Create a free Manufacturing.net account to continue

4 Strategies for Bolstering Industrial Cybersecurity

As reliance on technology deepens, so does our vulnerability.

Kamil Karmali
Jun 19, 2024
Hacking Alarm

In 2022, there was a 2,000 percent increase in cybersecurity attacks targeting commonly used protocols, enabling threat actors to disrupt operational technology (OT) operations. Critical infrastructure environments rely heavily on OT and industrial control systems (ICS) to manage and control the vast network of power plants, grids and distribution systems.

These systems have introduced unprecedented efficiency and productivity. As reliance on technology deepens, so does our vulnerability. And while cyber threats have evolved across various sectors, the energy industry has become the most targeted industry, reporting three times as many attacks as any other sector.

The Evolution of Cybersecurity Threats

Digital transformation has helped enterprises in every industry become more efficient, accurate and innovative. However, the increasing number of systems, networks and devices being connected in OT and ICS environments, coupled with the legacy equipment housed in industrial environments, leaves organizations exposed to new vulnerabilities. In 2022, the number of U.S.-based threat actors attacking industrial organizations grew by 35 percent.

The Colonial Pipeline attack proved how severe attacks on critical infrastructure can be. As a result of the DarkSide ransomware group stealing a single password, 45 percent of pipeline operators were impacted, 17 states declared a state of emergency and we witnessed oil supply shortages throughout the country.

Similar to the Colonial Pipeline attack, more than 80 percent of cybersecurity attacks started with compromising IT systems. IT attacks typically begin with network discovery helping attackers learn where assets are and how to get to them. With OT attacks, threat actors are looking to disrupt industrial operations. Attackers can manipulate what operators see and, in many cases, take control of specific processes by using tools and exploiting remote services and application layer protocols.

With cybersecurity attacks growing more frequent and more sophisticated, critical infrastructure companies must prioritize safety and reliability. This can be realized by implementing a strong, modern OT/ICS security program.

The Three Phases of Cyber Defense: Before, During, After

The return on investment of effective cybersecurity is avoiding the risks of downtime and damage from a breach. By implementing comprehensive cybersecurity policies, companies can help protect valuable assets before, during and after an event or attempted event may take place.

Phase 1: The first step to develop a strong cybersecurity program is determining where the vulnerabilities lie in the organization’s systems and networks. This helps organizations prioritize vulnerabilities based on the severity and potential impact on critical processes. To get stared strengthening OT cybersecurity, organizations should:

  • Identify all assets that need to be protected and gather all associated vulnerabilities and criticality associated with those assets.
  • Prioritize the assets and calculate a “risk score” that can be used continuously monitored during the life cycle of the cyber program.
  • Secure remote access, through stronger passwords and multi-factor authentication.
  • Segment IT and OT to make the most of firewall configurations that will help you keep IT attacks from bleeding into OT environments.
  • Continuously train your internal staff to keep up with the latest phishing scams and how to avoid them.

Phase 2: Cybersecurity assessments aren’t a one-time deal - continuous monitoring is vital to maintain protection. The threat landscape is constantly evolving, with new vulnerabilities and attacks emerging all the time. This means that organizations need to continuously monitor their networks and systems for threats. By implementing continuous monitoring tools, enterprises can detect and respond to security incidents in real time. 

Phase 3: With backup and disaster recovery plans in place for applications and data, organizations can systematically respond to unusual events. When clear policies and procedures are in place to handle cybersecurity incidents effectively, normal operations can resume quickly after an event. 

Using modern OT incident response techniques and adopting proactive security measures will enhance the safeguarding of critical systems and services. Efficient and well-coordinated OT incident response capabilities are essential for bolstering an enterprise's ability to withstand growing threats. Furthermore, this approach helps enterprises meet cybersecurity incident reporting regulatory requirements. 

Looking Ahead to Evolving Regulatory Requirements

Since 2019, major companies have paid regulators an estimated $4.4 billion in fines, penalties and settlements due to cybersecurity incidents - showing the severity of security compliance infractions. To help mitigate risks and reverse the chronic under-reporting of cybercrimes, governments around the globe are compelling public and private sector entities to disclose cybersecurity incidents, data theft and ransom payments.

U.S. companies operating in critical infrastructure sectors must now report breaches, under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), directing organizations in critical infrastructure sectors to disclose significant cyber incidents that impact their operations within a specified time frame. It also provides legal protections for organizations that report on incidents and ransom payments. Additional regulations include Biden’s AI Executive Order that develops standards, tools and tests to help confirm that AI systems are safe, secure and trustworthy.

