Manufacturing - Endeavor Business Media
Sponsored by:
Siemens logo

EXECUTIVE SUMMARY

Cybersecurity for Advanced Manufacturing and Critical Infrastructure

Digitalization has opened a new world of opportunity for traditional operational technologies. 

However, these opportunities introduce cybersecurity risks to the OT environment, making it critical for companies to develop OT-focused response plans and security strategies. The historically and fundamentally different sets of physical OT and virtual IT systems require increased collaboration and an integrated approach to cybersecurity.

Siemens Advanta and Vector9 work with OT customers, large and small. As security advisors and solution providers, Siemens Advanta and Vector9 use their considerable industry expertise to meet the cybersecurity needs of an evolving technology landscape, incorporating today’s technology integrations and tomorrow’s advancements in a holistic cybersecurity practice.

Cybersecurity for Advanced Manufacturing and Critical Infrastructure

Sahil Diwan and Dennis Gilbert discuss how to best approach cybersecurity for today’s technology integrations and tomorrow’s advancements.
Download Summary PDFOpens in a new window.

Biographies

Josh Angel
Josh Angel
Josh Angel
Sahil Diwan

Strategic Cybersecurity Consulting
Siemens Advanta

Marianne Donoghue
Marianne Donoghue
Marianne Donoghue
Dennis P. Gilbert, Jr.
Founder and CEO
Vector9 Consultants, LLC

Context

The presenters discussed the specific challenges to cybersecurity for OT environments and steps that organizations can take to address those challenges.

Key Takeaways

To bridge the workforce skills gap, manufacturers must focus on technology and employee development.

OT cybersecurity faces challenges from attackers and OT environments.

Threat vectors have significantly changed over time in response to the increased variation in infrastructure, making it more challenging to discover and counter threats before damage is done. Threat vectors today range from lateral movement in the IT to OT environments to unauthorized remote access and insider threat and more.

1

Damaging Systems
Damaging Systems
Many threat actors will use the code of stolen assets to carry out false commands in an attempt to damage systems. 
Damaging Systems
Many threat actors will use the code of stolen assets to carry out false commands in an attempt to damage systems. 

2

Professional Organizations
Professional Organizations
Threat actors are frequently professional organizations, investing time and energy to determine attack targets.
Professional Organizations
Threat actors are frequently professional organizations, investing time and energy to determine attack targets.

3

Ransom Payouts
Ransom Payouts
These threat actors determine what it takes to execute the attack and what capability needs to be used to motivate ransom payouts. 
Ransom Payouts
These threat actors determine what it takes to execute the attack and what capability needs to be used to motivate ransom payouts. 

There is no one-size-fits-all approach to cybersecurity. Regardless of industry, the OT environment is highly complex, with a variety of implementations and needs, including solutions from multiple vendors, hybrid data center configurations, legacy systems that were never meant to be remotely accessed being brought online, and more. Infrastructure varies by company, adding another layer of complexity. 

“Attack styles have changed. No longer is it a short-duration attack. Attackers will sit there for months, even a year—they will understand your environment. They will understand how to move laterally. And when everything is set, they will move.”

- Sahil Diwan, Siemens Advanta

OT environments require different approaches to security.

Today, businesses are most concerned about ransomware in the OT environment, whether via a lateral move from the IT network to the OT network or from direct entry. 

1

Information Technology (IT)
On the IT side, risk management and technology availability can be maintained even through upgrades and migrations as long as configuration and network settings keep data secured.
On the IT side, risk management and technology availability can be maintained even through upgrades and migrations as long as configuration and network settings keep data secured.

2

Operational Technology (OT)
However, on the OT side, an update or change in technology configuration can lead to extensive downtime, which represents a significant loss for the business.
However, on the OT side, an update or change in technology configuration can lead to extensive downtime, which represents a significant loss for the business.

3

Proper Segmentation
Bricking the VPN, routers or firewalls can mitigate risk of ransomware entering the OT environment from the IT environment, but restoring system operations takes a long time. 
Bricking the VPN, routers, or firewalls can mitigate risk of ransomware entering the OT environment from the IT environment, but restoring system operations takes a long time. 

Developing an optimal approach that takes into account both security and availability is top of mind for many enterprises. Because of the differences between the OT and IT environments, one key step to improving OT security is to create a focused incident response (IR) plan specifically for an attack in the OT environment. 

