This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Minimising your cyber security headaches

17 December 2018

The adoption of automation and IIoT technologies on the plant floor are exposing previously isolated operational technology environments and processes to threats from IT networks and external attacks. Barak Perelman offers some advice on minimising risk. 

One of the biggest changes within the food processing industry over the next five years will be the increased automation of operations. In the food and beverage sector, where profit margins are razor thin, where products often have a short shelf life and where high quality and safety standards need to be meet, the only option for food processors is increasing automation in order to gain speed, accuracy and efficiency.

Industrial control system (ICS) environments and the operational technology (OT) networks that manage equipment used to formulate recipes and manufacture food and beverage products are being asked to do more than ever before. This is driving the adoption of new automation and industrial internet of things (IIoT) technologies to optimise the management of operational processes. As a result, industrial networks which were once isolated from the IT network and their associated security threats, are being exposed to new security risks. 

First pressed into service in 1956, before IT network and the Internet existed, ICS devices did not have security built in. Today OT networks are vulnerable to external attack, insider threats and human error perpetrated by employees with access to operational systems. 

adopting the following proven best practices from IT networks can help to protect OT environments from security threats.

Know the network: Many organisations do not have or maintain an up to date inventory of devices in their ICS environments; this makes it extremely difficult to protect undocumented assets. Without an accurate inventory of assets, especially controllers responsible for managing physical processes, it is virtually impossible to assess risks, apply patches, and detect unauthorised changes and activity.  Implementing a centralised and automated asset management capability for OT networks is, therefore, crucial.

Manage vulnerabilities: Keeping an accurate inventory of what is on the network as well as software versions, patch levels etc., can be a full-time job. The second step involves automating the process by which new vulnerabilities are identified and processed. This requires a strong vulnerability management system that generates periodic reports of risk levels for each asset in the ICS network. When new vulnerabilities are discovered or disclosed, a mechanism should be in place to identify affected devices, remediate threats and verify a fix has been successfully applied. 

Know the threat: Traditional outside-in attacks are the most basic security threat, but they are not the only vector into an ICS network. Insiders pose the same security risk in OT environments that they do in IT networks. The threat can come from a disgruntled employee, or an internal account that has been compromised by an outsider via an email phishing attack, for example. An insider threat can also be unintended, caused by human error. So, protecting OT networks requires monitoring for both cyber threats and operational mistakes. This can be accomplished using a combination of anomaly detection to identify unexpected activity and policy violation alerts.

Control configurations: Weak device configurations increase the likelihood of security incidents. For example, once a control device has been exposed to the Internet due to a poor configuration, both phases of a breach can occur — the attacker can gain a foothold in the network and exploit a sensitive asset. As a result, all configuration changes should be tracked and logged, whether executed over the network or physically on the device. In addition, a full audit history of changes made to device configurations over time should be maintained. This facilitates compliance reporting for industry regulations and also helps to restore devices to a known good state in the event of a failure.

Device and network visibility: Threats to ICS networks can exploit a variety of attack vectors, including the OT network, the IT network or direct access to devices. Monitoring only the network without performing routine device integrity checks creates a blind spot and security risk. By combining passive network monitoring with proactive device integrity analysis, organisations can detect external attacks as well as on-premise threats. 

The adoption of new automation and IIoT capabilities in the industrial and food and beverage industries is introducing security threats that OT networks were largely isolated from in the past. To protect operations from unauthorised changes by external attackers or insiders, a hybrid infrastructure that can monitor activity both within the network and on individual ICS devices provides the most comprehensive visibility for maintaining security and control.  

Barak Perelman is CEO at Indegy, a provider of industrial security technology. 

Contact Details and Archive...

Print this page | E-mail this page