Without forgetting the threats that have always seen them in their sights, today over half of the IT risks of OT/ICS incidents in Industry as in Utilities, they are linked to ransomware (source SANS 2021 OT/ICS Cybersecurity Survey).
What are the effective actions to mitigate the risks keeping the OT/IT interconnection and integration solutions effective?
- Let's start with people: awareness and training on what it means to protect systems, people, things/plants from IT risk. Without forgetting that it is not a "one-off" effort but requires a continuous updating program.
- Define the level of protection required for logical (cyber) and physical security. That is, how critical the production systems are for us, whether we can bear/deal with interruptions or drops in the quality/quantity of production or service delivery, whether and to what extent we must ensure operational continuity.
- What are the networks and systems to protect? A good starting point is the identification of the IT perimeter to be protected, where those defined logical and physical security objectives must be implemented and maintained. In practice, make a census/inventory of what is connected to the network and an assessment for cyber security purposes.
- Verify if networks and systems are “designed/engineered” to be defended. That is, if we have really correctly segmented and segregated critical areas and non-contiguous areas in general according to what is suggested by standards such as NIST Cybersecurity Framework, IEC62443, etc.
- Define who can use the systems and what level of access they can have. Establish and keep updated the list of Users authorized to use the systems and manage their access credentials, if any. Restrict administrative access within a domain, limit the number of domain administrators, separate network, server, workstation and database administrators with different login credentials.
- Have and keep up to date the "emergency plan". Develop, review, and execute cyber incident and response plans, including integrating cyber investigations into root-cause analysis for all critical events specific to OT (as well as IT) systems and networks
- Make and keep up-to-date Back-Ups. For restarting in a short time, the updated "images" of everything we have connected to the network are necessary: PC, Server, HMI, Switch, Router, Firewall, and also PLC, DCS, Robot, and any other programmable device with OT data
- Remote access and third party access. Ensure that remote connections of authorized users, those of third parties and OT/IT interactions are controlled, monitored and even possibly logged. In any case, adopt the “trust, but up to a point” mentality, so we always verify.
- Visibility into what is happening on the network and on OT systems. We adopt approaches and tools that allow for complete visibility and detection of threats in OT environments, in order to ensure that there are no gaps in monitoring and any "anomalies" on the network and systems are noticed before damage can occur and consequences.
As can be seen, a complete and multidisciplinary approach is required: there are not only technological aspects, but also organizational aspects related to people that can really make the difference between a small problem and a potential disaster.
ServiTecno will participate in the European Utility Week. A useful event for all operators in the sector, who will be able to "touch" the existing solutions in the field of automation and supervision as well as the new industrial technologies related to the concepts of Industrial Advanced Analytics, Machine Learning and Artificial Intelligence.
From November 30th to December 2nd you can find our stand at the RHO exhibition center (position B64 hall 8): click the banner below to register.
It will be a great opportunity to return to face-to-face activities and to show users of the technologies GE-Digital (and not only) the new releases of the Proficy family platforms.
Not only new features and functions regarding SCADA (iFix and Cimplicity) and Historian technologies, but a real revolution for the portfolio regarding Advanced Analytics, Machine Learning and Artificial Intelligence with Operations Hub solutions (the GE's universal client), Plant Apps (GE's MES), and CSense (machine learning and AI).