Globally, the United Nations is discussing the considerations of an international treaty focused on individual data protection and cyber resilience.

Organizations that put safeguards in place throughout the cybersecurity incident response journey will find it simpler to meet compliance requirements. These requirements are often built on principles from the NIST Cybersecurity Framework and current security approaches. Actions like keeping track of assets, ongoing threat monitoring, securing networks and having plans for responding to incidents all follow the NIST Cybersecurity Framework. This framework can be used to generate information suitable for reporting compliance.

Fortify or Fall

About 60 percent of cybersecurity incidents relating to OT/ICS networks result in operational disruption. To help prevent disruption, addressing cyberthreats must be more than fixing vulnerabilities, it demands a proactive commitment to strengthening defenses against evolving challenges. NIST's "identify, protect, detect, respond, recover" framework provides a guide for modern cybersecurity practices in ICS/OT, bolstering critical infrastructure resilience.

By taking these proactive steps, enterprises of all sizes can mitigate the impact of cyber threats and help ensure the security and resilience of their OT systems. This strategic approach not only safeguards against potential disruptions, but lays the foundation for a robust and adaptive cybersecurity posture in an ever-evolving digital landscape.

Kamil Karmali serves as the Senior Global Manager for Cybersecurity Consulting Services at Rockwell Automation.

Latest in Cybersecurity
Security Breach Podcast
Sponsored
Security Breach Podcast
June 6, 2024
Soc
Balancing Technological Expansion with Security Priorities
June 20, 2024
Ep99
Security Breach: The Protection and Productivity of Zero Trust
June 20, 2024
Cybersecurity In A Bubble
CISA, Partners Release Guidance for Modern Network Access Security
June 20, 2024
Related Stories
Cybersecurity In A Bubble
Cybersecurity
CISA, Partners Release Guidance for Modern Network Access Security
Industrial Cyber
Cybersecurity
Leading Industry Players Announce Key Partnerships
Soc
Cybersecurity
CISA Releases Latest Batch of Vulnerabilities
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Cybersecurity
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
June 6, 2024
Soc
Industry 4.0
Balancing Technological Expansion with Security Priorities
No solution is one-size-fits-all.
June 20, 2024
Ep99
Video
Security Breach: The Protection and Productivity of Zero Trust
Strategies for syncing process improvement with asset security.
June 20, 2024
Cybersecurity In A Bubble
Cybersecurity
CISA, Partners Release Guidance for Modern Network Access Security
Leaders can review the guidance for assistance with remote computing environments.
June 20, 2024
Industrial Cyber
Cybersecurity
Leading Industry Players Announce Key Partnerships
They represent an ongoing focus on asset visibility and threat detection.
June 13, 2024
Soc
Cybersecurity
CISA Releases Latest Batch of Vulnerabilities
Microsoft, Fortinet and Rockwell are amongst the systems with suggested mitigations.
June 13, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
CISA Warns of Impersonation Scam
Bad actors are pretending to represent the government agency.
June 13, 2024
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Unlocking Secure Access: A Guide to ZTNA, SRA, and RPAM
The key differences and specific ways each helps to fortify industrial cybersecurity postures.
June 13, 2024
Encryption
Cybersecurity
Securing Supply Chain Data with Advanced Encryption
A look at the most common encryption techniques and best practices for applying them.
June 13, 2024
Ep95
Cybersecurity
Security Breach: OT's Legacy Tech Challenges
Getting ahead of the vulnerabilities created by new connections to older systems.
June 13, 2024
General Cyberattack
Cybersecurity
New Open Source Cybersecurity Tabletop Exercises
The toolkit offers a resource for organizations solidifying incident response capabilities.
June 6, 2024
Hacking Alarm
Cybersecurity
Phishing Report Supports Focus on the Human Element
There's a clear link between security awareness training and better resilience against cyber threats.
June 6, 2024
Industrial Cyber
Cybersecurity
Overlooked Security Risks in the Patent Process
Manufacturing is one of the most frequently targeted by hackers, which means additional steps are needed to protect IP.
June 6, 2024
Zero Trust Maxxa Satori
Cybersecurity
Securing Cloud Workloads with Zero Trust Architecture
Leaders must drive the adoption of approaches and frameworks focused on protecting data in the cloud.
June 6, 2024
Ep98
Cybersecurity
Security Breach: Shutting Down 'Spy Board' Threats
Combatting more sophisticated adversaries that don't care about collateral damage.
June 5, 2024