At this point of the digitization journey in which we are immersed, it is difficult to find a company that is not already involved in a project to automate its industrial processes to improve its efficiency and remain competitive. Although the pioneers in digitization were organizations focused on more service-oriented businesses, with prominent examples such as banking or ecommerce, in recent years the industry sector has been advancing positions very quickly.
In this respect, industrial organizations have initiated different digitalization projects, from process automation initiatives to remote control and access projects that provide real-time information on production and allow its real-time matching with demand or to attend immediately and remotely to any incident, aiming at avoiding interruptions that may have an impact on the business. In all of them, the need to connect environments that not long ago remained isolated and protected by physical barriers is a constant. In addition, it must be added that the requirements to support these use cases were not considered in its original conception.
It is precisely at this point that cybersecurity becomes especially relevant. Not in vain, this accelerated digitization trend in the manufacturing sector in particular has pushed this sector to the top in the ranking of most cyberattacked sectors. The urgency to digitize and automate the production processes without considering the relevant security requirements opens a window of opportunity that cybercriminals do not hesitate to take advantage of.
While it is true that new cybersecurity threats appear daily and end up in sophisticated attacks, most of the incidents take advantage of the easiest-to-exploit vulnerabilities, since cybercriminals also apply the rules of minimum effort and maximum return. As a result, those organizations that rush to start projects without assessing and managing cybersecurity risks are usually the easiest prey.
Therefore, it is essential to know the security posture of the specific plants where these technologies are deployed. Having an inventory of the assets, up-to-date knowledge of the network architecture and a clear vision of the main risks to which each plant is exposed is the first step. From this point, it is necessary to propose a cybersecurity master plan that allows mitigating the identified risks. This plan must identify and prioritize the solutions to be deployed, considering the specific needs of the organization and the return that is achieved, measured in risk mitigation terms. The usual suspects on this list include:
- The segregation of IT and OT networks, including the definition of a network segment through which to publish services that need to connect both worlds, commonly called the industrial DMZ.
- The segmentation of OT networks, to hinder lateral movements in case that a cybercriminal managed to reach one of the industrial networks.
- Centralized remote access to control who, when and what can access
- Security monitoring to keep our visibility of the industrial environment updated, detect potential incidents, and react quickly.
It is important to remark that these solutions are not based exclusively on deploying technologies. It is essential to internalize its use in the day-to-day of the organization, so it must be accompanied by the definition and implementation of processes that guarantee the correct use of the solution considering the human factor, that is, the training and awareness of employees and other users, as well as the usability of the solution.
By Vicente Segura / Head of OT & IoT Security at Telefónica Tech
Vicente Segura. I am a Telecommunications Engineer with more than 20 years of experience in Information Security. During my professional career I have been in different job positions (R&D, development, consultancy), although the last 5 years I have been focused on product management and business strategy, which are the areas I am more interested in.