The Cyber Defense eMagazine January Edition for 2024

Driven by the cost to be insured or the ability to be insured at all, the cost of downtime because of attacks
and the potential lasting brand damage in the wake of attacks, more and more discrete manufacturers
are taking a fresh or even first look at OT cybersecurity.
What Can Be Done? What Must Be Taken into Account?
OT attacks are often missed by traditional IT cybersecurity tools, which fail to address risk vectors such
as industrial control system (ICS) protocols, infected equipment getting installed into a production process
or third parties entering a factory to perform maintenance.
Discrete manufacturers require OT-specific endpoint solutions. The endpoints to be protected in a
production facility tend to be a human machine interface (HMI), a remote terminal unit (RTU), an
engineering workstation (EWS) or supervisory control and data acquisition (SCADA) for overseeing
machines and processes around critical and time-sensitive materials or events. IT cybersecurity tools
typically are not predicated on the understanding of such endpoints and, therefore, fail to sufficiently
safeguard them.
Because OT networks tend to be flat—all network elements connecting to and communicating with each
other—OT cybersecurity demands a micro-segmentation capability so that attacks are isolated and
unaffected manufacturing lines are kept open and firing. Plus, the system must be able to recognize OT
protocols from other traffic that doesn’t belong on the OT network through real-time inspection and act
intelligently and swiftly to avert or mitigate the damage of attacks.
Insider threat is another important threat vector in OT cybersecurity. The individuals that come into a
plant setting to perform maintenance can introduce malware in a non-malicious manner from a USB drive,
for example. There have even been cases of brand-new equipment coming into a manufacturing setting
that's been pre-infected. Repurposed IT tools are not built to recognize or act on these threats.
Finally, IT tools tend to be built to protect confidentiality, integrity and availability of assets and data in
that order. OT cybersecurity demands the opposite approach. The individuals who run these plants are
rewarded for how many widgets of a sufficient quality that their plants produce. The OT cybersecurity
tools at their disposal must, consequently, emphasize availability over integrity and then confidentiality.
Conclusion
No company wants to be shut down because of a ransomware attack, but nor can a company afford to
implement a complex security solution that hinders operations and generates false positives resulting in
unnecessary interruptions. This is the vexing challenge in which OT managers for discrete manufacturers
find themselves with regard to cybersecurity.
Simply extending IT security products and approaches into industrial settings, however, is insufficient for
the emerging threat landscape. To safeguard assets, revenues, operations and revenues, discrete
manufacturers require cybersecurity solutions built from the ground up for the unique requirements of
OT.
Cyber Defense eMagazine – January 2024 Edition 32
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.