Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Cybersecurity Preparedness Depends on Procedures and Infrastructure

Ransomware and malware are increasingly targeting industrial operational technology (OT) networks and applications, forcing OT to play catch up with information technology (IT) by defining and following strategies for defense in depth.

Every member of an organization in the OT space, from its frontline workers to executives, must change daily procedures to incorporate cybersecure best practices to keep production and data uncompromised. While there has been a substantial increase in vulnerability assessments—efforts surveying networks, applications, and organizational practices for weak points where bad actors can gain access to sensitive information—the patches being implemented remain subpar in many instances.

You know you have a problem, but how do you fix it? It is one thing to be aware of your vulnerabilities, and another to deal with them effectively.

Part of the issue began 20 years ago. As technology was rapidly evolving and OT began connecting isolated subsystems, many companies never stepped back to confirm infrastructure was ready. Today, many manufacturers are creating controllers and smart devices with cybersecurity in mind, but installing these products in a facility does not compensate for underlying infrastructure vulnerabilities.

With so much to be done, planning and prioritizing is critical. Efforts should focus on network infrastructure and core components. Many modern OT network security strategies rely on IT departments to air gap the automation system, with a single point or two for external access. But if the safeguard is breached from the outside or compromised by a user on the inside, the automation system must depend on its own set of protections. These include:

  • network separation and segmentation
  • protection against unauthorized access, or log in
  • protection against unauthorized modification and manipulation
  • authentication support
  • audit and security event reporting
  • intrusion detection and alerting.

Intrusion detection is of particular interest. A 2018 study by Mandiant revealed the average containment time of cybersecurity crises in 2017 was five days after detection. However, the average time for intrusion detection was a staggering 66 days. Although cybercriminality is very much a developing practice, the good news is there are parallels among many incidents.

Hacking does not occur in one fell swoop. It typically involves days, weeks, or months of bad actors snooping around the network and making a battle plan, be it a coordinated multi-actor effort or a lone wolf attack. By giving organizations the tools to detect unauthorized access and activity, smart automation systems can shut down these intrusions long before they turn into frontpage headlines.

This is accomplished by threat detection devices—which funnel all data to and from an OT network—working in concert with programmable logic controllers and other controllers. Artificial intelligence and machine learning algorithms can perform tasks such as cutting power in strategic locations, turning off device communications, initiating secure firewalls, identifying and quarantining affected devices, and denying external access to the network during cyberevents. Before unauthorized access can grow into a highly consequential attack, these quick intrusion detection and defense-in-depth strategies can be used to drastically reduce the risk of disruptive incidents.

Managers and leaders must support modern infrastructure improvements and champion safe practices in their companies. Cyberevent prevention begins with a culture of awareness and is carried forward by appropriate investments in people, procedures, and products.

This is more important than ever because global supply chains carry the potential for chaotic disruption with widespread impact, sometimes triggered by exploiting a single vulnerability. For this reason, there is no room for downtime when cybercriminals strike. With cyberattacks, it is not a question of if, but of when they will impact your organization. By taking proactive steps, companies can significantly reduce their impact.

This blog has been repurposed from InTech.

Achilli Sfizzo Neto
Achilli Sfizzo Neto
Achilli Sfizzo Neto is the head of the factory automation business for Siemens Digital Industries, U.S. He was previously CEO for Chemtech – A Siemens Business; business unit head for Process Industries and Drives and Process Solutions; and division head for Building Technologies in Brazil. He also brings sales, service, and operations experience from Avaya and Nokia.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM