4 Strategies for Bolstering Industrial Cybersecurity

As reliance on technology deepens, so does our vulnerability.

Hacking Alarm

In 2022, there was a 2,000 percent increase in cybersecurity attacks targeting commonly used protocols, enabling threat actors to disrupt operational technology (OT) operations. Critical infrastructure environments rely heavily on OT and industrial control systems (ICS) to manage and control the vast network of power plants, grids and distribution systems.

These systems have introduced unprecedented efficiency and productivity. As reliance on technology deepens, so does our vulnerability. And while cyber threats have evolved across various sectors, the energy industry has become the most targeted industry, reporting three times as many attacks as any other sector.

The Evolution of Cybersecurity Threats

Digital transformation has helped enterprises in every industry become more efficient, accurate and innovative. However, the increasing number of systems, networks and devices being connected in OT and ICS environments, coupled with the legacy equipment housed in industrial environments, leaves organizations exposed to new vulnerabilities. In 2022, the number of U.S.-based threat actors attacking industrial organizations grew by 35 percent.

The Colonial Pipeline attack proved how severe attacks on critical infrastructure can be. As a result of the DarkSide ransomware group stealing a single password, 45 percent of pipeline operators were impacted, 17 states declared a state of emergency and we witnessed oil supply shortages throughout the country.

Similar to the Colonial Pipeline attack, more than 80 percent of cybersecurity attacks started with compromising IT systems. IT attacks typically begin with network discovery helping attackers learn where assets are and how to get to them. With OT attacks, threat actors are looking to disrupt industrial operations. Attackers can manipulate what operators see and, in many cases, take control of specific processes by using tools and exploiting remote services and application layer protocols.

With cybersecurity attacks growing more frequent and more sophisticated, critical infrastructure companies must prioritize safety and reliability. This can be realized by implementing a strong, modern OT/ICS security program.

The Three Phases of Cyber Defense: Before, During, After

The return on investment of effective cybersecurity is avoiding the risks of downtime and damage from a breach. By implementing comprehensive cybersecurity policies, companies can help protect valuable assets before, during and after an event or attempted event may take place.

Phase 1: The first step to develop a strong cybersecurity program is determining where the vulnerabilities lie in the organization’s systems and networks. This helps organizations prioritize vulnerabilities based on the severity and potential impact on critical processes. To get stared strengthening OT cybersecurity, organizations should:

  • Identify all assets that need to be protected and gather all associated vulnerabilities and criticality associated with those assets.
  • Prioritize the assets and calculate a “risk score” that can be used continuously monitored during the life cycle of the cyber program.
  • Secure remote access, through stronger passwords and multi-factor authentication.
  • Segment IT and OT to make the most of firewall configurations that will help you keep IT attacks from bleeding into OT environments.
  • Continuously train your internal staff to keep up with the latest phishing scams and how to avoid them.

Phase 2: Cybersecurity assessments aren’t a one-time deal - continuous monitoring is vital to maintain protection. The threat landscape is constantly evolving, with new vulnerabilities and attacks emerging all the time. This means that organizations need to continuously monitor their networks and systems for threats. By implementing continuous monitoring tools, enterprises can detect and respond to security incidents in real time. 

Phase 3: With backup and disaster recovery plans in place for applications and data, organizations can systematically respond to unusual events. When clear policies and procedures are in place to handle cybersecurity incidents effectively, normal operations can resume quickly after an event. 

Using modern OT incident response techniques and adopting proactive security measures will enhance the safeguarding of critical systems and services. Efficient and well-coordinated OT incident response capabilities are essential for bolstering an enterprise's ability to withstand growing threats. Furthermore, this approach helps enterprises meet cybersecurity incident reporting regulatory requirements. 

Looking Ahead to Evolving Regulatory Requirements

Since 2019, major companies have paid regulators an estimated $4.4 billion in fines, penalties and settlements due to cybersecurity incidents - showing the severity of security compliance infractions. To help mitigate risks and reverse the chronic under-reporting of cybercrimes, governments around the globe are compelling public and private sector entities to disclose cybersecurity incidents, data theft and ransom payments.

U.S. companies operating in critical infrastructure sectors must now report breaches, under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), directing organizations in critical infrastructure sectors to disclose significant cyber incidents that impact their operations within a specified time frame. It also provides legal protections for organizations that report on incidents and ransom payments. Additional regulations include Biden’s AI Executive Order that develops standards, tools and tests to help confirm that AI systems are safe, secure and trustworthy.

Globally, the United Nations is discussing the considerations of an international treaty focused on individual data protection and cyber resilience.

Organizations that put safeguards in place throughout the cybersecurity incident response journey will find it simpler to meet compliance requirements. These requirements are often built on principles from the NIST Cybersecurity Framework and current security approaches. Actions like keeping track of assets, ongoing threat monitoring, securing networks and having plans for responding to incidents all follow the NIST Cybersecurity Framework. This framework can be used to generate information suitable for reporting compliance.

Fortify or Fall

About 60 percent of cybersecurity incidents relating to OT/ICS networks result in operational disruption. To help prevent disruption, addressing cyberthreats must be more than fixing vulnerabilities, it demands a proactive commitment to strengthening defenses against evolving challenges. NIST's "identify, protect, detect, respond, recover" framework provides a guide for modern cybersecurity practices in ICS/OT, bolstering critical infrastructure resilience.

By taking these proactive steps, enterprises of all sizes can mitigate the impact of cyber threats and help ensure the security and resilience of their OT systems. This strategic approach not only safeguards against potential disruptions, but lays the foundation for a robust and adaptive cybersecurity posture in an ever-evolving digital landscape.

Kamil Karmali serves as the Senior Global Manager for Cybersecurity Consulting Services at Rockwell Automation.

More in Advanced Mfg