Improving Critical Infrastructure Cybersecurity

PB 25 Rockwell newlogo 400

April 11, 2022

By Kamil Karmali, Commercial Portfolio Lead, Rockwell Automation

From understanding the latest security compliance mandates, to finding, hiring, and retaining high performing security talent, most organizations struggle to manage cyber risk. This is a problem for any organization, but managing cyber risk is especially difficult for companies operating in Critical Infrastructure sectors where specific OT cybersecurity and industrial operations expertise are needed for minimized downtime and reduced cybersecurity risk.

Why Critical Infrastructure Protection matters

Cybercriminals are increasingly targeting Critical Infrastructure providers. Why? There are several recurring themes. Critical Infrastructure downtime adversely affects more people where it hurts – food, water, electricity, oil and gas and water/wastewater, as examples. Threat actors targeting these industries can cause more downtime, damage and higher recovery costs. Cybercriminals will also perceive the potential for more ransomware payouts, given these impacts.

Cyberattacks against suppliers can send waves of disruption through an industry, causing extended supply chain shortages and days or weeks of lost or reduced production. Repercussions also include stolen intellectual property, serious litigation and even loss of life.

Taking proactive steps to shore up vulnerabilities through infrastructure security solutions will reduce these organizational and operational risks.

Taking a proactive approach to securing Critical Infrastructure

If you’re creating a cybersecurity strategy for your organization or updating one that exists, it’s often difficult to know where to begin.

There are five key areas of focus as you begin to assess and improve your cybersecurity hygiene and converged IT and OT security strategy. These factors are based on work done at Rockwell Automation in support of organizations like yours and guidance from the National Institute of Standards of Technology (NIST) Cybersecurity Framework (CSF):

Step #1: Identify

One of the biggest roadblocks to building a great cybersecurity program is that many production environments are poorly inventoried.

If you don’t know what’s connected to your network, whether it’s part of your industrial control system or a new type of productivity software used by an employee, you can’t secure that environment properly.

First, identify, map and verify everything that’s connected to your network. You can do this yourself, or work with a partner like Rockwell Automation. We offer installed base asset identification tools and services as part of our industrial cybersecurity servicesDetermining vulnerabilities and initial risk posture is the first step.

Another helpful technique in understanding exactly what to protect is reviewing operations through a Zero Trust lens, using a Protect Surface approach that prioritizes business-critical Data, Assets, Applications and Services (DAAS) in priority order.  Apply the best Protect controls available as close as possible to what’s being protected.

Step #2: Protect

Once you’ve taken inventory of your assets and understand what must be protected, it’s time to apply the right safeguards against the ever-changing landscape of cyber threats.

There are many protective measures that you can implement. Choose the types of controls that are in alignment with any compliance standards or security frameworks you follow such as the NIST CSF. That includes multi-factor authentication, access control, data security, perimeter network deployment and micro segmentation. Protective measures also include CIP product security, perimeter hardening, firewall deployment and patch management. These countermeasure controls help you manage risk proactively and protect the data that’s essential to your operations.

Step #3: Detect

Protecting your industrial networks against cyber threats requires constant vigilance. Knowledge of all endpoints on the organization’s network from plant-floor assets to laptops, mobile devices, even security cameras or USB ports, is critical. You’ll also need real-time visibility into how, when and where others are accessing or manipulating assets.

Threat detection services can help you monitor and detect these increasingly complex threats. These services give you visibility across all levels of your IT and OT environments, meaning they not only look for malicious activities, but offer real-time monitoring and deep network inspection across your assets.

Managed threat detection is a powerful cybersecurity defense, especially in Critical Infrastructure, industrial manufacturing and other OT environments. An OT Security Operations Center (SOC) staffed with experienced security veterans, provides a unique pooling of talent, technology and first-hand experience. This cybersecurity protection expertise is difficult to duplicate for the same cost by individual organizations. With the convergence of security operation tools in IT (SIEM/SOAR), these security tools will soon hit production environments, driving the need for automated response and triage, disaster recovery and response planning.

