Operational technology organizations are challenged with widening cybersecurity gaps, an expanding attack surface and rising global threats. Well-resourced, sophisticated actors such as ransomware gangs and nation-state hackers have critical infrastructure in their sights, and the harm of shutdown is immense.
So when it comes to OT security, there’s no question that the long-range plan needs to be compressed. It’s not enough to have a roadmap; it’s time to accelerate that roadmap because threat actors have chosen shop floors and critical infrastructure as targets.
We at Rockwell Automation sought direct industry feedback and last February, surveyed 130 critical infrastructure providers. Nearly three in every four critical infrastructure providers said they experienced a breach in the previous year. And fewer than 30% had a plan in place to help identify critical cybersecurity gaps and to support a grant submission that could help close gaps.
The Biden administration has already sounded the alarm that action is needed to modernize defenses in industrial control systems. That’s good news for securing critical infrastructure because it’s shifted the emphasis from voluntary to mandatory.
And the time to act is now. We’ve lost a lot of ground over the last few years as threat actors have gained a foothold on being able to successfully accomplish things we’re seeing out there. We need to reinforce what are the basics that we need to do to protect our organizations.
Rockwell is working both in-house and with customers to find value in continuous monitoring and real-time threat detection. We’ve taken a hard look at the resilience of our own manufacturing operations in light of the cyberattacks being seen in our sector, the proliferation of IOT devices and increasing connectivity of legacy devices. We’ve then taken the insight gleaned from drilling down into our operations to benefit our customers’ businesses as well.
We’ve identified four pillars to make our vision of defending and protecting the Connected Enterprise a reality:
1) Bringing leadership on board: Senior executives and the board must recognize that OT security is a critical priority. We created a business case to secure the support and funding needed to initiate the OT cyber program.
2) Integrated IT/OT leadership: I can’t say enough about the importance of having a dedicated team with the needed expertise. We understand that there are differences in the OT space. But integrating the IT and OT teams is critical to success. We established an an integrated IT/OT team whose sole objective was to design and implement the company’s security strategy. We identified experts who understood IT infrastructure and moved them to OT to assess our OT situation and drive implementations.
3) A single governance and policy framework: Consistency is key to success. Many companies struggle when their plants enforce different policies. Our plants are all protected with the same OT architecture, software and hardware, allowing us to enforce common standards.
4) A unified cyber risk program: Our goal was to assess risk, remediate vulnerabilities and avoid disruption to the business. A unified risk program allows us to continually evaluate our risk and make the adjustments needed as technology and circumstances change.
With these four pillars as our foundation, we formulated an OT security roadmap and devised a new cyber secure architecture and design to shield the critical manufacturing ecosystem from cyberattacks.
Our playbook for doing this was based on four main steps that I call DRIMR (pronounced “Dreamer”): Discover >Remediate>Isolate>Monitor & Respond
Discover: You can’t protect what you don’t know. You need a full inventory of all IT network assets and their current state
Remediate: Eliminate, upgrade or replace unsupported OT applications, operating systems, devices and infrastructure. Secure acceptable risk levels in priority order. Document any remediations.
Isolate: Establish a perimeter to contain risk. Segment networks, put up a firewall, implement an IDMZ and establish an industrial data center to encapsulate critical applications inside the protected OT network. Secure endpoints by installing OT security software on manufacturing assets. Secure 3rd party OT remote access to monitor their activity.
Monitor & Respond: We use OT network monitoring software at all our plants, and federate the data into our IT/OT SOC. By integrating our OT monitoring software with endpoint protection, we can react quickly. It’s like having a fire department right on the shop floor.
The Big Shutdown – a large-scale disaster with broad, harmful implications – looms closer to reality.
Critical organizations can no longer wait on the sidelines, unprepared.