Recently, there has been a growing number of cybersecurity incidents on an international scale. No one is immune, and the question is not “if” you will be attacked, but “when.” Some may already be affected and not even know it. Hackers may not single you out because of the size or your company, or even the industry you are in. You may be under attack just because someone at your facility clicked on a malicious link in an email, or just because you have a checkbook. Let's face it, if someone shut down your system, you are not prepared for it, and you are faced with the options of paying the ransom, rebuilding everything from scratch, or closing down, then you will probably just pay the ransom.
If you are still with me, I can assume you are concerned about preventing a cyber attack against your plant floor. The Department of Homeland Security has recommended the concept of Defense-in-Depth for many years. If I were to oversimplify the Defense-in-Depth strategy, it would be that any single action you make to secure an area can be circumvented. A good method to make sure that your security is up-to-date is the NIST Cybersecurity Framework.
Steps You Can Take
The first step in this framework is to locate and identify all your assets. It has been said that you cannot protect something that you don’t know you have. This means you need to know where every network capable device is located, how it communicates, and which devices it needs to communicate with. You will also need to know its firmware and patch revisions. There are reasons Microsoft (Windows) sends out patches a few times a month. You most likely have a few Windows devices on your floor . . . do you know where they are and how long they have gone without being updated? At the time of this article the National Vulnerability Database has over 200 entries that Microsoft has recorded in the last three months. That is just one possible vendor that you would have on your plant floor. How many vendors and manufacturers do you have in your facility?
Now, how would you respond to an attack? Can you find the intrusion or infected device and quickly isolate it? If you can isolate the device, will you be able to continue to operate without it? You may be able to isolate your control network from the business network, but what if you need to access resources on the business network? The bottom line is that you are still down.
Cybersecurity is a major topic, and it can be expensive to protect yourself. The good news is you don’t have to do everything, and not all at once. You may decide that you are not as worried about certain areas as others. The important thing is to start protecting yourself as soon as possible. Keep in mind that you should not just go and buy an appliance just because you think it will protect you. The smartest thing to do is start with a network assessment of your location.
An assessment can supply valuable information such as a list of assets, their known vulnerabilities, and where they are in the facility, giving you a list of updates that need to be done. It can identify devices that are communicating outside of the facility, possibly allowing someone remote access to the system. Bottlenecks and network flows can also be identified, allowing you to verify whether you have an optimal system. Remember, an assessment is just the first step, but also the biggest and most important one. Any time you can get an objective and knowledgeable opinion, you will be on your way to a more secure network.
If you have any interest in having a specialist check your cybersecurity, please click here and fill out the network and cybersecurity questionnaire. Links to this form are also available on our Networking and Services department pages under the Quick Links section (don’t forget to bookmark these pages to check back for updates!). You can also contact your local Stanion branch to schedule a visit.
Links for more information:
https://www.nist.gov/cyberframework