According to IDC, global spending on the digital transformation (DX) of business practices, products and organizations is forecast to reach $2.8 trillion in 2025. In particular, the discrete and process manufacturing industries will account for nearly 30 percent of worldwide DX spending this year.
While modernizing plant floor operations will increase efficiencies and make way for new opportunities—including updating antiquated systems and connecting legacy silos of automation—the risks associated with new and vulnerable entry points and devices expose manufacturers to increasingly sophisticated cyber criminals that present harmful cybersecurity threats.
The impact of these attacks can be devastating, ranging from lost production to reputational harm and significant impact on the bottom line:
According to a 2021 Sophos study of 5,400 IT decision makers worldwide, 37 percent of surveyed organizations were attacked by ransomware the prior year. Fifty-four percent of those organizations said cybercriminals succeeded in encrypting their data. The average bill for rectifying an attack - with regard to downtime, resourcing, device and network cost, lost opportunity, ransom paid, etc. - was $1.85 million.
And according to the U.S. Department of Justice, one in seven cybercrimes are reported, meaning more than 85 percent of cybercrime is left hidden in an organization.
Shoring up cybersecurity is imperative to success and a critical first step in the digital transformation journey. Taking the time to assess current risks and new vulnerabilities will empower manufactures with the insight needed to build robust cybersecurity into their operations. To support this effort, the following provides a starter guide for conducting a cybersecurity plant floor health check to identify security risks, key network issues, and opportunities for improvement.
A Comprehensive Plant Floor Security Survey
Every unaccounted device creates a vulnerable point of entry to Operations Technology (OT) networks.
Dedicate time and resources to conduct a comprehensive security survey of your plant floor—Information Technology (IT) and OT included. Most importantly, include an asset inventory audit. Assessing and identifying all digital assets will highlight associated risks and vulnerabilities.
Use these findings to bring together and inform key stakeholders across engineering, IT, architecture, operations, and other important functional areas. Collectively, the team can then strategize optimal solutions that span all needs and create a cohesive cybersecurity program. This work will likely result in the need to select a continuous threat detection solution that provides constant vigilance against unwanted attacks and enables the assessment and prioritization of network security risks.
Segment and Monitor Control Networks
Secure appropriate architecture to handle the complexities of increased digital communication, and group digital assets into isolated Industrial Control System (ICS) zones.
According to the Cybersecurity & Infrastructure Security Agency, segmenting a network into zones is an effective technique for strengthening cybersecurity, as it creates individual subnetworks that provide additional layers of protection and control. Key steps include:
- Creating a high security zone for high value assets, with specific firewall access controls to protect assets in this zone.
- Establishing a Demilitarized Zone (DMZ) for work that must be completed within the high security zone, allowing only specific devices within the DMZ to connect to the network.
- Limiting data traffic to the IT network by permitting only certain users and devices to connect remotely to devices in this DMZ.
- On an ongoing basis, use a threat detection system to identify abnormal behaviors from industrial assets, run converged IT/OT threat investigations, and block attacks preemptively.
Enforce Policies and Train Employees
The likelihood of a cybersecurity breach is not a matter of if, but when. Define clear security policies to protect ICS zones and prevent the spread and impact of an attack.
Be sure to communicate and enforce these policies, and to prepare employees for a cybersecurity breach, including the recovery from the event. It is essential to create and thoroughly test an event or incident response playbook and protocols through regularly scheduled – as well as ad hoc or surprise – trainings and exercises in a safe learning environment to uncover vulnerabilities in the plan and refine accordingly.
It Won't Happen Overnight
A phased approach to cybersecurity—where each phase builds upon and creates a foundation for the next—can enhance security measures at a reasonable pace, mature security strategy to ease unexpected downtime, and demonstrate value to stakeholders who are actively involved in the digital transformation journey.
It is also important to focus on simplicity. Deploying IT/OT cybersecurity measures can quickly become complex, especially if the industrial network is spread across multiple sites or locations. For your cybersecurity initiative to be successful, make sure the plan allows you to scale at a reasonable rate across the organization.
In today’s operational environment, the digitization of the plant floor creates potential blind spots that increase security risks. Enhancing efficiencies by harnessing IoT requires the embedding of cybersecurity into your operations in the interest of preparedness and advertising crises. Moreover, if your organization is a Department of Defense (DoD) contractor, it is essential to evaluate whether you’re poised to meet the 2025 Cybersecurity Maturity Model Certification (CMMC) deadline, which can take up to two years to achieve. This is a requirement if those DoD contracts are to be retained. The guidance outlined here can help kickstart the process and set you up for success.
Scott Dowell is the Senior Vice President and General Manager, Industrial and CIG at Wesco.