Tailor Cybersecurity To OT Environments
A KEY LESSON of IT/OT convergence has been that OT environments can’t be secured the same way as IT environments. There are some key reasons why a copy-and-paste approach doesn’t work.
First, OT environments have their own networks, technologies, and business priorities that must be uniquely addressed in an OT cybersecurity strategy. Cyber threats specifically targeting industrial-control systems also continue to emerge. When security events occur, they can have different consequences in OT environments, including costly production downtime and the potential for human harm.
To help protect people, processes, and intellectual property on the plant floor, you need to tailor cybersecurity efforts to your OT environments. Here are five factors to consider.
OT-ALIGNED SECURITY TOOLS
Threat-detection tools, designed specifically for OT environments, play an important role in securing the plant floor. The tools can identify assets, profile network communications, and monitor OT network traffic at its deepest levels to find and report anomalies. The tools leverage passive networking technology to avoid disrupting critical OT communications and can be used as part of a remotely managed threat-detection service if specialized IT/OT skillsets are not in place.
RESPONSE & RECOVERY PLANS
If a security event happens, well-designed response and recovery plans can help you address the threat and resume production as soon as possible. For example, developing a defined workflow that safely outlines recovery steps to be taken to return to a fully operational state can help you more efficiently respond to a cyber incident.
CIP SECURITY-ENABLED DEVICES
Developed by ODVA, Ann Arbor, MI (odva.org), CIP Security is used on industrial-control devices to help protect critical industrial communications on an EtherNet/IP network. CIP Security helps fortify control systems in three key ways:
Device identity and authentication limits communications to only authorized devices.
Data integrity and authentication prevents packet tampering or modifications.
Data confidentiality prevents snooping or unauthorized data disclosure through encrypted communications.
Several products are now available with CIP security and more are on the way.
Automation vendors play an important role in helping you meet your security goals. Before working with a vendor, ask to see their security policies and practices. Do they have security principles in place for designing products or have certifications for international security standards, such as IEC 62443? You should also understand how transparent your vendors are in identifying and addressing potential vulnerabilities in their products. For example, does their vulnerability-management process align with IEC 29147 and 30111? Do they work with outside organizations to test the security of their products?
TRAINING & COMMUNICATIONS
Security-awareness training and communications should be provided to production workers, addressing the unique risks found in OT environments. For example, risks such as phishing that are common in the IT environment won’t be as relevant in the OT space. Instead, the training and communications focus should be on physical risks, such as proper USB drive usage and visitor access.
For more information about securing OT environments, visit the Rockwell Automation industrial cybersecurity webpage at rockwellautomation.com/en-us/capabilities/industrial-security.html.