Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

All Posts

Cybersecurity Preparedness Depends on Procedures and Infrastructure

Ransomware and malware are increasingly targeting industrial operational technology (OT) networks and applications, forcing OT to play catch up with information technology (IT) by defining and following strategies for defense in depth.

Every member of an organization in the OT space, from its frontline workers to executives, must change daily procedures to incorporate cybersecure best practices to keep production and data uncompromised. While there has been a substantial increase in vulnerability assessments—efforts surveying networks, applications, and organizational practices for weak points where bad actors can gain access to sensitive information—the patches being implemented remain subpar in many instances.

You know you have a problem, but how do you fix it? It is one thing to be aware of your vulnerabilities, and another to deal with them effectively.

Part of the issue began 20 years ago. As technology was rapidly evolving and OT began connecting isolated subsystems, many companies never stepped back to confirm infrastructure was ready. Today, many manufacturers are creating controllers and smart devices with cybersecurity in mind, but installing these products in a facility does not compensate for underlying infrastructure vulnerabilities.

With so much to be done, planning and prioritizing is critical. Efforts should focus on network infrastructure and core components. Many modern OT network security strategies rely on IT departments to air gap the automation system, with a single point or two for external access. But if the safeguard is breached from the outside or compromised by a user on the inside, the automation system must depend on its own set of protections. These include:

  • network separation and segmentation
  • protection against unauthorized access, or log in
  • protection against unauthorized modification and manipulation
  • authentication support
  • audit and security event reporting
  • intrusion detection and alerting.

Intrusion detection is of particular interest. A 2018 study by Mandiant revealed the average containment time of cybersecurity crises in 2017 was five days after detection. However, the average time for intrusion detection was a staggering 66 days. Although cybercriminality is very much a developing practice, the good news is there are parallels among many incidents.

Hacking does not occur in one fell swoop. It typically involves days, weeks, or months of bad actors snooping around the network and making a battle plan, be it a coordinated multi-actor effort or a lone wolf attack. By giving organizations the tools to detect unauthorized access and activity, smart automation systems can shut down these intrusions long before they turn into frontpage headlines.

This is accomplished by threat detection devices—which funnel all data to and from an OT network—working in concert with programmable logic controllers and other controllers. Artificial intelligence and machine learning algorithms can perform tasks such as cutting power in strategic locations, turning off device communications, initiating secure firewalls, identifying and quarantining affected devices, and denying external access to the network during cyberevents. Before unauthorized access can grow into a highly consequential attack, these quick intrusion detection and defense-in-depth strategies can be used to drastically reduce the risk of disruptive incidents.

Managers and leaders must support modern infrastructure improvements and champion safe practices in their companies. Cyberevent prevention begins with a culture of awareness and is carried forward by appropriate investments in people, procedures, and products.

This is more important than ever because global supply chains carry the potential for chaotic disruption with widespread impact, sometimes triggered by exploiting a single vulnerability. For this reason, there is no room for downtime when cybercriminals strike. With cyberattacks, it is not a question of if, but of when they will impact your organization. By taking proactive steps, companies can significantly reduce their impact.

This blog has been repurposed from InTech.

Achilli Sfizzo Neto
Achilli Sfizzo Neto
Achilli Sfizzo Neto is the head of the factory automation business for Siemens Digital Industries, U.S. He was previously CEO for Chemtech – A Siemens Business; business unit head for Process Industries and Drives and Process Solutions; and division head for Building Technologies in Brazil. He also brings sales, service, and operations experience from Avaya and Nokia.

Related Posts

The Open Secret—A Shared Legacy

Everyone knows that security starts simple—patch your machines. But what about the ocean of un-patchable ...
Rebecca Faerber Jan 18, 2022 5:30:00 AM

White Paper Excerpt: Implementing an IACS Cybersecurity Program

ISA/IEC 62443 provides a powerful tool to reduce the risk of financial, reputational, human, and environm...
Gary Rathwell Jan 11, 2022 5:30:00 AM

LOGIIC Endorses ISA Industrial Control Systems Cybersecurity Training

ICS Cybersecurity Training for Remote Staff In late 2019, LOGIIC (Linking the Oil and Gas Industry to Imp...
Brian Peterson Jan 4, 2022 5:30:00 AM