Five best practices improve IT security of production facilities

In many cases, industrial plants are easy targets for hackers. Vulnerability management has been largely unknown in this environment, but above all, security awareness is also lacking. Companies therefore put themselves at the greatest risk of falling victim to cyber attacks, to which they are defenseless. Attackers specifically exploit this lack of awareness, as the Global Threat Intelligence Report 2018 revealed: In Germany, the manufacturing industry accounted for 36 percent of all cyber attacks. That is, by comparison, significantly more attacks than on other industries - a strong indication that a large proportion targeted production facilities.

With five coordinated steps, operators of production facilities can significantly increase safety, such as NTT Security emphasizes.

1. Perform tool-based inventory of components

A company's production environment often contains thousands of OT (Operational Technology) components such as actuators, engineering workstations, HMIs (Human Machine Interfaces), PLCs (Programmable Logic Controllers), sensors or server-based SCADA systems. The inventory provides transparency and creates the prerequisite for efficient safety measures. It provides answers to the questions: Which OT components are actually present in the production environment? Who communicates with whom via which protocol? Which communication connections to the outside world, for example to the manufacturer, exist? Which of these are not required or not authorized? Are there uncontrolled maintenance channels?

2. Locate security vulnerabilities of the OT components

The next step following the documentation of the existing OT infrastructure is to detect the existing vulnerabilities of the components - and to do so without disrupting the processes in the production network. Corresponding tools use real-time monitoring and analysis methods, detect deviations from expected behavior and point out security and process problems. This gives companies a good overview of the risk posed by the OT components in use.

3. Improve security with Smart Vulnerability Management

The starting point for vulnerability management is the inventory of existing OT components. This is supplemented by a risk assessment, since each plant and the entire production environment have an individual risk profile. Companies must determine the existing risk - ideally supported by an external OT security specialist - based on a classification and evaluation of the data and processes that require protection. All further measures within the framework of a comprehensive vulnerability management strategy are then based on this, as is structured planning of the next steps to increase OT security. In doing so, it is important not to be under the illusion that all components can now be patched. Compensatory measures are often the only solution for reducing risks.

4. Deploy endpoint protection software

The use of endpoint protection software on engineering workstations and SCADA servers is recommended as a quick and efficient measure. This allows the systems to be effectively protected against malware of all kinds and cyber attacks. The software monitors all actions running on the computers and prevents potentially dangerous situations. In addition, for example, it can also determine whether there are any abnormal events in the network traffic. Here too, of course, there is a dependency on the manufacturer of the SCADA solution. Often, only approved products can be used.

5. Integrate OT security into an enterprise-wide IT security strategy

Companies need to bridge the security gap between the production world and the traditional IT world, which has extensive experience in implementing IT security. Management is responsible for overall security in the company and can delegate implementation to a Chief Information Security Officer (CISO), for example. Although the technical responsibility for the classic IT and the production systems should continue to lie with the departments, the responsibility for implementing and complying with the holistic security strategy in the company must be centralized.

Manufacturers must also become active

"Companies are challenged to implement organizational and technical measures to significantly increase security in the production environment. This includes implementing and adhering to a holistic security strategy that encompasses the traditional IT and OT worlds," says Christian Koch of NTT Security. "Beyond that, however, manufacturers of components, sensors and machines must also take action. They need to progressively penetration test products already in use to detect vulnerabilities and proactively support customers in eliminating them. When developing new products, manufacturers must follow the security-by-design principle and involve security specialists and computer scientists in the project teams in addition to electrical engineers and engineers. This is the only way to sustainably increase the IT security of OT components in the long term."

Source: NTT Security