By Quade Nettles, Global Cyber Security Services Portfolio Manager at Rockwell Automation
A longstanding myth in the manufacturing world is that manufacturing systems are not a target. What does it benefit a hacker to get in and mess around with the controls that create a package of cookies? Short of corporate espionage there isn’t much to gain from an information perspective, but now with the rise of cryptocurrency, all enterprises, across all industries and of all sizes are at risk for a ransomware attack.
Prior to this rise in ransomware, the value of cybersecurity sometimes was a difficult topic to navigate for operations and IT security professionals. The perspective that cybersecurity is “just a cost” is common among corporate decision-makers that hold budgetary purse strings – but recent ransomware attacks, like those that shut down JBS USA Holdings in spring 2021 and cost the company $11 million in ransom, are proving its greater operational worth.
As these cybersecurity events occur more frequently, it is critical to have the right systems in place to help prevent, mitigate and recover when a breach occurs. As decision-makers consider the security policies, procedures, and controls that need to be in place throughout the continuum of a cybersecurity event – before, during and after –the visibility of and ability to monitor network changes during each of those stages is crucial. Not only does it provide great value from a cybersecurity perspective, but also contributes to the overall health and resilience of an organization’s operations.
Take a closer examination of best practices pertaining to each step of the continuum.
- Before an event: Build a robust asset inventory of both information technology (IT) and operational technology (OT) assets. With deeper understanding of both connected and disconnected assets, you can more readily characterize security risk within your environment. An added benefit to this step is an updated asset inventory. This can be used to help you minimize lifecycle risk by storing an appropriate number of spares onsite, staying ahead of end-of-life dates, and proactively maintaining your critical assets.
- During an event: The ability to detect when an event is taking place requires a level of visibility into your operations that, until recently, was hard if not impossible to achieve. Various security technologies and controls can provide continuous monitoring and detection for increased visibility into normal day-to-day operations. Any event that deviates would signal an alert. Deploying the cybersecurity toolsets appropriate for your needs provides a higher level of operations visibility, with the added benefit of establishing a baseline for “normal” operations. This visibility is provided by alerts when anomalous events, such as an incorrect maintenance task, are taking place.
- After an Event: With correct response and recovery programs in place, such as backup and disaster recovery procedures for applications and data, organizations can become programmatic about responding to anomalous events. If the appropriate policies and procedures are put in place to respond effectively to a cybersecurity event, operations are able to return to normal production more quickly afterward.
A robust and resilient cybersecurity stance may be worth the investment in peace of mind alone but can create cost savings in real ways. The ability to recover quickly from cyber events, whether malicious or incidental, with appropriate response/recovery procedures and technology in place can translate directly into reduced downtime, resulting in greater productivity. For example, the ability to restore an application because back-ups and procedures were already in place minimizes timely activities to manually restore the application.
Finding operational value in cybersecurity initiatives is not hard to do, and as ransomware attacks spread across the marketplace, it is a good reminder that there are plenty of ways to be proactive about your cybersecurity. As we’ve learned, the true value of comprehensive cybersecurity is not only in the continuum of protection provided for systems and equipment, but also in the reduction and prevention of costly downtime.
Quade Nettles manages for services associated with cybersecurity at Rockwell Automation. Quade’s primary responsibility is to develop the strategic roadmap for industrial cyber security services including consultative services such as risk assessments and penetration testing, as well as managed security services such as threat detection and incident response.
