Seven tips for enhancing plant cybersecurity

Companies can't prevent all cyber attacks from occurring, but simple best practices such as enforcing security policies, strengthening physical security, and controlling network access with device profiling will go a long way to lowering the risk of an attack.

11/24/2017


The appeal of Industrie 4.0 is undeniable. Manufacturers are gaining a competitive advantage by squeezing out new levels of equipment availability, productivity, and quality, all while lowering costs and improving revenue. Factory data is the "gold" that needs to be mined and refined (analyzed) to realize next-generation manufacturing.

However, connecting to machine data in the factory from the enterprise can potentially open up security risks. With any Industrie 4.0 or Industrial Internet of Things (IIoT) project, the attack surface is going to expand. The entire organization's IIoT effort may come to a grinding halt if a hacker wreaks havoc in the facility, so plan ahead.

Cisco's 2017 Midyear Cybersecurity Report reflects not only these areas of concern for manufacturers as well as the changing security landscape for many industries. Some important cybersecurity findings for manufacturing include: 

  • Twenty-eight percent of manufacturing organizations reported a loss of revenue due to attacks in the past year-the average lost revenue was 14%.
  • Forty-six percent of manufacturing organizations use six or more security vendors, with 20% using more than 10. Sixty-three percent use six or more products, with 30% using more than 10 products.
  • Nearly 60% of manufacturing organizations report having fewer than 30 employees dedicated to security, while 25% consider a lack of trained personnel as a major obstacle in adopting advanced security processes and technology. 

Image courtesy: Ilya Pavlov/UnsplashThe cybersecurity report covers technology trends, impact to businesses, adversary tactics, vulnerabilities, opportunities to better defend against risk, and how to communicate with management. To keep a facility safe in the frightening world we live in, there is no one product and solution that provides complete assurance. Nevertheless, there are some basic steps that will mitigate risk.

Consider these seven steps to defend a factory from cybersecurity attacks: 

  1. Add managed switches and implement basic security measures. Open ports on unmanaged switches are a security risk and need to be locked down. In addition, unmanaged switches offer no resiliency and result in higher downtime. Unmanaged switches cannot prioritize or segment traffic and they also have limited or no tools for monitoring network activity or performance—limiting the ability to troubleshoot if and when there is a security incident or other problem.
  2. Create and enforce security policies. This is basic, but it's surprising how little attention or detail some facilities give this. Simple question such as: "Who is allowed to do what?" "What can contractors access?" "What 'outside world' connections are allowed?" Get a basic framework documented and employees trained on it, now.
  3. Lock down the factory with defense-in-depth security. A defense-in-depth approach is an accepted way to secure your factory with a DMZ, and the layers below the DMZ.
  4. Strengthen physical security. Control plant area access, lock control cabinets, lock programmable logic controllers (PLCs) with keys, install security cameras in appropriate locations, and control equipment firmware and code versions.
  5. Control network access with device profiling. Get a solution that delivers full visibility into the users, devices, and applications accessing your network. Protect the organization with dynamic control to make sure only the right people with trusted devices get the right level of access to network services. Even if a rogue user gets access to the network—make sure they can't get far.
  6. Use industry best practices. Companies should use standards such as ISA IEC 62443 to set up zones and design schemas to segment and isolate your sub-systems in the factory. Isolate critical traffic only where it must go on the network. Implement strong firewall and intrusion prevention, and e-mail and web security.
  7. Explore and restrict the number of ways remote access to the plant is enabled. Ensure all methods of remote access are secure. 

With hundreds of security vendors on the market today, it's also important to consider compatibility between all these systems. Choose a vendor who has compatibility tested their products together to ensure reliable performance in multiple environments.

While companies may not be able to take one giant leap to a fully secure factory environment, they can take a series of smaller steps to get to a point of manageable risk.

Scot Wlodarczak joined Cisco in early 2016, focused in the manufacturing, oil & gas, and utilities space. This article originally appeared on ISSSource.com, a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me