Skip to content
Information Technology

Critical Infrastructure Resilience: Safeguarding against Cyber Threats

Rockwell Automation 4 mins read

By Sabyasachi Goswami, Rockwell Automation & Rowan Macfarlane, Dragos

 

Operational technology (OT) has become the backbone of many industries, driving critical processes and systems. OT systems are essential to business success, from efficiency and automation to real-time monitoring for efficiency to mitigating risks for maximum safety and security. Furthermore, as many key industries drive critical processes and systems, any disruptions or failures in OT systems can have far-reaching consequences beyond economic losses.

 

Against this backdrop, it’s crucial to safeguard organisations’ OT systems. According to McKinsey, cyberattacks on OT systems have been on the rise, and in 2023, 70% of ransomware incidents happened in the manufacturing sector. With targeted threats that focus on infiltrating and disrupting industrial control systems, having proper gatekeeping measures has become imperative.

 

Cybersecurity risks in OT / ICS

 

Technology has significantly improved the industrial operations and critical infrastructure sector. However, the same technology that has benefited organisations also contributes to the cybersecurity risks that these organisations face. For example, while connectivity improves efficiency, it creates new avenues for cyber attackers to infiltrate OT or industrial control system (ICS) environments. At the same time, OT professionals need to manage day to day operational reliability and efficiency needs against lower likelihood, but severely impactful cyber-attacks.

 

In cybersecurity, OT environments pose unique challenges compared to traditional enterprise IT environments. Unlike the IT industry, where software and hardware are frequently updated to address security strategies, the OT sector is often untouched. This is often attributed to resourcing challenges, complexities in change management, or to maintain plant availability. Over time, OT devices and operating systems become outdated, making them difficult to maintain as they lack the required patches for security updates, causing security loopholes in the organisation’s critical infrastructure. 

 

Globally, industrial organisations have been slow to recognise the importance of developing and using cybersecurity programs specific to OT. However,  nearly 60% of attackers coming from nation state affiliate groups, with politically or financially driven motives. This means that critical infrastructures, such as energy, critical manufacturing, or water, become their main target since they will be the theatre of future wars, having the most potential to cause the greatest impact against an adversary.

 

Enhancing critical infrastructure resilience

 

With the growing number of cybersecurity breaches, protecting critical infrastructure should be the first step for any organisation. Take a defense-in-depth approach by deploying a multi-layered security approach on multiple fronts. Organisations should look into taking on a combination of advanced security tools to protect their endpoints, data, applications and networks. It is important to ensure that every endpoint is protected, whether it is on the IT or OT side of the organisation’s infrastructure. At the very least, industrial organisations should prioritise and take existing cybersecurity measures seriously instead of keeping it as an afterthought.

 

To further strengthen and mitigate cybersecurity attacks across the organisation, consider deploying a zero-trust architecture. Run a risk and vulnerability assessment to identify the gaps within the IT and OT infrastructure to pinpoint the most vulnerable areas within the ecosystem, then identify and implement the cybersecurity tools that are most suitable to the use-cases required. It is important to note that a zero-trust model is not a one-size-fits-all and can look different for every organisation. This is why having a trusted partner who understands your business is crucial when taking a zero-trust approach.

 

Most importantly, adopting a zero-trust model could mean embracing a mindset shift for organisations. This can be a tedious step to take, but for a truly successful shift, cooperation across the organisation is necessary. From cybersecurity controls like network segmentation, multi-factor authentication (MFA), frequent asset inventories, or OT patching, having an added level of security safeguards organisations’ most precious assets and critical infrastructure. 

 

Safeguarding OT systems with strengthened cybersecurity

 

According to Dragos, organisations looking to implement a preventive cybersecurity program should consider the SANS key ICS Cybersecurity Critical Controls, as below:

 

  1. Build an ICS incident response plan

This involves developing a dedicated plan for specific scenarios and will require collaboration between different departments as it is a whole-of-business approach. For example, establishing a plan for ransomware may require input and coordination with several areas of the business, such as operations, engineering, public relations, legal, data privacy, customers, and regulators. As a result, plans and procedures should be prepared and tested in advance.

