Proactive cyber security for beginners
02 January 2019
No modern business is completely safe from cyber threats, even if their system does not have a high level of network connectivity. So, what can industrial companies do to protect themselves?
There are countless articles out there about the cyber threat in the industrial community. We’ve all heard about STUXNET and WANNACRY and the chaos caused by them. We also read about security breaches concerning data managed by global telecoms companies, airlines, money transfer companies and tech or social media giants alike. The truth is that no modern business is completely safe from cyber threats, even, as Stuxnet showed, if the system does not have a high level of network connectivity.
So, if no one can be completely safe from cyber threat, what can industrial companies do to protect themselves?
The cyber-attacks that reach the headlines are the tip of the proverbial iceberg. If you have heard of DUQU (2.0), OPERATION AURORA, NIGHT DRAGON, GAUSS, FLAME, SHAMOON, RED OCTOBER, BLACK ENERGY, OP GHOUL, and NOTPETYA, for example, then you are aware of the variety and depth of the cyber-threat. If not, a quick internet search is an enlightening, if sobering activity. Even for those who don’t want to investigate just how serious the threat is, ignoring that threat will only make the inevitable worse.
If, When, What?
The first step is a simple decision to understand the risk and take it seriously. For small and large industrial enterprises alike, a cyber-security attack is inevitable. It is not a case of “if”, but “when”. If you have suffered an attack before and taken reactive measures to get back online (whether you even realised the downtime was cyber security related or not), the next attack is still a matter of when, not if. Cyber security defence is not a destination, but a constant, vigilant journey.
And what is at risk from cyber threat?
In short, everything. Cyber-attacks can threaten productivity, the safety of employees, the safety of customers, consumers, infrastructure, the environment and intellectual property or competitive advantage. There are no industrial enterprises for whom none of those risks are irrelevant.
So, what is a proactive approach to cyber security? It might be helpful to consider it having five main elements.
1. Security Assessments
The first step in a proactive approach is to identify risk areas and potential threats by assessing the current state of security. This includes understanding how the enterprise positions itself in relation to security threats within software, networks, control system, policies and procedures, and employee behaviours.
2. Protect Against Threats
Once the assessments have been completed safeguarding against a variety of threats is possible. Using a Defence in Depth approach, security can be improved at every level of potential weakness, from operator procedures and practices through to measures such as authentication, access control, data security, and patch management.
3. Detect Threats
Having assessed and protected the enterprise, the next proactive step is to monitor and detect risks continuously. This requires constant vigilance and takes advantage of monitoring capabilities that can identify “normal” activity and alert managers to unexpected patterns or activities that may be tell-tale signs of incidents related to cyber security. This means that operators can often get ahead of the game and prevent attacks, or at least react to them more effectively and efficiently, reducing their impact.
4. Respond to Incidents
If a security event occurs, it is critical to get the plant back to normal operation as quickly as possible and to have an action plan for a fast response to incidents. Such plans will need to use proven methods to contain the incident and minimise associated damage or downtime.
5. Rapid Recovery
Getting back to operation and investigating the incident requires an effective and up-to-date backup to be available at all times, having the right protocols in place to do this quickly is an essential part of a proactive approach to cyber security. Investigating incidents can help identify weaknesses and take actions to strengthen future resilience.
For most enterprises, finding the right support for your proactive approach is vital. The right approach will involve actions before, during and after attacks. It will be cyclical, monitoring and seeking new threats, constantly assessing the threats, minimising them or mitigating them where they cannot be removed entirely. It will involve physical and digital mechanisms (defence in depth) and will reach every member of staff and every computer controlled or networked aspect of the enterprise. The right security partner will have extensive experience of industrial control environments, automation, critical IP, and data, and they will blend this expertise with consultancy from experienced cyber security professionals.
A proactive approach to cyber security places the enterprise management onto the front foot and helps remove the doubt, vulnerability and disruption caused by incidents. It cannot reduce the threat to zero, but it should result in a more resilient enterprise.
Rockwell Automation offer industrial security and solutions with a comprehensive approach beyond just network security. Click here to see their security solutions from plant to enterprise.
Contact Details and Archive...