Addressing Industrial Cyber Risks with Automation

Addressing Industrial Cyber Risks with Automation
Addressing Industrial Cyber Risks with Automation

The manufacturing industry is no stranger to change. However, the rapid adoption of digital transformation initiatives, such as the Industrial Internet of Things (IIoT) and IT/OT convergence have given way to a widely expanding attack surface.

Adapting to industrial cyber risks has not been easy because a traditional way of thinking permeates across the manufacturing industry. Traditional approaches no longer suffice. The pursuit of a new path is required–one that automates cyber risk management just as easily as it automates its industrial control systems.
Manufacturers are at varying mile markers on their respective automation journeys. Meanwhile, security teams continue to be pulled in a million different directions, so it should be apparent why automation must be viewed as a critical initiative. Let’s take a deeper look to understand how automation can benefit manufacturers in today’s cyber threat environment.

Advantages of automation

The manufacturing industry should already be familiar with the cost-saving and operational benefits of automation on their factory floor, which has enabled them to reinvest into new digital transformation initiatives to grow their business. However, the increased risk of this new digital terrain requires more security personnel yet there isn’t enough staff to support it. Therefore, it is only logical to extend automation to cyber risk.
The most obvious benefits of automating cyber risk include discovering and categorizing which devices are connected to the network and how they behave, vulnerability analysis, response and remediation of threats and policy enforcement. All of these benefits save valuable time, and they provide greater visibility into risks, ensuring that no threats are left lurking in the shadows.
For example, an OT device may be running a vulnerable operating system, which historically would require the manual review of spreadsheets (assuming it had been appropriately recorded in the first place). Thanks to automation, that vulnerable device would be discovered automatically, and it could be isolated from the network until it is patched.
Automation is needed across the board to help organizations get up to speed and stay ahead of their adversaries. The journey to achieve automation, however, looks very different between modern and legacy manufacturers.

Modern vs. legacy: Two different automation journeys

The advantages of automation are widespread and can be leveraged through device lifecycles. However, the realization of these advantages can be difficult to put into practice because of a variety of technical and organizational challenges.
Modern manufacturers tend to be much farther along in their automation journeys compared to legacy firms because they are already operating with newer technology. The more modern a firm’s systems and processes, the easier it is to implement automation tools and practices because they don’t have to worry about retro-fitting legacy systems.
The automation journey for legacy manufacturing organizations is often stalled, or even delayed, due to overlapping technical challenges, the pressure to keep all vital operations running and the slow burn of launching any major initiative—in this case, needing to modernize cybersecurity for older systems in order to adapt to newer threats. Many legacy manufacturers are trying to combine OT/IT/IoT networks but struggle with their feasibility. In addition to the challenge of OT/IT/IoT convergence, many find it difficult to trust new technologies, such as cloud, for fear of disrupting operations. The fact that most of these firms still operate on legacy systems complicates automation even further. Yet, this challenge underscores the value of automation that much more since visibility is an essential prerequisite for any modernization project.
Whether your firm is modern or legacy, securing manufacturing systems is an endurance race rather than a sprint to the finish line. Yes, efficiency is key to getting ahead of adversaries, but organizations must balance any push to automate with the right processes so as not to overlook unaddressed issues or sacrifice the quality of implementation.

Two different automation journeys, but similar best practices

Although modern and legacy manufacturers may be at different stages in their automation journeys, there are steps that both can take to make notable progress. To prepare for automation, both manufacturer types should focus on modernizing their networks with OT/IT/IoT convergence.  For example, automation can be applied to OT/IT/IoT convergence to provide the visibility needed (i.e., network mapping) to implement network segmentation policies.
Automated visibility allows organizations to detect, classify and analyze devices as soon as they go online and to continuously monitor them as they stay connected. This is the baseline step in the automation journey, and further phases that build on this foundation, monitoring and remediating risks, can be adopted later when the company is ready.
The recommendation to start or progress on any phase of the automation journey will depend on the knowledge of all connected assets. There are multiple ways to collect this information, and a risk assessment into operational and security risk would help prioritize where to start.

An unbiased and more advanced threat landscape

The manufacturing industry is not alone. Practically every industry needs to evolve its approach to cybersecurity. Threats originate not only outside the network but within it as well with adversaries using more and more sophisticated tricks and tools at every turn. Current and future geopolitical developments will challenge many companies as they adapt to evolving cyber climates and threats.
Companies can protect themselves only to the extent that they know exactly what it is they need to protect. Ensuring full visibility of all devices and being able to understand the “what,” “where,” “why,” “when” and “how” of their behavior will help security teams stay aware of their environments and be better prepared to handle new threats as they arise. Introducing automation into the discovery, classification and assessment process will help companies new and old be able to protect themselves in the stage they are in now, from attacks that won’t wait for anyone to catch up.
To learn more about how companies can introduce automation into their environments to improve their cybersecurity, click here.

About The Author

As principal engineer for Forescout, Eduard Serkowitsch is responsible for advising clients with complex requirements how to optimally deploy, integrate, operationalize and run Forescout’s solutions. Eddie has a Degree in Mechanical Engineering, a Masters in Astrophysics and is a Fellow in several Security and Linux societies.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..