CISOs and organizations should follow to improve or implement a comprehensive industrial cybersecurity program as an integrated part of their daily operations.
This is an exclusive article series conducted by the Editor Team of CIO News with Harshad Mengle, Global Chief Information Security Officer (CISO) at Tata Chemicals.
Digitalization and cybersecurity go hand in hand. As operations become more connected, data-driven, and autonomous, organizations exposure to cyber threats increases.
Hackers are aware of this vulnerability and are now strategically attacking information technology (IT) and operational technology (OT) environments that are converging. By gaining access through something as simple as a flash drive, they know they can halt operations.
Organizations can’t simply fight the last battle and then focus on protecting them against ransomware. CISO’s need to build an industrial cybersecurity program that defends organizations against the next attack.
As operational technology (OT) continues to connect to IT systems and newly designed cyber-physical systems (CPS) are deployed, OT security is evolving from network-centric security to CPS asset-centric security.
As per the analysts, 8% of organizations are making security moves past the awareness phase, and most start their journey with a discovery effort.
Manufacturing Business/Mission Objectives
Maintain human safety.
Manage cybersecurity risks that could potentially impact human safety. The cybersecurity risk to the manufacturing system could potentially adversely affect human safety. Personnel should understand cybersecurity and safety interdependencies.
Maintain environmental safety.
Manage cybersecurity risks that could adversely affect the environment, including both accidental and deliberate damage. The cybersecurity risk to the manufacturing system could potentially adversely affect environmental safety. Personnel should understand cybersecurity and environmental safety interdependencies.
Maintain the quality of the product.
Manage cybersecurity risks that could adversely affect the quality of the product. Protect against compromise of the integrity of the manufacturing process and associated data.
Maintain production goals.
Manage cybersecurity risks that could adversely affect production goals. Cybersecurity risks to the manufacturing system, including asset damage, could potentially adversely affect production goals. Personnel should understand cybersecurity and production goal interdependencies.
Maintain trade secrets.
Manage cybersecurity risks that could lead to the loss or compromise of the organization’s intellectual property and sensitive business data.
A comprehensive industrial cybersecurity program should have a team of OT cyber experts working on assessing, planning, and developing OT network protections, as well as managing detection and incident response. A successful implementation, supported by industrial cybersecurity managed services, will meet the organization’s specific needs, minimizing their operational cyber risk.
A Few Top Industrial Cyber Threats
- Ransomware
- Industrial Control System (ICS) Wi-Fi
- Unmanned Aerial Vehicle (UAV)
- Insider Threat
- Network Compromise
- Distributed Denial-of-Service (DDoS) Attacks
Legacy operational technology continues to interconnect with IT systems, and newly designed cyber-physical systems are being deployed with a growing variety of communications protocols. This forces setting up a granular level of access controls. Plant interface systems (HMIs) typically have challenges getting integrated with LDAP or directory services, as most of the time these systems are designed to work in workgroups.
Complex architecture, disconnected systems, and new vulnerabilities are facing us, which need specialized security skills to handle.
Following are a few suggestions CISOs and organizations should follow to improve or implement a comprehensive industrial cybersecurity program as an integrated part of their daily operations.
- New Cyber Targets: Industrial Control Systems (ICS) and Operational Technology (OT)
Cyber attackers are adapting quickly and targeting organizations where they can have the most impact. OT is a new kind of prize. Cyber attackers no longer just want to steal and manipulate data—they want direct control. This includes shutting down, overspeeding, overloading, and disrupting operations.
Remember, when exploits occur at any point on the OT network, threats can easily spread to other devices, escalating risks quickly.
- Expanding Operations: Attack Surfaces are Growing.
As operations expand, so do all the ways cyber threats can get into systems. This is called “attack surface,” and the rush to grow has too often left cybersecurity as an afterthought. Cyber attackers look for vulnerabilities, and when there is expansion, they are trained to look for cracks.
- New Technology = New Cyber Risks
Digitalization, innovation, data leverage, and automation are competitive advantages in the market that also present cyber risks. Connectivity increases as more sensors, devices, and the Industrial Internet of Things (IIoT) are added to the operational network. The push of the technology envelope and the pressure to beat competitors to market often mean that cybersecurity is left out, increasing overall risk.
