Improving Critical Infrastructure Cybersecurity
April 11, 2022
From understanding the latest security compliance mandates, to finding, hiring, and retaining high performing security talent, most organizations struggle to manage cyber risk. This is a problem for any organization, but managing cyber risk is especially difficult for companies operating in Critical Infrastructure sectors where specific OT cybersecurity and industrial operations expertise are needed for minimized downtime and reduced cybersecurity risk.
Why Critical Infrastructure Protection matters
Cybercriminals are increasingly targeting Critical Infrastructure providers. Why? There are several recurring themes. Critical Infrastructure downtime adversely affects more people where it hurts – food, water, electricity, oil and gas and water/wastewater, as examples. Threat actors targeting these industries can cause more downtime, damage and higher recovery costs. Cybercriminals will also perceive the potential for more ransomware payouts, given these impacts.
Cyberattacks against suppliers can send waves of disruption through an industry, causing extended supply chain shortages and days or weeks of lost or reduced production. Repercussions also include stolen intellectual property, serious litigation and even loss of life.
Taking proactive steps to shore up vulnerabilities through infrastructure security solutions will reduce these organizational and operational risks.
Taking a proactive approach to securing Critical Infrastructure
If you’re creating a cybersecurity strategy for your organization or updating one that exists, it’s often difficult to know where to begin.
There are five key areas of focus as you begin to assess and improve your cybersecurity hygiene and converged IT and OT security strategy. These factors are based on work done at Rockwell Automation in support of organizations like yours and guidance from the National Institute of Standards of Technology (NIST) Cybersecurity Framework (CSF):
Step #1: Identify
One of the biggest roadblocks to building a great cybersecurity program is that many production environments are poorly inventoried.
If you don’t know what’s connected to your network, whether it’s part of your industrial control system or a new type of productivity software used by an employee, you can’t secure that environment properly.
First, identify, map and verify everything that’s connected to your network. You can do this yourself, or work with a partner like Rockwell Automation. We offer installed base asset identification tools and services as part of our industrial cybersecurity services. Determining vulnerabilities and initial risk posture is the first step.
Another helpful technique in understanding exactly what to protect is reviewing operations through a Zero Trust lens, using a Protect Surface approach that prioritizes business-critical Data, Assets, Applications and Services (DAAS) in priority order. Apply the best Protect controls available as close as possible to what’s being protected.
Step #2: Protect
Once you’ve taken inventory of your assets and understand what must be protected, it’s time to apply the right safeguards against the ever-changing landscape of cyber threats.
There are many protective measures that you can implement. Choose the types of controls that are in alignment with any compliance standards or security frameworks you follow such as the NIST CSF. That includes multi-factor authentication, access control, data security, perimeter network deployment and micro segmentation. Protective measures also include CIP product security, perimeter hardening, firewall deployment and patch management. These countermeasure controls help you manage risk proactively and protect the data that’s essential to your operations.
Step #3: Detect
Protecting your industrial networks against cyber threats requires constant vigilance. Knowledge of all endpoints on the organization’s network from plant-floor assets to laptops, mobile devices, even security cameras or USB ports, is critical. You’ll also need real-time visibility into how, when and where others are accessing or manipulating assets.
Threat detection services can help you monitor and detect these increasingly complex threats. These services give you visibility across all levels of your IT and OT environments, meaning they not only look for malicious activities, but offer real-time monitoring and deep network inspection across your assets.
Managed threat detection is a powerful cybersecurity defense, especially in Critical Infrastructure, industrial manufacturing and other OT environments. An OT Security Operations Center (SOC) staffed with experienced security veterans, provides a unique pooling of talent, technology and first-hand experience. This cybersecurity protection expertise is difficult to duplicate for the same cost by individual organizations. With the convergence of security operation tools in IT (SIEM/SOAR), these security tools will soon hit production environments, driving the need for automated response and triage, disaster recovery and response planning.
Step #4: Respond
If a security incident occurs, it’s critical to respond immediately and address the threat before it spreads and causes greater damage. That’s why having threat detection services in place beforehand is essential to effective risk management. Similarly, having a mature incident response plan or disaster recovery plan will achieve minimized downtime to restore production operations.
We work with organizations regularly to create action plans to contain incidents and minimize damage. Rockwell Automation also provides stress-testing response efficacy through scenario testing and related techniques so you’re well prepared if a breach happens.
Step #5: Recover
Your top priority after a security-related downtime event is to get production up and running as quickly as possible. For this step, it’s important to use backup and recovery services to keep near real-time records of production and application data. Having these resources in place will allow you to resume normal operations after an incident, shortening the recovery cycle.
Once operations are running smoothly again, investigate and analyze the incident and fully identify the root cause. This analysis will illuminate ways to close security gaps and improve your security posture. It will also make your organization more resilient to related threats down the line.
Why use infrastructure security solutions
These five steps offer a proven framework for creating or improving your Critical Infrastructure cybersecurity program.
At Rockwell Automation, we work with organizations of all sizes to lead them through this process. We’ll offer recommendations and best practices that are tailored to your business and its role within our nation’s Critical Infrastructure services. We’re here to help you expedite and simplify your security strategy so that you can focus on your organization’s priorities.