 

  1. Set up a defensible architecture

Understand what systems are important for operations, then build a demilitarised zone (DMZ) between the OT systems and business environment to enable quicker response and more rigorous security controls.

 

  1. Ensure OT visibility and monitoring

An important aspect of preventive cybersecurity, visibility is key because it helps organisations look into what’s happening within their operations at all times. This helps with early threat detection and rapid incident responses. Being able to see what happens on the ground also gives businesses more confidence as they have real-time data to back them up.

 

  1. Enable secure remote access

More organisations today are already implementing secure remote access, or MFA, within their environment. MFA is so important in providing an added layer of security across systems. From vendor access to file movements across the company, even enabling employees to work remotely, MFA can significantly reduce risk for organisations without requiring a large investment.

 

  1. Risk-based vulnerability management

The reality is that securing every aspect of the business and patching every potential loophole is not as simple due to the legacy systems involved within OT environments. However, by knowing the gaps and areas of vulnerabilities within the organisation, businesses can pay more attention to them, so they can develop a plan with the business to resolve these vulnerabilities in an appropriate way.

 

Building a more resilient infrastructure with a trusted partner

 

Cybersecurity should be an always-on preventive approach, and organisations must proactively take action to safeguard their critical environments. Rockwell Automation provides a range of industrial cybersecurity solutions to meet businesses where they are and provides specialised knowledge in OT cybersecurity. 

 

Whether it’s project-based security enhancements or long-term cybersecurity solutions that can support organisations as they innovate and navigate the future of IT/OT convergence, our partnerships with cybersecurity experts like Dragos give us deep industry knowledge and experience, bringing insights specific to the industrial automation space.

 

We’ll never know when the next cybercrime will happen, so take action before it’s too late.


About us:

Rockwell Automation, Inc. (NYSE: ROK), is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more productive and more sustainable. Headquartered in Milwaukee, Wisconsin, Rockwell Automation employs approximately 29,000 problem solvers dedicated to our customers in more than 100 countries. To learn more about how we are bringing the Connected Enterprise to life across industrial enterprises, visit www.rockwellautomation.com.


Contact details:

Jack Mallen-Cooper
PR Consultant
Whyte Public Relations
(02) 9901 4306
whytepr@whytepr.com.au

Media

More from this category

  • Crime, Information Technology
  • 11/10/2024
  • 13:13
Charles Darwin University

Can ChatGPT flag potential terrorists? Study uses automated tools and AI to profile violent extremists

Technology such as ChatGPT could play a complementary role and help profile terrorists and identify the likelihood of them engaging in extremist activity, according…

  • Contains:
  • Government Federal, Information Technology
  • 11/10/2024
  • 09:50
Parliament of Australia

PJCIS to review cyber security legislation package

TheParliamentary Joint Committee on Intelligence and Security(PJCIS) has commenced an inquiry into the Cyber Security Legislative Package consisting of theCyber Security Bill 2024,the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024and theIntelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024. The Cyber Security Legislative Package intends to implement seven initiatives under the 2023-2030Australian Cyber Security Strategy, which aims to address legislative gaps to bring Australia in line with international best practice and help ensure Australia is on track to become a global leader in cyber security. These measures are intended to address gaps…

  • Information Technology
  • 11/10/2024
  • 02:25
Zoom Video Communications, Inc.

Zoom named a Leader in the 2024 Gartner® Magic Quadrant(TM) for UCaaS, Worldwide

Zoom Celebrates its Fifth Consecutive Time Being Placed in the Leaders QuadrantSAN JOSE, Calif., Oct. 10, 2024 (GLOBE NEWSWIRE) -- Zoom Video Communications, Inc. (NASDAQ: ZM), today announced that Gartner has named Zoom a Leader in the 2024 Gartner® Magic Quadrant™ for Unified Communications as a Service (UCaaS), Worldwide for the fifth time in a row. The UCaaS report evaluated 11 companies in the unified communications space, and Zoom has been recognized as a Leader in this. Zoom includes enterprise-grade solutions like Zoom AI Companion, Zoom Contact Center, Zoom Team Chat, Zoom Phone, Zoom Meetings, and Workvivo.“We believe being named…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.