PR91302

SINGAPORE, Aug.25,2021/PRNewswire=KYODO JBN/--

Sabyasachi Goswami, Commercial Leader, Commercial Services, APAC shares his

thoughts on what industrial players need to stay cybersecure in the age of

cyberattacks. Rockwell Automation

Inc.(https://www.rockwellautomation.com/en-id.html)(NYSE: ROK), is a global

leader in industrial automation and digital transformation. The following

opinions are his own, and do not necessarily reflect those of Rockwell

Automation as a whole.

The pandemic has exposed the vulnerabilities of the global manufacturing and

supply-chain processes long hidden beneath the surface. Cybersecurity has been

a decades-long "grey rhino" in the wings of this "black swan" event. Last year,

a Tokopedia data breach jeopardised more than 15 million user accounts, and

cybercrime accounted for 43 percent of all crime in Singapore.

Interconnectivity in a digital landscape may bring greater agility and

convenience to manufacturers but the same benefits apply to malevolent players

which are now no longer encumbered by geography.

Much like multi-layered anti-COVID measures, from defense(face masks and hand

sanitisers) to prevention(lockdowns), rapid detection(PCR kits), and a cure

(vaccines and antiviral drugs), corporations need to apply the same robust

approach to protecting critical infrastructure.

Convergence of IT and OT

Increased interconnectivity also extends to hackers. Companies need to

understand that there is no "air gap" between Information Technology(IT) and

Operational Technology(OT) - the technology directly monitoring and or

controlling industrial equipment, assets, and processes. These are not separate

entities but two halves of a whole enterprise.

While many have taken measures to secure IT, their OT systems remain

under-protected, becoming a convenient "backdoor" for hackers. Ransomware

incidents have become increasingly frequent in manufacturing. Ransomware

attackers can penetrate a chink in the armour within minutes and spend months

"dormant." They silently infiltrate the entire network and stay undetected for

months while gathering data and critical information before striking.

A recurring issue in OT security is legacy infrastructure, built decades before

high-speed internet was commonplace. This means older machinery and computer

systems are a worrying blind spot to IT and security operations teams and can

also result in exposure. For example, a factory's central conveyor belt might

still run on an outdated edition of Windows XP no longer supported by its

developer, nor compatible with the latest updates and protections.

There is a lot of complexity in the OT layer for manufacturers to address,

alongside balancing the costs to modernise. This process is often deprioritised

and delayed. Modernisation takes time and requires multi-year transformation.

But by making these changes now, organisations can immediately adopt best

practices to build a holistically secure IT/OT network environment to

neutralise potential threats.

The myth of the panacea

Similar to how we have managed to bring disease outbreaks such as polio and

smallpox under control, a multi-layered defence strategy is needed to detect

and deter malicious players. Organisations should start with a holistic

enterprise-wide security assessment that includes:

1.An inventory of authorised and unauthorised devices and software

2.Detailed observation and documentation of system performance

3.Identification of tolerance thresholds and risk and vulnerability indications

4.Prioritisation of each vulnerability based on impact and exploitation

potential

5.Mitigation techniques required to bring an operation to an acceptable risk

state

To develop a robust safety net, organisations must account for software,

networks, control systems, site-infrastructure nuances, policies, procedures,

and even employee behaviours. Rockwell Automation has defined five core

security principals in place:

1.Secure network infrastructure - A resilient industrial network security

system limits access to authorised individuals and protects data against

manipulation or theft. With telecommuting becoming the norm, security systems

must account for the remote connectivity of people, processes, and information.

Networks used in large-scale industrial applications can harness cloud

technology, data analytics, and mobility tools to optimise systems monitoring.

2.Authentication and policy management - Often overlooked when developing

safety controls around user authentication is the need to minimize potential

exposure to threats from internal resources. Management user accounts should be

integrated with a means of centralised control. Scalable solutions should also

be planned to allow for flexible workflows around disconnected environments,

guest user access, and temporary privilege escalation before the necessity

arises.

3.Content protection - Automation equipment such as controllers often contain

sensitive information. Smart industrial systems require a common, secure

environment to protect an organisation's intellectual property while

maintaining productivity and quality.

4.Tamper detection - Unwanted activity and modifications within operational

systems can be quashed through speedy detection, recording, and a strong

coordinated response. Measures to deter and address potential threats should

include a means to centrally record and track all user actions, regular backups

of operating asset configurations and electronic files, as well as a meticulous

inventory of all devices on a plant floor.

5.Robustness - Plant machinery, operation systems and data storage units can be

brought together under a single-system architecture that allows for centralised

monitoring and reporting. By leveraging Converged Plantwide Ethernet(CPwE),

multinational corporations can achieve greater flexibility, visibility, and

efficiency required to remain competitive while retaining full control over

their digital assets.

Prevention is always better than cure

Placing equal importance on cybersecurity advancements is essential to

future-proofing an organisation. Investing in IT alone can capture short-term

growth prospects but leave these gains vulnerable to an overnight cyberattack.

Much like how vaccines are crucial to herd immunity, a modern enterprise is

only as strong as its weakest link. The best defence is a good offence, via a

comprehensive network security system.

SOURCE:Rockwell Automation