Step #4: Respond

If a security incident occurs, it’s critical to respond immediately and address the threat before it spreads and causes greater damage. That’s why having threat detection services in place beforehand is essential to effective risk management. Similarly, having a mature incident response plan or disaster recovery plan will achieve minimized downtime to restore production operations.

We work with organizations regularly to create action plans to contain incidents and minimize damage. Rockwell Automation also provides stress-testing response efficacy through scenario testing and related techniques so you’re well prepared if a breach happens.

Step #5: Recover

Your top priority after a security-related downtime event is to get production up and running as quickly as possible. For this step, it’s important to use backup and recovery services to keep near real-time records of production and application data. Having these resources in place will allow you to resume normal operations after an incident, shortening the recovery cycle.

Once operations are running smoothly again, investigate and analyze the incident and fully identify the root cause.  This analysis will illuminate ways to close security gaps and improve your security posture. It will also make your organization more resilient to related threats down the line.

Why use infrastructure security solutions

These five steps offer a proven framework for creating or improving your Critical Infrastructure cybersecurity program.

At Rockwell Automation, we work with organizations of all sizes to lead them through this process. We’ll offer recommendations and best practices that are tailored to your business and its role within our nation’s Critical Infrastructure services. We’re here to help you expedite and simplify your security strategy so that you can focus on your organization’s priorities.

Important_Links_Bar.jpg

https://www.rockwellautomation.com/en-us/company/news/blogs/critical-infrastructure-cybersecurity.html

 

Related Articles

Network Infrastructure Featured Product Spotlight

PBUS 14 Panduit logo 400

This webinar presented by Beth Lessard and Keith Cordero will be highlighting three Panduit solutions that will optimize network equipment and cabling to ensure that your spaces are efficiently and properly managed to support ever-evolving business needs of today and beyond. Products that will be featured include PanZone TrueEdge Wall Mount Enclsoure, Cable Managers, and Adjustable Depth 4-Post Rack.

REGISTER HERE


Editor’s Pick: Featured Product News

Siemens: SIMOVAC Non-Arc-Resistant and SIMOVAC-AR Arc-Resistant Motor Controllers

The Siemens SIMOVAC medium-voltage non-arc-resistant and SIMOVAC-AR arc-resistant controllers have a modular design incorporating up to two 12SVC400 (400 A) controllers, housed in a freestanding sheet steel enclosure. Each controller is UL 347 class E2, equipped with three current-limiting fuses, a non-load-break isolating switch, and a fixed-mounted vacuum contactor (plug-in type optional for 12SVC400). The enclosure is designed for front access, allowing the equipment to be located with the rear of the equipment close to a non-combustible wall.

Read More


Sponsored Content
Electrify Your Enterprise

Power is vital to production, and well-designed control cabinets are key. Allied Electronics & Automation offers a comprehensive collection of control cabinet solutions including PLCs, HMIs, contactors, miniature circuit breakers, terminal block connectors, DIN-rail power supplies, pushbutton switches, motor starters, overloads, power relays, industrial Ethernet switches and AC drives engineered to keep your operations running safely, reliably and efficiently.

Learn more HERE.


Products for Panel Builders

  • AutomationDirect: AchieVe FDM Series 12mm Tubular Photoelectric Sensors

    AutomationDirect: AchieVe FDM Series 12mm Tubular Photoelectric Sensors

    AutomationDirect has recently added AchieVe FDM series 12mm tubular photoelectric sensors that offer a rugged metal construction, high IP67 protection ratings, and sensing distances up to 4 meters. These photoelectric sensors feature selectable light-on/dark-on operation, a 10 to 30 VDC operating voltage range, potentiometer or teach-in button sensitivity adjustment, and a fast 1kHz switching frequency. Highly… Read More…

  • METCASE’s TECHNOMET-CONTROL HMI Enclosures Now Offer Seamless Wall Mounting

    METCASE’s TECHNOMET-CONTROL HMI Enclosures Now Offer Seamless Wall Mounting

    METCASE’s premium TECHNOMET-CONTROL HMI enclosures for displays, touch screens and panel PCs can now be conveniently mounted in any suitable indoor location using a new wall mounting kit (accessory). The new kit allows the enclosures to be mounted on walls, machines and other flat surfaces to suit the user’s required location for their HMI system.… Read More…