Skip to content
Information Technology

Critical Infrastructure Resilience: Safeguarding against Cyber Threats

Rockwell Automation 4 mins read
Technology has significantly improved the industrial operations and critical infrastructure sector. However, the same technology that has benefited organisations also contributes to the cybersecurity risks that these organisations face.

By Sabyasachi Goswami, Rockwell Automation & Rowan Macfarlane, Dragos

 

Operational technology (OT) has become the backbone of many industries, driving critical processes and systems. OT systems are essential to business success, from efficiency and automation to real-time monitoring for efficiency to mitigating risks for maximum safety and security. Furthermore, as many key industries drive critical processes and systems, any disruptions or failures in OT systems can have far-reaching consequences beyond economic losses.

 

Against this backdrop, it’s crucial to safeguard organisations’ OT systems. According to McKinsey, cyberattacks on OT systems have been on the rise, and in 2023, 70% of ransomware incidents happened in the manufacturing sector. With targeted threats that focus on infiltrating and disrupting industrial control systems, having proper gatekeeping measures has become imperative.

 

Cybersecurity risks in OT / ICS

 

Technology has significantly improved the industrial operations and critical infrastructure sector. However, the same technology that has benefited organisations also contributes to the cybersecurity risks that these organisations face. For example, while connectivity improves efficiency, it creates new avenues for cyber attackers to infiltrate OT or industrial control system (ICS) environments. At the same time, OT professionals need to manage day to day operational reliability and efficiency needs against lower likelihood, but severely impactful cyber-attacks.

 

In cybersecurity, OT environments pose unique challenges compared to traditional enterprise IT environments. Unlike the IT industry, where software and hardware are frequently updated to address security strategies, the OT sector is often untouched. This is often attributed to resourcing challenges, complexities in change management, or to maintain plant availability. Over time, OT devices and operating systems become outdated, making them difficult to maintain as they lack the required patches for security updates, causing security loopholes in the organisation’s critical infrastructure. 

 

Globally, industrial organisations have been slow to recognise the importance of developing and using cybersecurity programs specific to OT. However,  nearly 60% of attackers coming from nation state affiliate groups, with politically or financially driven motives. This means that critical infrastructures, such as energy, critical manufacturing, or water, become their main target since they will be the theatre of future wars, having the most potential to cause the greatest impact against an adversary.

 

Enhancing critical infrastructure resilience

 

With the growing number of cybersecurity breaches, protecting critical infrastructure should be the first step for any organisation. Take a defense-in-depth approach by deploying a multi-layered security approach on multiple fronts. Organisations should look into taking on a combination of advanced security tools to protect their endpoints, data, applications and networks. It is important to ensure that every endpoint is protected, whether it is on the IT or OT side of the organisation’s infrastructure. At the very least, industrial organisations should prioritise and take existing cybersecurity measures seriously instead of keeping it as an afterthought.

 

To further strengthen and mitigate cybersecurity attacks across the organisation, consider deploying a zero-trust architecture. Run a risk and vulnerability assessment to identify the gaps within the IT and OT infrastructure to pinpoint the most vulnerable areas within the ecosystem, then identify and implement the cybersecurity tools that are most suitable to the use-cases required. It is important to note that a zero-trust model is not a one-size-fits-all and can look different for every organisation. This is why having a trusted partner who understands your business is crucial when taking a zero-trust approach.

 

Most importantly, adopting a zero-trust model could mean embracing a mindset shift for organisations. This can be a tedious step to take, but for a truly successful shift, cooperation across the organisation is necessary. From cybersecurity controls like network segmentation, multi-factor authentication (MFA), frequent asset inventories, or OT patching, having an added level of security safeguards organisations’ most precious assets and critical infrastructure. 

 

Safeguarding OT systems with strengthened cybersecurity

 

According to Dragos, organisations looking to implement a preventive cybersecurity program should consider the SANS key ICS Cybersecurity Critical Controls, as below:

 

  1. Build an ICS incident response plan

This involves developing a dedicated plan for specific scenarios and will require collaboration between different departments as it is a whole-of-business approach. For example, establishing a plan for ransomware may require input and coordination with several areas of the business, such as operations, engineering, public relations, legal, data privacy, customers, and regulators. As a result, plans and procedures should be prepared and tested in advance.

