Getting Started with Industrial Cybersecurity: How to Take the First Few Steps
Hearing the word “cybersecurity” is enough to make some industrial network engineers turn and run the other way—but it doesn’t have to be as daunting as it seems.
As with anything, you have to start somewhere when it comes to cybersecurity. In today’s environment, we believe the first step is awareness. (Reading this blog is a good start!) Many industrial plants don’t realize what could happen (or what already is happening) when their OT networks and devices aren’t secure. Cybersecurity is often considered an afterthought—or not considered at all until something potentially catastrophic happens.
After surveying 567 manufacturing employees, security firm Morphisec reports that one out of every five manufacturing plants has been targeted by cyberattacks in the past year (this estimate is likely conservative since not all employees realize when their company experiences a cyberattack). A report from NTT reveals that manufacturing environments saw a 300% increase in worldwide attacks in 2020.
In other words: There’s never been a better time for industrial environments to sit up and pay attention. It’s also important to note that cybersecurity issues aren’t always the result of a malicious breach or malware. They can also be created by human error. For example: A staff member brings his or her home laptop to work and plugs it into a network port, unintentionally compromising equipment and causing downtime.
When you’re designing a new industrial network, you have the chance to take a proactive approach and make cybersecurity part of every decision: employing defense-in-depth protection (more about this later), planning upfront for IIoT, etc.
But because your industrial network likely already exists, it’s now a matter of securing what you have. In many cases, industrial networks were designed and built several decades ago—long before cybersecurity was a factor. How do you take something that wasn’t originally designed with defense in mind and make changes to ensure security?
Gain Visibility with a Network Assessment
Once you realize that cybersecurity is worth paying attention to, a good place to start is with a simple network assessment. This takes a holistic look at your OT network to pinpoint each device connected to it: machines, sensors, controllers, drives, cameras, switches, etc. Before you can take any action, you must know what you have in your plant. If you aren’t aware of a device, then you can’t do anything to protect it.
After gaining visibility by going through this assessment process, most industrial plants are surprised to discover devices and accesses sitting on their network that they weren’t aware of—even if they thought they knew about it all.
Once you have a handle on this, you can determine how the devices are being used. From there, you can establish a baseline to use moving forward by monitoring and measuring each device over time to track changes, including potential vulnerabilities.
3 Fundamental Industrial Cybersecurity Best Practices
Beyond conducting a network assessment, there are a few other practices you can put into play to move in the right direction: implement passive discovery, develop a defense-in-depth strategy and segment your network.
1. Passive Discovery
Passive discovery can help you discover new unknown devices on your network by continually scanning to identify IP addresses—without creating additional traffic or latency. This can help detect unauthorized or rogue devices that are transmitting or receiving communications during the discovery period.
From there, you can do some investigating to figure out what those devices are, and whether they’re poised to cause trouble.
2. Defense-in-Depth Strategy
Even though securing your industrial network is just as important as securing your IT network, you can’t expect your IT department to understand the intricacies of industrial protocols and network design. They may manage the flow of digital information, but they probably don’t know about industrial processes and the machinery used to carry them out.
When IT teams are coerced into managing OT networks, we often see them put an appliance at the edge of the network to separate the plant network’s controls from the business network and call it a day. But this leaves the industrial network without a defense-in-depth strategy.
A defense-in-depth strategy is a layered approach to cybersecurity that protects valuable data and prevents everything downstream from being impacted if there’s a threat. For example: After working with plant managers responsible for SCADA networks to understand exactly what needs to flow from a cell of robots to PLCs to HMIs out to various industrial equipment, you can then identify the bare minimum required between moving data from point A to point B. If something doesn’t meet those criteria, then it won’t be able to move through. (Think of it like this: You’re letting through everything you know to be “good” and blocking everything else.)
3. Network Segmentation
Because industrial environments have many things to secure (OT devices, control systems, other network devices, etc.), network segmentation can help improve security.
By dividing a network into different segments or components, access and flows can be limited to required communication and users only. This helps protect against lateral movement attempts by bad actors who may be trying to orchestrate an attack throughout your network. If an attack happens on one segment of the network, then the other segments won’t be impacted.
For example, network segmentation could physically/logically separate OT networks from other networks internally and externally. Creating this barrier between enterprise and industrial “zones” means that data can be securely shared without passing over that barrier.
Beginning Your Cybersecurity Journey
You’ll quickly find that cybersecurity isn’t a destination—it’s a journey. Improving cyber hygiene is a continuous process. As threats to your plant change, your security strategies must change, too. Experts indicate that the biggest industrial cyber threats up ahead include ransomware and supply chain attacks. A year or two ago, the top-of-mind threats may have been something different.
The Center for Internet Security (CIS) is also a helpful resource for industrial plants that need a starting point for cybersecurity. It offers 18 recommended, step-by-step actions to prevent cyberattacks, starting with inventory and control of assets (going back to the network assessment we discussed earlier) and ending with penetration testing to verify security.
Belden’s team of specialists knows how to connect and protect manufacturing plants and industrial networks, offering the industry’s most complete suite of end-to-end networking solutions available to help you redesign and retrofit your networks. Our trusted advisors help you build better business outcomes by boosting efficiency, agility, sustainability, safety and security at the same time.
Our Customer Innovation Center lets you co-innovate with our expert advisors—sales, technologists, application experts and product engineers—to develop, test, document and deploy solutions to make your efficiency, security and innovation goals attainable. You get to see how the solutions we design will work in your environment before they go live.
Want to learn more about industrial cybersecurity or how Belden can help you prepare for smarter manufacturing? Visit our smart manufacturing page.
Belden Senior Solution Consultant Manager for Svc and Support, Sylvia Feng, helped me write this blog. She is a tremendous resource who can address any of your digital transformation questions. If you want to know more about this topic, email me (scott.kornblue@belden.com) or Sylvia (Sylvia.Feng@belden.com).