be made to ensure backdoors to OT infrastructures do not remain wide open. This is where collaboration between IT and OT teams is paramount. 

There are three key actions that need to be taken to ensure security objectives are met: continuous monitoring and assessment, strict remote access rules and security, and data security. 

1. Monitoring and assessment 

Because OT is periodically connected to a point in the outside world, IT/Security teams should consider enhancing their ongoing assessment and monitoring capabilities. The objective is to monitor any device or external stakeholder accessing OT, and be able to detect anomalies or threats, as well as act in real-time to limit the impact of any cyber incident. Devices connecting externally to the OT environment must be considered as part of that environment and monitored for threats, vulnerabilities and weak configurations. Continuously assessing the overall system, will help detect vulnerabilities, enabling teams to patch them as quickly as possible. This is especially important regarding any solution that may have been deployed in a rush during the pandemic.

2. Remote access rules and security

OT and IT teams should define remote access rules, aligning on scenarios where OT needs to be remotely accessed. As a rule of thumb, this should be limited to exceptional cases, such as diagnostic and maintenance from equipment vendors, troubleshooting operations under unusual circumstances, or plant and business managers’ access to production information and data. 

Robust and flexible secure remote access solutions must be employed to create an ultra-safe environment when remote connections are needed. These solutions must come with strict access policies, where only the stakeholders that absolutely need access to OT should be allowed, and their access restricted to the specific assets they need to interact with, and for only the time they need the operation to take place. The security perimeter should also extend to the devices that are used by external stakeholders to access OT; these must be locked down, used solely for the purpose of remote access, and have only software required to accomplish the mission installed.

3. Data security

With the democratisation of data analytics to improve business processes and performance, and for remote monitoring purposes, businesses increasingly require data from OT for analysis and decision-making. One way to secure this process is with data diodes, which are hardware devices that only allow data to travel in one direction – from a protected environment to outside stakeholders. Data diodes are built so that no data can enter the environment, because the physical hardware that would enable the entry simply doesn’t exist. Data diodes, therefore, enable the export of essential data to a point that is outside of OT, and remove the risk that any incident happens through the use of an SRA.

Beyond the technical aspects, it’s also important that all personnel involved receive adequate security training. Many recent studies indicate that human error is the source of most cyber incidents. This includes onsite personnel and OT/IT teams, but also broader, business-wide education to all employees, including the business leadership. 

Cyber incidents in manufacturing can have disastrous financial and reputational ramifications, both for the business involved, but also on external stakeholders. Industry players have a responsibility to ensure they don’t leave any stone unturned, and as the OT landscape continues to shift, they should stay ahead of the cybersecurity curve.

Dick Bussiere is technical director, APAC, at Tenable.

Photo by Jake Nebov on Unsplash

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More