 

  1. Set up a defensible architecture

Understand what systems are important for operations, then build a demilitarised zone (DMZ) between the OT systems and business environment to enable quicker response and more rigorous security controls.

 

  1. Ensure OT visibility and monitoring

An important aspect of preventive cybersecurity, visibility is key because it helps organisations look into what’s happening within their operations at all times. This helps with early threat detection and rapid incident responses. Being able to see what happens on the ground also gives businesses more confidence as they have real-time data to back them up.

 

  1. Enable secure remote access

More organisations today are already implementing secure remote access, or MFA, within their environment. MFA is so important in providing an added layer of security across systems. From vendor access to file movements across the company, even enabling employees to work remotely, MFA can significantly reduce risk for organisations without requiring a large investment.

 

  1. Risk-based vulnerability management

The reality is that securing every aspect of the business and patching every potential loophole is not as simple due to the legacy systems involved within OT environments. However, by knowing the gaps and areas of vulnerabilities within the organisation, businesses can pay more attention to them, so they can develop a plan with the business to resolve these vulnerabilities in an appropriate way.

 

Building a more resilient infrastructure with a trusted partner

 

Cybersecurity should be an always-on preventive approach, and organisations must proactively take action to safeguard their critical environments. Rockwell Automation provides a range of industrial cybersecurity solutions to meet businesses where they are and provides specialised knowledge in OT cybersecurity. 

 

Whether it’s project-based security enhancements or long-term cybersecurity solutions that can support organisations as they innovate and navigate the future of IT/OT convergence, our partnerships with cybersecurity experts like Dragos give us deep industry knowledge and experience, bringing insights specific to the industrial automation space.

 

We’ll never know when the next cybercrime will happen, so take action before it’s too late.


About us:

Rockwell Automation, Inc. (NYSE: ROK), is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more productive and more sustainable. Headquartered in Milwaukee, Wisconsin, Rockwell Automation employs approximately 29,000 problem solvers dedicated to our customers in more than 100 countries. To learn more about how we are bringing the Connected Enterprise to life across industrial enterprises, visit www.rockwellautomation.com.


Contact details:

Jack Mallen-Cooper
PR Consultant
Whyte Public Relations
(02) 9901 4306
whytepr@whytepr.com.au

Media

More from this category

  • Information Technology, Insurance
  • 24/06/2024
  • 09:00
Qikio

Qikio partners with Mercurien to expand commercial car insurance offerings?

Qikio, an insurtech dedicated to providing cutting-edge insurance solutions, is excited to announce a strategic underwriting partnership with Mercurien, an Australian company with a…

  • Contains:
  • Information Technology
  • 19/06/2024
  • 16:33
Gigamon

Gigamon Research Reveals Global Security Leaders are Losing Ground in the Race Against Cybercrime as Undetected Breaches Rise By 20 Percent

New research shows 1 in 3 organisations were unable to detect a breach in the last 12 months, with just 25 percent able to respond in real time Gigamon, a leader in deep observability, today published its 2024 Hybrid Cloud Security Survey, revealing that organisations around the world are still unprepared for modern, sophisticated cyberthreats. The annual survey of over 1,000 Security and IT leaders across Australia, France, Germany, Singapore, UK and the USA, shows a decline in detection and response capabilities year-on-year compared to the company’s 2023 Hybrid Cloud Security Report. As hybrid cloud environments grow in complexity and…

  • Information Technology
  • 19/06/2024
  • 10:07
Annature

MyBudget announces transition to Annature for a more efficient and cost-effective eSigning solution

BRISBANE, Australia, June 19, 2024 (GLOBE NEWSWIRE) -- MyBudget, Australia’s most trusted specialist in budgeting, debt solutions and money management, today announced its successful transition to Australian eSigning innovator Annature.This partnership sees MyBudget, which also operates loans solutions service MyBudget Loans and custom home building company MyHomeBuild, using Annature for all formal internal and external client-facing documents across its businesses, at a significantly lower cost than its previous eSigning provider, DocuSign.For more than 25 years, MyBudget’s team of money experts have been helping Australians reduce their debt, create savings and manage their money with confidence, offering detailed budget plans, a…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.