Cyberaanvallen op industriële automatisering: Vijf strategieën om jouw productie te beschermen

Branche

With increasing reports of cyberattacks targeting the industrial sector, Thomas Vasen, Business Development Manager Network Security at HMS Networks, outlines five strategies companies can implement to strengthen their defences and avoid becoming the next victim.

Growth of cyber attacks

Cybersecurity is quickly becoming a major focus in industrial automation. The World Economic Forum highlighted in 2023 that manufacturing is the sector most affected by cyberattacks. Furthermore, Orange Cyberdefense that the manufacturing sector has Common Vulnerability Scoring System (CVSS) scores that are 33% higher than the global average. The increasing number of attacks on Industrial Control Systems (ICS) is of particular concern. Gartner predicts a bleak future: by 2025, cyberattacks are expected to injure or endanger people.

The time to take action is now. Here are five strategies that businesses can implement to effectively reduce the risk of cyberattacks.

OT is not just another version of IT

The first step is to adopt the right mindset. In the 1990s Netheads and Bellheads discussed about the future of telecommunications. While Bellheads advocated for traditional methods, Netheads argued that voice should be treated like any other data and sent over IP. Three decades later, Netheads’ vision has prevailed, with voice being sent over the Internet like any other type of data. Users even accepted a degradation in call quality due to increased latency and choppy calls. Fortunately, not every phone call feels like an intercontinental call anymore.

However, the situation with Operational Technology (OT) is fundamentally different. Unlike Information Technology (IT), OT cannot compromise on quality and increased latency, as even minor disruptions can have catastrophic consequences. Treating OT as just another version of IT is a serious mistake, as OT operates according to different principles and requirements. While IT prioritizes data integrity and confidentiality, OT requires deterministic data and uptime assurance. This distinction is especially crucial in industries such as manufacturing, where even minor disruptions can lead to significant financial losses, material waste, and operational downtime. In IT, occasional network outages or data loss may be manageable inconveniences. In OT, however, a similar disruption can have much more serious consequences. Imagine an ice cream machine breaking down due to a network outage or data inconsistency. Not only would the production process come to a halt, but the perishable ingredients would also spoil, resulting in financial losses and wasted ice cream. And nobody wants that.

So while it makes sense for OT to adopt IT technologies (there are many advantages to using Industrial Ethernet over traditional fieldbus networks), it must be recognised that standard IT does not meet the requirements of OT. Hence the rise of industrial communication protocols and therefore the need for specialist OT security products and solutions.

Figuur 1: In OT zou uitval van het netwerk ertoe leiden dat productieprocessen tot stilstand komen, met financiële verliezen en verspilling van ingrediënten of materialen tot gevolg.

Figure 1: In OT, network failure would cause production processes to grind to a halt, resulting in financial losses and waste of ingredients or materials.

IT and OT must work together

While the Chief Information Security Officer (CISO) is under pressure and controls the security budget, often including that of OT, it is the operations manager who is responsible for uninterrupted production in the factory. This situation creates inherent conflicts due to differing priorities. IT professionals adhere to the CIA framework, where Confidentiality is the top priority, followed by Integrity and Availability. In contrast, operational personnel value Safety, followed by Availability, Integrity and finally Confidentiality – resulting in the (S)AIC order.

Image HMS Networks

This contradiction creates conflict and tension, but the underlying common goal remains clear: ensuring business continuity. In recognition of this shared goal, the CISO (IT) and the operations manager (OT) must work together to address these challenges and align their approaches to ensure business continuity.

Develop a comprehensive OT security plan

Securing OT environments requires a proactive and tailored approach to the unique challenges of industrial processes. Companies must thoroughly identify and assess their assets, mapping the risks associated with each machine. Rapid detection of anomalies is important, but even more crucial is implementing robust security measures to protect these assets. Having a comprehensive recovery plan and implementing measures to minimize impact is also important and is often recommended by experts such as those at ISA/IEC 62334.

Image HMS Networks

Currently, many companies are focusing on asset inventory and threat detection. While this is important, it is not enough to protect OT environments. Companies must also take measures to secure their assets.

Protect yourself with network segmentation

Network segmentation is an excellent way to secure OT environments. By dividing networks into zones and separating them with security access control, companies can increase security and prevent unauthorized access. The benefits of network segmentation include:

Protection against external traffic: Separation of IT networks!
Inspection of internal traffic: Downtime is often caused by internal threats, whether intentional or unintentional.
Securing remote maintenance from outside: Allowing remote maintenance can be crucial for uptime, but it can also be a backdoor for threats to enter your network. Take granular control over traffic flow.
Isolation of visiting employees: Know what is connected to the network and control what they have access to.
Secure and uninterrupted industrial communication between machines: Implement secure and fast paths for machine-to-machine communication.
Continuous data extraction for analysis: Monitor both the security and efficiency of your processes in real time.
Early warning of deviations and abnormal behavior: Stay ahead of issues that can cause downtime, both from outages and cyber threats.

Segmentation is fundamentally different from IT network perimeter security. IT network security involves taking measures to prevent external threats from entering the network infiltrate, while at the same time users can freely browse the Internet and use a wide range of cloud services. However, OT segmentation focuses on control in both directions to compensate for the lack of access control in OT that exists in IT. OT segmentation uses a deny-by-default approach where every data flow is checked in both directions, since threats can come from multiple directions.

Image HMS Networks

Work with an OT Expert

No, OT is not just another form of IT. Implementing cybersecurity measures in industrial automation is undeniably complex and demanding work. It requires meticulous attention to detail and a deep understanding of the unique challenges that OT environments present. Partnering with an OT expert like HMS Networks is not just a good idea, it’s a smart investment. By tapping into their extensive experience and specialized knowledge, companies can save time and, more importantly, ensure that their cybersecurity strategy is effective. With HMS Networks’ products and support, companies can navigate the complexities of OT cybersecurity with confidence and peace of mind.

Thomas Vasen

Thomas Vasen is Business Development Manager Network Security at Anybus, a division of HMS Networks. With over 25 years of experience in operations and security within telecom, military and critical infrastructure, Thomas now focuses specifically on helping companies manage risk and secure uptime in their operational technology (OT) environments.

view profile