As more and more devices are networked and logically connected, a greater need for a sound cyber security policy and system come into play. Whether it is external hackers working to bring your system down or accidental internal damage that is often time collateral from an external attack, the need for cyber security continues to grow.
These needs vary from IT to OT networks. With IT networks, existing trusted policy and protocol is normally already in place. Downtime with an IT network is not normally as critical as it is with an OT network. In an OT network, new policy and best practice is being developed and updated daily as new devices come along. Additionally, a few minutes of downtime in an OT network can cost the organization immense amounts of money and resource due to lost manufacturing capacity.
While these networks need to work seamlessly with one another, there also must be a demilitarized zone where attacks such as ransomware are isolated from migrating out into the OT network and potentially bringing production down. It is key for OT network managers to disseminate best practice cyber security policy throughout the OT network floor – This is commonly a weak point in industrial network cyber security.
Often cyber security can be difficult to get funding approved as it is virtually impossible to map ROI with these investments. In order to enhance our cyber security position as we progress into a more connected world, IT and process control professionals are learning to work together to a greater extent in order to bridge the security gaps in industrial networks. A solid, organization-wide understanding and proactive implementation of cyber security policy is key to your systems integrity as network intrusion may be occurring for 6+ months until the breach is detected!
Once a compromise has been detected and isolated, the mitigation process should be based on a sound, defined response policy. These instances are often crimes and should be reported as such. The FBI has a team that works with NIST to mitigate industrial cyber-attacks. Ideally, once detected the compromised segment will be isolated, system backups and restoration applied and finally patching the path of intrusion. A proactive approach to industrial cyber security is critical to maintaining the integrity of your networked systems and devices.