Just as with an IT IR plan, the OT IR plan should include:

Detailed steps
around segmentation
Whom to contact
How to communicate both
internally and externally

Although OT risk management is still in its early phases, more solutions or programs will likely become available in the market as the field grows.

“Those folks with ransomware groups, sitting around a table, understanding their ROI—they are now targeting the OT environment for that increased opportunity to make some money."

– Dennis P. Gilbert, Jr., Vector9 Consultants

OT security requires increased cooperation between IT and OT departments.

Siemens Advanta recommends applying a framework of governance, people, processes, and technology to OT security programs.

Bi-directional Communications
Operating as efficiently as possible requires bi-directional communications, to both send out performance parameters and receive communications back to control a given unit based on current operational environment. This often translates to an increase in cloud-based solutions across the enterprise; however, securing the full stack now requires cross-department collaboration and cooperation as terminology and processes spread from IT-centric to a shared IT and OT discussion, increasing security effectiveness.
Visibility & Risk Management 
Visibility is critical to risk mitigation. A technology-based solution to track and manage assets provides a foundation for risk management; however, action must accompany the asset information to be effective. Understanding the value being held at risk in the OT environment by bringing together the security team with the owner-operators of facilities will clearly define the impact of threats and vulnerabilities to the OT environment, based on performance and security requirements. Taking technical information and translating it into business impact that can be communicated to the C-suite and board of directors levels supports more balanced, informed decision-making.
Other Key Processes
Other key process areas that contribute to increased OT cybersecurity include investing in security resources for the long term, through hiring or developing specially trained OT security employees, taking time to architect an optimal process and infrastructure design, and involving leadership to build the core areas of security. Executive buy-in and understanding of the fundamental differences between IT and OT environments further support improved enterprise-wide security.
Hybrid Approach
LIFT has taken a hybrid approach to its training programs. At home, students conduct simulations and learn theory on their computers at a time that is convenient for them. In-person meetings are devoted to hands-on learning. Hybrid learning means makes upskilling opportunities more attainable for people already in the workforce.

Enterprises can take concrete steps to mitigate OT security risks.

OT security faces challenges of scale at large OT-heavy companies, such as big utilities providers. In the current market, these organizations will benefit greatly from support from consultants, resellers, distributors, and integrators. However, even smaller utilities are advised to invest in OT security. The risk to not only financial resources, but also to public trust, should not be underestimated.

To protect operations, organizations can undertake three key practices: 

1

Patch management
Patch management and asset management are related; it’s important to employ logical segmentation while patching to decrease vulnerability.

2

Asset management
Having a solid asset inventory in an operational environment, with relevant data attributes and metadata defined, supports timely patch management.

3

Visibility
Having a robust asset inventory also provides better visibility and improves attack surface management.
There is an increasing focus on OEMs participating in the software bill of materials to ensure that software being installed into the OT environment does not contain inherently vulnerable code. As discussions grow around insider threats, attention on regulations and requirements will also grow. The increasing attention on cybersecurity at both the federal and state regulatory levels is spurring the development of regulations and sector-specific directives. Given the long lead time to develop and publish government regulations, industry guidance tends to be more applicable when implementing strategies to protect against current cybersecurity risks.

Additional Resources

Cybersecurity for Advanced Manufacturing and Critical Infrastructure

Watch the webinar featuring Sahil Diwan, Siemens Advanta cyber practice lead, and Dennis Gilbert, Founder & CEO, Vector9 Consultants, discussing how to best approach cybersecurity for today’s technology integrations and tomorrow’s advancements.

Cybersecurity for Advanced Manufacturing and Critical Infrastructure

Sahil Diwan, Siemens Advanta cyber practice lead, and Dennis Gilbert, Founder & CEO, Vector9 Consultants, discuss the specific challenges to cybersecurity for OT environments and steps that organizations can take to address those challenges.

Download Summary PDFOpens in a new window.
How to Keep Critical Infrastructure Safe - Building Trust in a Digitalized World
Digitalization not only considers risk but huge benefits. But how can digital trust be enabled and cyber security be improved to evolve the full potential of digitalization? Natalia Oropeza and Dr. Christoph Peylo share their vision on digitalization and help to improve trust.
Listen NowOpens in a new window.