Page 32 - Cyber Defense eMagazine January 2024
P. 32

Driven by the cost to be insured or the ability to be insured at all, the cost of downtime because of attacks
            and the potential  lasting brand damage in the wake of attacks,  more and more discrete  manufacturers
            are taking a fresh or even first look at OT cybersecurity.



            What Can Be Done? What Must Be Taken into Account?

            OT attacks are often missed by traditional IT cybersecurity  tools, which fail to address risk vectors such
            as industrial control system (ICS) protocols, infected equipment getting installed into a production process
            or third parties entering a factory to perform maintenance.

            Discrete  manufacturers  require  OT-specific  endpoint  solutions.  The  endpoints  to  be  protected  in  a
            production  facility  tend  to  be  a  human  machine  interface  (HMI),  a  remote  terminal  unit  (RTU),  an
            engineering  workstation  (EWS)  or  supervisory  control  and  data  acquisition  (SCADA)  for  overseeing
            machines  and  processes  around  critical  and  time-sensitive  materials  or events.  IT cybersecurity  tools
            typically  are not  predicated  on  the  understanding  of  such  endpoints  and,  therefore,  fail to  sufficiently
            safeguard them.

            Because OT networks tend to be flat—all network elements connecting to and communicating with each
            other—OT  cybersecurity  demands  a  micro-segmentation  capability  so  that  attacks  are  isolated  and
            unaffected manufacturing lines are kept open and firing. Plus, the system must be able to recognize OT
            protocols from other traffic that doesn’t  belong on the OT network through  real-time inspection  and act
            intelligently and swiftly to avert or mitigate the damage of attacks.

            Insider  threat  is another  important  threat  vector  in OT  cybersecurity.  The individuals  that come  into a
            plant setting to perform maintenance can introduce malware in a non-malicious manner from a USB drive,
            for example. There have even been cases of brand-new equipment coming into a manufacturing  setting
            that's been pre-infected. Repurposed IT tools are not built to recognize or act on these threats.

            Finally, IT tools tend to be built to protect  confidentiality,  integrity and availability  of assets  and data in
            that order. OT cybersecurity demands the opposite approach. The individuals who run these plants are
            rewarded  for how many  widgets of a sufficient  quality  that their plants  produce. The  OT cybersecurity
            tools at their disposal must, consequently, emphasize availability over integrity and then confidentiality.



            Conclusion

            No company wants to be shut down because of a ransomware  attack, but nor can a company afford to
            implement a complex security solution that hinders operations and generates false positives resulting in
            unnecessary interruptions. This is the vexing challenge in which OT managers for discrete manufacturers
            find themselves with regard to cybersecurity.

            Simply extending IT security products and approaches into industrial settings, however, is insufficient for
            the  emerging  threat  landscape.  To  safeguard  assets,  revenues,  operations  and  revenues,  discrete
            manufacturers  require  cybersecurity  solutions  built from the  ground up  for the unique  requirements  of
            OT.




            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          32
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   27   28   29   30   31   32   33   34   35   36   37