Preventing Cyber Attacks in Industrial Control Systems

Cyber-attacks occur daily around the world in the form of ransomware, malware, denial of service attacks, etc. While larger scale  attacks make front page news, many more incidents occur daily that are not publicized. Whether it makes the mainstream news or not, a leak of a cybersecurity breach can at minimum tarnish a company’s public image and decrease shareholder confidence.

The Risk of a Manufacturing Cybersecurity Breach

As Operational Technology (OT) has evolved the risk of plant and manufacturing cyber security incidents has also increased. In fact, ransomware and malware do not show any sign of slowing down. Looking at the 2020 statistics for ransomware and malware attacks, companies across industries continue to pay the price. According to Cybersecurity Ventures, ransomware attacks cost businesses an estimated $20 billion in 2020.

With manufacturers needing real-time access to plant floor data to remain competitive in the marketplace, a cyber-attack in an industrial control system compromises manufacturing capacity in the form of unplanned downtime and potentially a physical threat. Valuable product and machines are at risk of being lost and  even more important is the possible threat to the environment and human life.

Developing a Cybersecurity Framework

NIST (National Institute of Standards and Technology) has developed a cybersecurity framework to promote the protection of critical infrastructure. While not all threats can be eliminated, risk can be reduced by following the principles outlined in the five pillars of the framework:

  • IDENTIFY
    Define what assets need protection
  • PROTECT
    Implement safeguards to protect assets
  • DETECT
    Identify occurrence of cybersecurity event
  • RESPOND
    Implement plan to mitigate the impact of the event
  • RECOVER
    Develop process to restore systems impaired

To assist with your organization’s OT cybersecurity strategy and framework, NeoMatrix has developed the following offers:

IDENTIFY & RECOVER

The first step to protecting your networks is knowing what you have. There are several different types of assets within an industrial control system including:

  • PLCs, IO & Drive Configurations
  • HMI & SCADA Systems
  • Recipe, Historian, Alarm & MES Databases
  • Network Switches & Infrastructure

System backups are a critical function of the recover pillar. Once all assets have been identified the configurations, programs and data need to be backed up on a regular basis either manually or through an automated backup system.

Complimentary Cybersecurity Assessment 

To evaluate your risk tolerance for a manufacturing cybersecurity event, NeoMatrix’s Identify & Recover offering starts with a free on-site assessment of your OT infrastructure.   At the conclusion of the assessment, you receive:

  • A documented report of your OT assets.
  • A roadmap for a backup and recovery process:
    • Employing a manual or automated backup process for all assets.
    • Provide a disaster recovery procedure for each asset.
    • Develop a recurring backup schedule to meet your risk tolerance needs.
  • Recommendations for next steps for protect & detect.

Contact Us

PROTECT

The second pillar of the cybersecurity framework is to protect your assets with safeguards that are readily available to you. These efforts will greatly reduce the chance of a manufacturing cybersecurity threat as well as isolate the threat to specific assets within an OT infrastructure. Recommended safeguards include:

  • Network configuration
    • VLAN segmentation
    • Role and equipment based isolation
  • Secure remote access
  • Regular firmware updates and software patches
  • Intrusion protection systems
  • Policy enforcement
  • Employee training

DETECT

Active threat detection is the penultimate result of a cybersecurity implementation. No matter how well you PROTECT your assets, unfortunately there is always the possibility of an attack. The ability to quickly identify these intrusions along with a documented response plan can greatly reduce the impact of a cybersecurity event.

There are several methodologies that can be deployed to detect a potential issue:

  • Identify and continuously monitor all assets on your network.
  • Discover asset vulnerabilities against databases of known threats.
  • Monitor and learn OT network behavior to find anomalies.
  • Packet inspection against malicious signatures.

On top of our OT consulting services, NeoMatrix partners with several OT Security hardware and software vendors to better protect and detect anomalies within your infrastructure.