Keeping your plant floor secure in the IIoT era
April 8, 2017
By Rick Huijbregts Cisco Canada
Apr. 8, 2017 – The introduction of advanced technologies such as the Industrial Internet of Things (IIoT) to the plant floor has created new challenges for Operational Technology (OT) and Information Technology (IT) professionals.
What were once physical-only systems, managed and maintained by OT staff, are now connected by an IT network to an enterprise system. Securing these new cyber-physical systems should be a priority for manufacturers as they begin their digital transformation, but leaders often underestimate the importance of cybersecurity on the plant floor. It is believed the risk of attack is low, and thus securing cyber-physical systems can be overlooked.
For example, the 2017 Outlook report from PLANT (Manufacturing AUTOMATION’s sister magazine) revealed that 17 per cent of Canadian manufacturers have not taken any steps to defend against cyberattacks. In addition, when you consider that 78 per cent rated their concern of a cyberattack affecting them as ‘low’ or ‘medium,’ why would they? Clearly, the industry believes other organizations are more suitable targets.
The Cisco 2017 Annual Cybersecurity Report, released in January, showed that Canadian organizations rank second-to-last in security capability maturity. Nearly half (48 per cent) of our businesses have ‘low’ or ‘lower-middle’ maturity. Across all industries, our organizations are not nearly prepared to deal with dynamic cybersecurity threats.
Add to this the complexity of digitally securing a production facility or shop floor, and it is easy to understand why Canadian manufacturers want to believe cyberattacks are not a significant threat. But the truth is that, compared to other industries, manufacturers operate some of the most high-risk applications over their networks. Any threat to those applications must be addressed and mitigated. And for the record, manufacturers have been, and will continue to be, the target of cyberattacks. That will not change.
The good news for Canadian manufacturers is that securing their plant floor does not need to be complicated. In fact, when done right, keeping a plant secure in the IIoT era can be as simple as 1, 2, 3: prepare, assess, build.
It is important for manufacturers to develop a security framework that helps them align and prioritize business and security needs. The first step in building that framework is to ask specific questions about their physical and cybersecurity capabilities. For example, IT and OT leaders could ask the following:
• Have we outlined who has access to which machines and devices?
• Do we have centralized control of both OT and IT network security?
• Can our network quickly provision and securely adapt to new connections?
• Have we assessed, ranked and prioritized our most critical assets?
By understanding capabilities and potential gaps in security processes, technologies and practices, manufacturers can better understand what cybersecurity solutions they require.
Although there is no silver bullet to cybersecurity for manufacturers, there are trusted partners who can help. These partners can review the organization’s current infrastructure and make recommendations to help achieve its security goals. Many technology and cybersecurity vendors provide these reviews, often called security assessments. My advice is to evaluate the assessments offered by several vendors, then decide which has the right combination of security expertise, best-in-class products and industry knowledge for your organization.
It is vital that, prior to implementing a new cybersecurity solution, manufacturers work with their selected vendor to build a security strategy and plan. This plan should include both cybersecurity and technology elements — such as whether to leverage virtualization to back up important systems — as well as physical security processes and best practices. Most importantly, a plan provides a roadmap to follow to ensure projects have measureable goals, outline expected ROI and stay on time and budget.
For Canadian manufacturers who aren’t ready for the process above, there are other ways to keep their plant floor secure. I encourage all manufacturing leaders to take the following steps in their production facility to increase cybersecurity readiness:
• Ensure single-use computers are actually single-use,
• Change default passwords on IIoT-enables devices,
• Implement change control,
• Use secure protocols where possible, and
• Use manufacturers’ recommended secure settings.
When it comes to cybersecurity on the plant floor, doing nothing is no longer an option for Canadian manufacturers. The convergence of IT and operational networks through the IIoT has highlighted the risks of legacy control systems that were never designed with cybersecurity as a priority. Although stopping all attacks may not be possible, manufacturers can minimize both the risk and the impact of these threats by working with a trusted partner who can evaluate their current systems.
The IIoT is creating incredible business opportunities for manufacturers by decreasing downtime, increasing sustainability and providing real-time visibility across the plant floor. The right IIoT partner will ensure your network, and everything connected to it, is secure.
Rick Huijbregts is the vice president of digital transformation and innovation at Cisco Canada. He leads a team responsible for fuelling the digitization of customers across the country. He can be contacted at firstname.lastname@example.org.
This column originally appeared in the March/April 2017 issue of Manufacturing AUTOMATION.