To prepare against cybersecurity threats in the manufacturing industry, it remains crucial for ICS (industrial control system) security practitioners to continue to learn from high-profile industrial infrastructure cyber events.
But what’s just as important to discuss is the continued reality that, by adequately maintaining solid cybersecurity practices, operators in the manufacturing industry remain capable of responding effectively to threats.
In an industrial sphere too often badgered by fear-inducing tactics from outside the industry, what’s actually most helpful are level-headed discussions of what good industrial cybersecurity practices look like, and methods for separating fact from FUD (fear, uncertainty, and doubt).
We’ve compiled a list of 5 straightforward ways to combat cybersecurity threats in the manufacturing industry — without any of the fear-mongering or unnecessary suspense.
1. Take a Defense-in-Depth Approach
🧅 Like onions and ogres, defense-in-depth strategies have many layers. These layers can include asset management, as well as physical, procedural, and technical controls to protect critical infrastructure and industrial control systems from threats and disruptions.
This approach aims to create a secure and resilient environment with multiple layers of protection and redundancy to prevent, detect, and respond to incidents, ensuring the safety, resilience, and continuity of operations. Many of the tips below are included in a solid defense-in-depth approach.
2. Make Physical Security a Priority
Even if your digital network is properly secured, unsound physical security practices can lead to cybersecurity (or other) threats at a manufacturing facility.
- Reduce the likelihood of insider threats — Require authorized entry and monitored access for all employees, contractors, and anyone physically interacting with the onsite manufacturing systems.
- Physically shield important systems from outside access — Recent physical attacks on energy substations highlight the importance of maintaining physical security in all critical infrastructure environments.
- Maintain compliance — Many industries, including manufacturing, are regulated by standards that require the implementation of consistent physical security measures to protect critical infrastructure.
3. Segmentation: Keem ‘em Separated
Segmentation of your OT and IT networks is critical. To quote the wise words of 90’s band The Offspring, “You gotta keep ‘em separated.”
We like this breakdown of OT segmentation best practices from our friends over at Garland Technology:
4. Bring “Shadow IT” into the Light
If you’re unfamiliar with the term, “shadow IT” refers to practices that have not been officially approved by an organization’s IT department, such as unauthorized access to systems, programs, software, applications, and devices.
There are many reasons why individuals may attempt to side-step official approval: lack of budget, ignorance of approval requirements, or a desire to “just get the job done, no matter the cost.”
That cost can be fairly high when we’re talking about “shadow IT” in a critical infrastructure environment. Manage access to your network through the utilization of jump boxes (jump servers, jump hosts) and data diodes, tightly controlling what your organization allows to be deployed in those systems.
💡 Use monitoring and visibility tools to keep an eye on your assets and the protocols that may be communicating within your network. Establish baselines and check your networks frequently for any unauthorized changes or anomalous activity that may be lurking in the shadows.
5. Adhere to a SCADA Security Checklist
A system’s SCADA (Supervisory Control and Data Acquisition) is the lynchpin of daily operations for many industrial environments. Therefore, SCADA protections often lay the foundation around which other cybersecurity defenses are built.
Since SCADA systems require unique protections, adhering to a SCADA security checklist protocol is key for maintaining a reliable defense against cybersecurity threats in the manufacturing industry.
SCADA security checklists often include steps such as:
- Ensuring SCADA remains on its own, separate network
- Software patch management procedures
- Integrity assurances
- Assessments of physical security
For a more in-depth look at additional steps to include in a SCADA security checklist, check out our post, SCADA Security Checklist: What to Audit for ICS Security Awareness.
Using Visibility to Combat Cybersecurity Threats
It’s important to note that cyber defenses must never hinder an industrial environment’s operations. Cumbersome, incompatible, or performance-slowing cyber defenses aren’t helpful. While they may not necessarily be medicine worse than the disease – there are better ways to protect your systems.
At SynSaber, we know the best defense for manufacturing industries is already in place. The operators who manage, oversee, and regularly protect ICS are the ones most qualified to keep our manufacturing systems running.
That’s why we’ve developed a product that expands operators’ visibility into their manufacturing environments. SynSaber’s vendor-agnostic software helps operators identify vulnerabilities and effectively respond to threats.