By Scott McCausland, MBA
Process and Data Automation

Concept for loss of corporate secrets through insecure data storageConcept for loss of corporate secrets through insecure data storageCyber security attacks against industrial companies are nothing new; however, with stealthy and more sophisticated methods aimed directly at the plant floor, it is time for a more serious approach to information security. Recent data breaches against multiple major companies have brought cyber-security into the forefront of information technology departments across the globe. With the proliferation of “smart” devices, and the volume of data that can be collected and analyzed, access to this information is becoming more valuable and thus, more appealing to perpetrators. There are multiple strategies to employ when discussing cybersecurity at the floor level, and here are four of the most important:

1) Network Segmentation – segmentation of industrial networks from office networks by making them islands with specific conduits of communication – preventing unauthorized access to automated control systems and data collection repositories, and decreasing overall network traffic, improving performance;

2) Peripherals Security – limiting the use of portable storage devices on the plant floor will reduce thumbsucking attacks, where a perpetrator will use a “thumb” drive to breach the system and gain control access;

3) Log Activity – collecting detailed activity logs – data regarding who, what, when, and where, can lead to detailed tracing of security weaknesses and visibility of unauthorized attacks, especially in the event of silent infiltrations;

4) Defense in Depth – deploy multiple security countermeasures in a layered architecture. Policies requiring secure VPN access, deployment of network firewalls, and implementation of role-based access control stacks security layer on top of security layer.

These strategies are not difficult to implement, but they require enterprise support from the top down. The development of security policies and procedures enable organizations to follow a consistent program for maintaining an acceptable level of industrial security. Post-event preparation, by definition, means the damage is already done, don’t put off till tomorrow, what could save you today. Process and Data Automation’s Data Services Group has experienced and certified network security professionals available to consult on security implementation strategies.

 

For more information on cybersecurity for manufacturers, consider attending Cybersecurity 101 in February.
Click for details and to register.