Three Perspectives to Keep Your Cybersecurity Journey on the Right Track
Over the past two years, we have all witnessed how COVID-19 has reshaped our working models and accelerated the need for remote operations. To quickly adapt to these environmental changes, operational resilience has become an essential goal for businesses, including industrial organizations. There is broad consensus across industrial organizations that the key to achieving this goal is IT/OT convergence. Thanks to the development of advanced technologies in recent years, IT/OT convergence is no longer an abstract concept, but a goal that can be achieved.
According to an IDC survey1 of industrial organizations, 40% of respondents have invested in automation systems for their factories and production sites to get ready for the future. When you are on your journey to achieving IT/OT convergence, security concerns might be at the front of your mind due to the increase in cyberattacks around the world. Now more than ever, these attacks often target critical infrastructure, including railways, power substations, and pipelines, which have made industrial operators realize they can no longer overlook cybersecurity concerns.
One report recently noted that, ‘By 2030, 50% of industrial organizations will have developed an architecture for a unified data management strategy that securely prepares operational data for broader use across the enterprise.’ – IDC, Worldwide IT/OT Convergence FutureScape Predictions, 2021. In addition to this, Jonathan Lang, Research Director of IT/OT Convergence Strategies at IDC, explains that ‘IT personnel need to determine how to ensure security practices can be extended to operational data, without negatively affecting production.’ He also explained his prediction of the potential impact to IT operations during his recent appearance on the Moxa Security Talks Episode 7.
Although industrial operators are fully aware of the importance of cybersecurity, how to enhance network security for IT/OT convergence is challenging. For instance, IT/OT convergence leads to an increase in the amount of devices and systems existing on one unified network, which makes managing the network, while ensuring it remains secure, a greater challenge. In addition to this, it is difficult to integrate IT and OT areas that typically have different security requirements for operational purposes. In this article, we provide three perspectives for you to consider to help you overcome challenges and navigate your way through the cybersecurity jungle.
First Perspective: Secure Industrial Networks Based on Scenarios Your Users Will Experience
As the number of connected devices and systems in industrial networks are increasing, so are the opportunities for intruders to gain access to these systems. We need to rethink network security from different scenarios users will face and form a plan to prevent any breaches from occurring. There are two important scenarios that industrial operators must pay attention to. By overlooking these scenarios, there is the potential for significant cybersecurity risks when IT/OT networks converge.
• Remote Connections
The efficiency of remote operations is making remote connections a popular choice for users. However, when IT/OT networks converge, remote connections can become a weak spot if they are connected to many machines on the Internet without proper protection. Operators need to define and control network access, for instance, who can access the network as well as be able to verify the identity of the person accessing the network. This will go a long way to preventing unauthorized users from gaining access. In addition, further protection can be added by ensuring the connections to your machines and systems take place through a VPN and that any data transmitted is encrypted. By taking these precautions, industrial operators reduce the chances of a security breach occurring when implementing remote connections.
• Network Management
Large-scale network management is another important scenario because security is something that must be managed continuously and is not just a one-time event. When IT/OT networks converge, the people who use these networks need to be able to visualize large amounts of networking devices to ensure they can monitor the network security status. ‘Lots of our customers need more advanced solutions to enhance visibility.’ said Marty Wachi, Moxa’s business development manager from the network infrastructure division. ‘Our customers need to monitor existing network nodes and new nodes on a regular basis. Also, they need to know what applications will be used and specifically, which users will require access to the network. This is what our customers expect to protect their systems and assets.’ To enhance the visibility of your network security, you need a network management solution that monitors the security status of each networking device and sends an alert when an unexpected event takes place.
Expert Tip: Gain a thorough understanding of the scenarios your users are likely to experience during their IT/OT convergence project. This will allow you to take the necessary precautions to reduce cybersecurity risks.
Second Perspective: Take a Holistic View to Secure Industrial Networks
IT/OT convergence leads to a variety of systems on one network infrastructure. Thus, it’s important to have a holistic view of your network infrastructure to ensure all networking devices are protected. We recommend you develop a defense-in-depth security architecture based on the three levels below:
• Management Level
It’s important to keep operators informed of the security status of the network. You need both a network and security management solution to keep your network safe. In addition to network management tools that allow you to view the security status of each network node in your network infrastructure, you can consider a security dashboard, which will make it easier to manage your cybersecurity solutions, record related security events, and analyze reports for future improvements.
• Network Level
Controlling who can access your network can be the first step to protect your networks from intruders. Deploy firewalls and secure routers to help you control who can access the network, as well as regulate the movement of traffic and data on the network. It can also divide your unified networks into several segments, which make the network easier to manage. If an intruder gains access to a networking device, the threats can be contained within a specific segment, which avoids the entire network being corrupted. In addition, you also need an OT intrusion prevention system (IPS) to identify threats and notify operators when an incident occurs.
• Device Level
Each of your networking devices has the potential to introduce a cybersecurity risk to the system if precautions are not taken. Security mechanisms such as password policies and the ability to disable functions for unused ports and services can help you ramp up device security and minimize the potential for unwanted access. In addition, a proper vulnerability response process for your networking devices can help you mitigate cybersecurity risks.
Expert Tip: Taking a holistic view of cybersecurity allows you to enhance your network security as it gives you an overall picture of how to protect your network infrastructure from managing the entire network, right down to each individual device.
Third Perspective: Secure Industrial Networks Based on Security Standards
OT and IT personnel have different purposes when they access networks and the manner in which they do so. Furthermore, they often take very different approaches to network security. It’s difficult to secure your networks without everyone adhering to the same guidelines. Fortunately, there are some security standards, such as IEC 62443 and NERC CIP, which allow both IT and OT personnel to follow the same security regulations within one organization. Felipe Costa is an industrial cybersecurity (IACS) expert at Moxa, and he explains why more organizations are adopting the IEC 62443 standards, ‘I believe the reason more organizations are adopting the IEC 62443 standards is because it provides a common language to discuss security. Besides, the standard also gives advice to users on how to take a holistic approach to implement a security solution and execute security strategies. Last, the IEC 62443 standards allow companies and devices to become certified, which makes it easier for customers to identify suppliers and solutions that have the security features they need.’
The IEC 62443 standard can function as the common language for asset owners, system integrators, and component suppliers. The standard also defines security guidelines for different people within an organization to follow. For networking devices, the IEC 62443-4-1 standard focuses on whether an organization’s product lifecycle development is compliant with the appropriate security guidelines. As the IEC 62443-4-2 standard focuses on the fundamental security requirements for networking devices, any devices that are certified with this standard, can be qualified as secure. If you want to learn more about the IEC 62443 standard, we suggest you read this article.
Expert Tip: Choosing component suppliers and networking devices that are certified with IEC 62443 standards is a smart way to ensure the networking device you add to your network infrastructure is secure.
Navigate the Cybersecurity Jungle With Moxa’s Network Security and Cybersecurity Solutions
As a leader in industrial networking for over 30 years, Moxa is committed to developing secure and reliable networking solutions that proactively identify and mitigate cyberthreats in OT environments. To realize this commitment, Moxa strictly follows secure-by-design practices, utilizes distributed OT intrusion prevention systems capabilities, and provides an array of rugged networking portfolios to perfect defending industrial applications.
For more information about Moxa’s network security and cybersecurity solutions, visit our microsite to learn more.