- Remote capabilities are open to attack.
Many organizations depend on the remote monitoring and management of assets. Although it offers many advantages, it also opens operations to attack. Remote systems provide more opportunities to penetrate defenses, more connection points, and more ways to remotely take control of an organization’s operations. The more remote visibility and control you have, the more you could potentially surrender to a cyberattacker.
- Cyberattackers are forming businesses.
There are many different types of threat actors out there, including terrorists, hacktivists (politically motivated hackers), and more. Their motivation varies. Some want to have an immediate and devastating effect; others want to lay low, quietly waiting for the most opportune moment to strike. Regardless, they have come together to form actual businesses around hacking, and they all have one thing in common: You are the target.
What Organizations Should Do
Basic cyber hygiene can go a long way toward reducing industrial cyber risk. A few quick points to strengthen OT cybersecurity:
- Invest in cybersecurity: To minimize OT cyber risk, organizations must have the correct programs with powerful capabilities in place.
- Know what to protect: Have a robust and automated asset inventory and management system.
- Manage vulnerabilities: Know the holes in the defenses, then prioritize those holes and close them.
- Start at the concept phase: Make security-by-design and supply chain risk management a core part of new construction and expansion.
- 24/7/365 visibility and control: Don’t fly blind. Secure a robust monitoring and response program.
- Find the right partner: Experience and expertise in OT cyber are a necessity. Find the right partner with a customizable solution.
One team, the CISO, and the plant team
The Chief Information Security Officer (CISO) and the OT Plant Manager should collaborate to establish a robust OT cybersecurity program. Here are the ten essential steps they should follow:
- Asset Inventory and Classification:
- CISO: Work with the OT team to create an inventory of all OT assets, including controllers, sensors, actuators, and communication devices. Classify assets based on criticality and function.
- OT Plant Manager: Ensure that the asset inventory is accurate and up-to-date. Prioritize critical assets for protection.
- Risk Assessment and Threat Modelling:
- CISO: Conduct a comprehensive risk assessment specific to OT systems. Identify vulnerabilities, threats, and potential impacts.
- OT Plant Manager: Collaborate with the CISO to understand the risk landscape. Consider safety, production, and business continuity implications.
- Security Policies and Procedures:
- CISO: Develop and document security policies and procedures tailored to OT. Cover areas such as access control, patch management, and incident response.
- OT Plant Manager: Implement and enforce these policies within the OT environment. Train plant staff on security protocols.
- Network Segmentation:
- CISO: Define network segmentation strategies for OT. Isolate critical systems from non-critical ones to limit lateral movement during an attack.
- OT Plant Manager: Implement network segmentation based on the defined strategy. Monitor and maintain network boundaries.
- Access Control and Authentication:
- CISO: Implement strong access controls. Use multi-factor authentication (MFA) for privileged accounts.
- OT Plant Manager: Ensure that only authorized personnel can access OT systems. Regularly review access permissions.
- Vulnerability Management:
- CISO: Establish a process for identifying and assessing vulnerabilities in OT systems. Regularly scan for vulnerabilities.
- OT Plant Manager: Prioritize and address vulnerabilities promptly. Coordinate with vendors for security patches.
- Incident Response Planning:
- CISO: Develop an incident response plan specific to OT. Define roles, communication channels, and procedures.
- OT Plant Manager: Participate in tabletop exercises and drills to test the effectiveness of the plan.
- Continuous Monitoring and Threat Detection:
- CISO: Deploy monitoring tools for real-time visibility into OT networks. Detect anomalies, unauthorized changes, and potential threats.
- OT Plant Manager: Collaborate with the CISO to monitor network traffic and respond to alerts promptly.
- Security Awareness and Training:
- CISO: Conduct regular security awareness training for all employees, emphasizing OT security best practices.
- OT Plant Manager: Ensure that plant staff understand their role in maintaining OT security.
- Regulatory Compliance and Reporting:
- CISO: Stay informed about relevant regulations (e.g., PCB, NIST, and IEC 62443). Prepare compliance reports as needed.
- OT Plant Manager: Provide necessary documentation for compliance audits and reporting.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.