In this last year I have met several people who have become infected and contracted Covid.
They were all convinced that they were scrupulous with social distancing, they always used the mask, they didn't see "suspicious" friends and relatives, they sanitized their hands continuously: they thought they were protected, but in the end they weren't completely.
It could be the same for your manufacturing or industrial control systems: they are protected because they are “disconnected”, they have no internet connection. Unfortunately, this is not quite the case: even one occasion of exposure is enough to catch the infection.
Then one wonders: how could this have happened? What can these “hidden vectors” be that have exposed us to risk and allowed this to happen.
Wired Network Sharing: Does your control system ever share a switch with another network? This is sometimes done for convenience, to save on the cost of buying another switch, or just to make the IT department's job easier, or by sharing a VLAN (perhaps without realizing they're breaking the disconnect). Sharing factory switches with other networks can put you at risk of disconnection.
Any time you connect a device to a USB port anywhere on the disconnected network, you risk breaking the disconnect.
If any USB port is open, anywhere on the control systems and factory network, plugging in a device, even just to charge it, is violating the boundary: you are no longer logged out. An operator connects his smartphone to a USB port to charge it … the use of a peripheral, can put the disconnection at risk.
Are there devices using wireless within the factory network? In that case, unless access is managed in a super controlled way, wireless can where disconnection is always at risk. Sometimes devices are added to a network (even if only temporarily) and have wireless enabled. Have you ever connected a laptop to work on the disconnected network and have wireless enabled on the laptop? Printers sometimes have the wireless connection open. Bottom line: using wireless can put you at risk of disconnection.
Even if you connect a PC that isn't always regularly connected to your wired or wireless network, it could be a risk: after all, how are you going to get patches, software updates, or a new configuration if your network is disconnected? Connecting external devices such as laptops to the disconnected network can put the disconnect at risk.
It has not been uncommon, especially during the pandemic, to have methods of remote access to control systems or factory networks in place. Awareness of the existence of these connections must be maintained and strictly controlled: devices must be connected only when necessary and connections strictly monitored. In any case, these remote access techniques represent a break in the "disconnected" paradigm.
Ultimately, however, sometimes what is meant by "disconnected" is actually "not connected". Factory networks and control automation systems can also be designed to have a single access point, protected by a firewall with strict rules for incoming traffic. But being connected even only with a firewall (possibly designed for industrial use), even if strictly controlled, is not "being disconnected". So let's pay attention to the firewall entry and exit rules, especially if you use an "old" and unevolved firewall: if you block only incoming requests and not also outgoing ones, it is possible that internal connections are made to e- mail or to websites where it is possible to “catch” malware and infect our “disconnected” factory network.
This does not mean that it is necessary to find and isolate/block all these possible vectors, if they are "really" necessary for updates and remote connections for operators and maintainers. Just be aware of the fact that these connections exist and take the risks into consideration as a result: having devices designed for the OT world, configured correctly and monitored with adequate "anomaly detection" systems. But above all, let's commit ourselves to explaining the basic rules of cyber "hygiene" to our people and teach them to always be careful in putting them into practice.
Sure, you can always argue that "it won't happen to me," but at least don't believe the myth that you're not connected.