Rockwell Automation: We cannot allow cyberattacks to be the new normal
PR91302
SINGAPORE, Aug.25,2021/PRNewswire=KYODO JBN/--
Sabyasachi Goswami, Commercial Leader, Commercial Services, APAC shares his
thoughts on what industrial players need to stay cybersecure in the age of
cyberattacks. Rockwell Automation
Inc.(https://www.rockwellautomation.com/en-id.html)(NYSE: ROK), is a global
leader in industrial automation and digital transformation. The following
opinions are his own, and do not necessarily reflect those of Rockwell
Automation as a whole.
The pandemic has exposed the vulnerabilities of the global manufacturing and
supply-chain processes long hidden beneath the surface. Cybersecurity has been
a decades-long "grey rhino" in the wings of this "black swan" event. Last year,
a Tokopedia data breach jeopardised more than 15 million user accounts, and
cybercrime accounted for 43 percent of all crime in Singapore.
Interconnectivity in a digital landscape may bring greater agility and
convenience to manufacturers but the same benefits apply to malevolent players
which are now no longer encumbered by geography.
Much like multi-layered anti-COVID measures, from defense(face masks and hand
sanitisers) to prevention(lockdowns), rapid detection(PCR kits), and a cure
(vaccines and antiviral drugs), corporations need to apply the same robust
approach to protecting critical infrastructure.
Convergence of IT and OT
Increased interconnectivity also extends to hackers. Companies need to
understand that there is no "air gap" between Information Technology(IT) and
Operational Technology(OT) - the technology directly monitoring and or
controlling industrial equipment, assets, and processes. These are not separate
entities but two halves of a whole enterprise.
While many have taken measures to secure IT, their OT systems remain
under-protected, becoming a convenient "backdoor" for hackers. Ransomware
incidents have become increasingly frequent in manufacturing. Ransomware
attackers can penetrate a chink in the armour within minutes and spend months
"dormant." They silently infiltrate the entire network and stay undetected for
months while gathering data and critical information before striking.
A recurring issue in OT security is legacy infrastructure, built decades before
high-speed internet was commonplace. This means older machinery and computer
systems are a worrying blind spot to IT and security operations teams and can
also result in exposure. For example, a factory's central conveyor belt might
still run on an outdated edition of Windows XP no longer supported by its
developer, nor compatible with the latest updates and protections.
There is a lot of complexity in the OT layer for manufacturers to address,
alongside balancing the costs to modernise. This process is often deprioritised
and delayed. Modernisation takes time and requires multi-year transformation.
But by making these changes now, organisations can immediately adopt best
practices to build a holistically secure IT/OT network environment to
neutralise potential threats.
The myth of the panacea
Similar to how we have managed to bring disease outbreaks such as polio and
smallpox under control, a multi-layered defence strategy is needed to detect
and deter malicious players. Organisations should start with a holistic
enterprise-wide security assessment that includes:
1.An inventory of authorised and unauthorised devices and software
2.Detailed observation and documentation of system performance
3.Identification of tolerance thresholds and risk and vulnerability indications
4.Prioritisation of each vulnerability based on impact and exploitation
potential
5.Mitigation techniques required to bring an operation to an acceptable risk
state
To develop a robust safety net, organisations must account for software,
networks, control systems, site-infrastructure nuances, policies, procedures,
and even employee behaviours. Rockwell Automation has defined five core
security principals in place:
1.Secure network infrastructure - A resilient industrial network security
system limits access to authorised individuals and protects data against
manipulation or theft. With telecommuting becoming the norm, security systems
must account for the remote connectivity of people, processes, and information.
Networks used in large-scale industrial applications can harness cloud
technology, data analytics, and mobility tools to optimise systems monitoring.
2.Authentication and policy management - Often overlooked when developing
safety controls around user authentication is the need to minimize potential
exposure to threats from internal resources. Management user accounts should be
integrated with a means of centralised control. Scalable solutions should also
be planned to allow for flexible workflows around disconnected environments,
guest user access, and temporary privilege escalation before the necessity
arises.
3.Content protection - Automation equipment such as controllers often contain
sensitive information. Smart industrial systems require a common, secure
environment to protect an organisation's intellectual property while
maintaining productivity and quality.
4.Tamper detection - Unwanted activity and modifications within operational
systems can be quashed through speedy detection, recording, and a strong
coordinated response. Measures to deter and address potential threats should
include a means to centrally record and track all user actions, regular backups
of operating asset configurations and electronic files, as well as a meticulous
inventory of all devices on a plant floor.
5.Robustness - Plant machinery, operation systems and data storage units can be
brought together under a single-system architecture that allows for centralised
monitoring and reporting. By leveraging Converged Plantwide Ethernet(CPwE),
multinational corporations can achieve greater flexibility, visibility, and
efficiency required to remain competitive while retaining full control over
their digital assets.
Prevention is always better than cure
Placing equal importance on cybersecurity advancements is essential to
future-proofing an organisation. Investing in IT alone can capture short-term
growth prospects but leave these gains vulnerable to an overnight cyberattack.
Much like how vaccines are crucial to herd immunity, a modern enterprise is
only as strong as its weakest link. The best defence is a good offence, via a
comprehensive network security system.
SOURCE:Rockwell Automation
本プレスリリースは発表元が入力した原稿をそのまま掲載しております。また、プレスリリースへのお問い合わせは発表元に直接お願いいたします。
このプレスリリースには、報道機関向けの情報があります。
プレス会員登録を行うと、広報担当者の連絡先や、イベント・記者会見の情報など、報道機関だけに公開する情報が閲覧できるようになります。