Top 4 Things You Need to Conquer Cyber Security PostedFriday, January 24,2020 at 5:28 PM Photo by vipul uthaiah on Unsplash While cyberattacks in the retail, financial services and healthcare sectors continue to generate headlines, manufacturing has managed to stay out of the spotlight a bit more. But times, they are a-changing. (Thanks IT/OT convergence!) Findings in Vectra’s 2018 Spotlight Report on Manufacturing revealed that attackers who evade perimeter security can easily spy, spread and steal, unhindered by insufficient internal access controls. (Full disclosure: Vectra sells a platform that uses AI to automate cyberattack detection.) Intellectual property theft and business disruption are primary reasons why manufacturers have become prime targets for cybercriminals, according to the report. "Recent reports about nation-state cyberattacks against U.S. utility control systems show that cybercriminals are intent on surreptitiously taking inventory of critical industrial assets and intellectual property to disrupt manufacturing business operations," says Vikrant Gandhi, industry director at the analyst firm Frost and Sullivan. Additional Key Findings Other key findings in the Spotlight Report on Manufacturing include: A much higher volume of malicious internal behaviors, which is a strong indicator that attackers are already inside the network. An unusually high volume of reconnaissance behaviors, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets. An abnormally high level of lateral movement, which is a strong indicator that the attack is proliferating inside the network. "The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit," warns Chris Morales, head of security analytics at Vectra. Houston, We Have a Problem So, what the hack [sorry] does that mean for SIs? To find out, I booked Rick Kaun, VP of solutions for Verve Industrial Protection, for the Talking Industrial Automation podcast for a quick brain dump. Among other advice, here are his top 4 tips for proactive companies looking to step up to the challenge and create a cyber security program. 1. Make a centralized team. To the surprise of no one, there is a talent shortage. That means companies have to get creative, says Kaun. “One of the biggest challenges in this space is that there are not enough people,” says Kaun. “Now, try to find people who have a combination of IT and OT experience or at least know IT security but have a healthy respect for the operational environment or vice versa, it’s a very short list,” says Kaun. “So, you need to be creative, and that can often mean creating a centralized team to be able to scale across multiple sites and provide a cohesive and agile solution.” 2. Make a list. Duh, okay, so this may seem obvious, but the first thing you need to do, according to Kaun, is compile a comprehensive inventory. “Inventory is key, because inventory drives all your other decisions,” explains Kaun. “Not all assets are equal, so we need to know what asset are where and what’s critical because we can’t do full protection on everything, everywhere.” 3. Make a program plan. Wouldn’t it be nice if you could just go to the cyber security store and grab a shiny new package off the shelf and then put up your feet and enjoy a beer while you watch the game? Yeah, well, the cold hard reality is that there are no one-size-fits-all solutions – and definitely no silver bullets, says Kaun. That means you have to roll up your sleeves and think big picture. “If you don’t have a plan,” he warns, “you’ll run out and pull the trigger on a bunch of siloed solutions and create a punch list of accomplishments, but none of it necessarily comes together to provide comprehensive coverage. … Security is a program, not a project and it needs to be rolled out in a series of multiple phases.” 4. Make a maintenance plan. I bet you knew this one was coming: Cyber security is not one-and-done. Even after you have a plan and get it all implemented and sorted, you need to stay on top of it and have the people and processes in place to ensure someone has their hands on the wheel. “Spending all the effort on the program and then having the project team high-five and go home leaving the day-to-day people – who haven’t had the training or the support or the bandwidth to keep it up is an incredible waste of time and money,” explains Kaun. To learn more about cybersecurity, including the standards and events to get up to speed, listen to Episode 24 of the Talking Industrial Automation podcast. Note: This blog post originally appeared in the November/December issue of InTech Magazine.