Industrial Cybersecurity 7 factors affecting the level of industrial cybersecurity What to pay attention to as to minimize the outcome from cyberincidents in an industrial facility. Anastasia Starikova April 21, 2022 The average number of cyberincidents per year in industrial enterprises has increased significantly over the past few years. Our colleagues conducted a survey, speaking with employees of industrial enterprises from 17 countries around the world. They asked questions about cyberincidents and the attitude toward cyber risks. As a result, they were able to identify seven factors that significantly mitigate the outcomes of the incidents. Availability of a specialized OT security department Almost every industrial enterprise has an operational technology (OT) security team of some kind. However, often instead of creating and funding an OT security department, the job is assigned to IT security or even general IT departments. These departments do not always understand the specifics of the operational technologies enough to provide the necessary level of protection. To minimize both risks and consequences of incidents in industrial networks, an enterprise needs a well-resourced and appropriately qualified OT security team. Clearly structured decision-making process Often problems in an industrial enterprise arise due to organizational mistakes, when the management of security is divided between departments that are not related to each other. As a result, companies purchase security solutions that duplicate each other’s functions, visibility of the industrial process is becomes less than adequate, data collected from the endpoints and sensors is used inefficiently, and the implementation of new projects is delayed due to intricate approvals. This is all without mentioning the fact that the OT and cybersecurity departments are starting to compete for budgets. Having a legacy infrastructure management strategy Industrial cybersecurity (ICS) often uses equipment that was created before people had a rough idea of what level of digitalization modern industry would come to. Therefore, it is necessary to be extremely careful in building a control system for an array of outdated industrial networks, programmable logic controllers, supervisory control and data acquisition (SCADA) systems, and other OT elements. They should all be inventoried and security specialists should regularly scan such equipment for critical vulnerabilities or failures resulting from wear and tear. Introducing security solutions designed specifically for industrial environments It is impossible to ensure the security of ICS environments using standard cybersecurity solutions. They will effectively cope with random general cyberattacks, but they will not detect threats specific to industrial process. Moreover, sometimes they can negatively affect the continuity of technological processes. To avoid this, you need solutions that were specifically designed for industrial environments. Having an OT/IT convergence strategy with IIoT in mind The increasing digitalization of industrial processes implies an increase in the level of integration between OT and IT environments. Key elements of this integration are the use of Industrial Internet of Things (IIoT) devices, public cloud services and IIoT gateways. All these elements often become a vulnerability through which attackers can reach industrial systems. It is not realistic to stop this process of digital evolution, therefore it is necessary to develop a plan to securely integrate operational and information technologies in advance. Rapid incident response One way or another, incidents are unlikely to be completely avoided. But when they do happen, it’s vital that the problem is identified and coped with as quickly as possible. The faster it is done, the less it will cost the company both financially and reputationally. Therefore, it is especially important for industrial enterprises to have mature rapid response rules and a team that is able to do it. Taking staff training seriously Lastly, you should not forget about the importance of security-centric behaviors of the company’s employees. If you want to minimize impacts of the security-related incidents, you probably need to train your staff in security basics and strictly monitor the compliance with internal regulations. One way or another, the human factor is behind the vast majority of incidents: someone used a compromised personal password, someone connected a phone to a computer behind an air gap, someone clicked on a link to malicious website and so on. People must clearly understand what can and cannot be done at an industrial enterprise, especially if it is a critical infrastructure facility. You can find the complete results of our survey 7 Keys To Improving OT Security Outcomes: Kaspersky ICS Security Survey 2022 after completing a brief form.
Read next Transatlantic Cable podcast, episode 247 From criminal site shutdowns to Lazarus attacks and DeFi scams – it’s episode 247 of the Transatlantic Cable
Tips How to set up security and privacy in Strava Want to keep your runs, rides, and hikes private on Strava? This guide will walk you through the essential privacy settings in this popular fitness app.
Tips Run for your data: Privacy settings in jogging apps Running apps know a lot about their users, so it’s worth setting them up to ensure your data doesn’t fall into the wrong hands. Here’s how.
Tips When you get a login code for an account you don’t have What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.
Tips School and cyberthreats Why cybersecurity in education is critical, and how to protect schools from attacks.