Gone are the days of stand-alone manufacturing equipment. Today, plant managers can track equipment function, productivity, and maintenance requirements through the connected power of automation and the industrial Internet of Things (IoT). This convergence of information technology (IT) and operational technology (OT) is critical to reducing costs and enhancing performance gains, but when everything is networked, it opens new opportunities for attack. Threat actors seek the weakest links across connected ecosystems, rendering traditional cybersecurity measures insufficient and creating a “new normal” where cyber attacks move across converged IT and OT environments.
Eighty-two percent of security practitioners in a 2017 survey predicted that unsecured IoT devices would likely cause a data breach in their organization, and incidents like the 2017 NotPetya malware attack demonstrate that complex, interconnected IT and OT systems can be weaponized for rapid, widespread devastation, disrupting everything from product development to fulfillment and shipment.
IT/OT convergence is a critical business enabler, but it must be accompanied by integrated cybersecurity across the enterprise. Here are five recommended actions to help address the challenges of a connected manufacturing environment.
No. 1: Assess your security capabilities and risk landscape
First, document and understand the operational environment. That includes the network, data flows, and details of connected devices, as well as physical access points that could be exploited, such as sensors or switches. Segment your critical systems by looking at the various data and underlying operational flows across not only OT applications, but from underlying operating systems and protocols, too. NotPetya showed that organizations can be breached within moments despite meeting compliance standards and implementing precautions like firewalls.
No. 2: Identify your greatest vulnerabilities, characterize threats, and prioritize risks
Prepare to prioritize protections by tallying up critical assets and processes that would have the largest impact, if compromised. Start with hardware and software vulnerability analysis, along with documenting and mapping of critical processes and embedded systems.
No. 3: Understand and establish roles and responsibilities
Roles and responsibilities around enterprise cybersecurity and manufacturing cybersecurity must be clearly understood. Formalize your combined security approach by developing the policies, plans, and procedures necessary for managing and maintaining a cyber-secure posture. Establish a governance program backed by executive leadership to enable continued transformation over time.
No. 4: Provide continuous awareness, education, and practice
Drive organizational change by providing education and awareness programs that are tailored by role—general managers need different insights than plant managers, who need different insights than procurement specialists, and so on. Educate operators and administrators about relevant cyber risks to foster a culture that prioritizes cyber as a key enabler of safety, revenue generation, and business operations and stability. A delay in production could greatly impact current contracts, revenue, and an organization’s reputation and long-term growth. To help build awareness and preparation, test your posture by providing role-specific practice opportunities with cybersecurity exercises such as wargaming. According to a 2018 survey, 61 percent of manufacturers say they conduct semi-annual cyber exercises.
No. 5: Gain deeper visibility to identify and respond to incidents
Deploy detection sensors, centralized log aggregation, and a consolidated monitoring capability to gain greater, faster visibility into cyber threats across the manufacturing environment. Synchronize response efforts by establishing a coordinated approach to managing OT and enterprise incidents.
When cybersecurity and its impact is widely recognized as a business priority, stakeholders can use hard work and change management to strengthen the organization’s security posture and help promote safety, productivity, and customer trust. With a threat landscape that’s always evolving, the steps above will help propel your organization towards a resilient approach to IT and OT cybersecurity.