Are you Ready?


January 10, 2019 - 2 Comments

Are you Ready?

Ultimately, that’s the question every Plant Manager, every Chief Security Officer and every Controls Engineer (among other roles) needs to ask himself or herself.  The attackers are at your manufacturing plant door.  Are you ready?

As easy as that question is to ask, answering it is not nearly as straightforward.  Every day bad actors (aka would-be attackers) “Go to work” to develop new methods of attacking manufacturing environments.  Even if you had reason to “feel comfortable” three months ago, are you doing enough to stay ahead?  Are you ready?

Being ready ultimately boils down to being able to protect your environment before, during and after an attack.  It is important to realize that no safeguards are invulnerable, and breaches are inevitable, so being able to detect the breach, neutralize the risk and return to normal operations as fast as possible is a critical part of the overall strategy.

Visibility is a critical aspect of any security strategy.  If you cannot tell what is connected to your industrial network, what devices are talking to each other and effectively, what they are saying, then you really have no way of knowing when you have been compromised.  With the proper visibility you can inspect traffic and even implement machine learning of the traffic to allow you to quickly identify and address suspect traffic.

Once you have that visibility, you need to define and enforce the proper segmentation of that traffic to minimize the impact of a successful breach.  Areas of particularly high risk (e.g. a workstation running an application unable to run on current operating system) should have additional controls to contain the risk.

Lastly, it is important to set-up the right access privileges for employees, contractors and vendors for accessing the industrial network and the internet from within the manufacturing plant and when logging in from a remote site.  The access enforcement needs to be context-aware, comprehensive and seamless … and easy to use.  If a machine is down, there must be a fast way to get that vendor quick remote access to their equipment.  If not, people will bypass the solution with high-risk solutions.

When putting in place an industrial security strategy, it is important to recognize that there is no “magic coin” to protect you and you cannot strap-on your security like body-armor.  You need a defense-in-depth strategy that builds security in at every level.  Every aspect of your infrastructure needs to work in unison to protect your environment, and you can’t do anything to make it more difficult to ship quality products out the door, on-time at the least cost.

Are you ready?  Please visit Cisco at the S4 Industrial Security Conference in Miami, Florida on Jan 14-17 to make sure you are ready.  We have three speakers who will be sharing their expertise in the following sessions:

  1. Weakness at the Boundaries – Organization, Skills and Technology Challenges for Industrial Security by Robert Albach, IoT Security Portfolio Manager
  2. A deep Dive on VPN Filtering by Carl Hurd, Sr. Research Engineer, Cisco Talos
  3. A Deep Dive on Network Traffic Collection Methodologies by Dan Behrens, Industrial Networking Engineer

 



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. Like analogy of from strap-on body armor to defense-in-depth strategy. Many industrial environments face difficulty when it comes to monitoring the varied range of assets on their network, full visibility, is way to start.

  2. Great article to get the creative juices flowing for those going to the conference and those that need to start thinking about security in the factory!