by Madison Technologies
When we meet with industrial customers, we often hear some version of the following: “We’re digitising to improve our industrial processes, increase productivity and grow customer satisfaction, but now we’re worried about malware interrupting operations. What can we do?”
News headlines have erased any doubts about the need for industrial network cybersecurity, but trying to secure the industrial network in one go is like boiling the ocean. It’s better to view it as a journey – at each step, you’ll make incremental changes to people, process, and technology.
The first step consists of using firewalls to prevent traffic from the IT network reaching the industrial network. You can block malware from entering and exiting the industrial network, which would infect the enterprise network.
However, if an industrial device is exposed to malicious software, you don’t have any way to contain it and the malware might spread to your entire industrial network.
This minimal security is what most industrial organisations have implemented and it is a mandatory first step. But as attacks become more sophisticated, and as industrial infrastructure is increasingly connected to enterprise and cloud applications, a few simple additional measures must be implemented.
The second step aims at deploying foundational security architecture with a mission to detect, protect, and respond:
- Identify all your industrial assets, known vulnerabilities of those assets and their communication flows. Cisco Cyber Vision provides the visibility for IT and OT teams to work on segmenting the industrial network
- Isolate industrial network segments, detect threats and prevent them from spreading by deploying firewalls that have been specifically designed for industrial environments such as the Cisco Secure ISA3000
- Create containment zones for malware to prevent it from spreading across zones; this requires detection rules and flow control policies, which can be managed consistently with Cisco Firepower Management Center for all deployed ISA3000
- Investigate and remediate threats with Cisco SecureX – when you build the security policy, the OT team specifies the right response Foundational security also requires changes to processes.
OT security is treated like a maintenance process included in planned maintenance schedules, for example, “Check if firmware needs updates because of a vulnerability.” At this stage there is a need to develop workflows between security operations and manufacturing operations.
From foundational to full spectrum security
Implementing foundational security will bring IT and OT teams together, giving them visibility into the reality of the company’s security posture and helping them understand each other’s constraints.
The architecture is simple enough for the OT security project to succeed. Yet, it will dramatically improve industrial security. This foundation paves the way for full-spectrum security where the broader suite of tools used to protect the enterprise network is also used to enhance industrial security.
This sponsored editorial is brought to you by Madison Technologies. For more information, visit www.madison.tech/cisco.