The issue at hand and tactics to help fend off cybercriminals
The manufacturing industry continues to be a top target for security attacks. Cisco recently held an online chat around this topic and here are some of the takeaways from the session.

THE MATTER AT HAND: WHAT ARE THE ISSUES?
Organizations in the manufacturing industry have traditionally focused on quality control, operational maturity and crisis management. Security and data protection are just now coming into the conversation, so manufacturing organizations are now trying to incorporate security concepts into their existing processes and controls.

Additionally, there have been long standing concerns related to the security maturity of industrial control systems (ICS) vendor products, as well as ICS vendor organizations developing and maintaining mature security practices to make sure their workforce and associated assets are secure when providing third-party services.

Note: ICS encompass several different types of devices, computing systems, networks, software and data to monitor and control the operations used to produce things like electricity, water, oil, gas and food. While these systems have different ways to communicate and operate compared to traditional computer networks, the basics of security still apply.

This means vendors that provide products and services to the manufacturing industry also need to adopt a security mindset, not just the manufacturer.

From a security perspective, ICS environments have some characteristics that are a bit different than traditional networks. Communication protocols (ex. Modbus, DNP, OSGP, etc.) are not like TCP/IP. Devices such as programmable logic controllers (PLCs) are used and behave differently than a typical PC. Field area networks (FANs) are required to distribute services, automation and monitoring of areas far beyond an industrial organization's four walls.

ON TO SECURITY: WHERE DO WE GO FROM HERE?
Setting aside the previously mentioned differences, manufacturing environments are susceptible to the same security challenges as traditional networks. For instance, malware may be written and distributed to specifically target ICS networks, but the way malware is spread, installed and activated is the same.

For example, a user receives an email with a link to a website containing malware. The malware is then downloaded to their PC and starts to look for targets (In this case, systems related to an organization's ICS environment.) to attack. From there, the malware performs functions to disable systems, steal data or simply log information for further use.

Keeping this in mind, here are some common areas of consideration for manufacturing organizations:

  • Awareness: Organizations now see how security can impact their manufacturing environments. It is important for these organizations to assess current environments and understand control gaps and risks in order to prioritize efforts to remediate. In addition, it is important for users in these organizations to understand their role and become better educated around secure computing and the proper use of corporate systems and data.
  • IT/Security Operations and Controls: Processes and procedures for effective vulnerability identification, patch management and centralized logging/alerting will go a long way to strengthen security in manufacturing environments. In some cases, it's simply a matter of extending this level of effort into the ICS environment. Additionally, proper network segmentation, including the implementation of firewall devices created for use in ICS networks, will help limit malware movement, system/data access and aid in protecting critical assets.
  • Incident Response/Crisis Management: Existing policies and processes around crisis management and incident response should include and account for security events. Many manufacturing organizations already do table top exercises for testing recovery plans in the event of an incident, but manufacturers should also be doing table top exercises to help identify process gaps and efficiently prepare for how to respond and reduce impact from a security event.

WWT is well positioned to help manufacturing organizations develop and implement security strategies for ICS environments. Learn more about our manufacturing and security capabilities by visiting our industry and solution pages. Also, feel to reach out directly to speak with one of our experts.