In a recent blog, we highlighted the cybersecurity risks that are created by the increasing attack surface in manufacturing organisations. As a quick recap, as you integrate systems, platforms, and equipment, and as you connect elements of your operation to the cloud, the potential attack surface in your organisation expands, exposing you to higher cybersecurity risks.
In our previous blog, we also highlighted the key to mitigating these risks – taking a holistic approach to cybersecurity as you transition to a Smart Factory. This means integrating your IT and OT (operational technology) teams and developing cybersecurity strategies, processes, and mitigation measures that cover all aspects of your organisation’s technologies. This includes everything from your Manufacturing Execution System to the cloud applications used by your accounting team to the PLCs and SCADA systems running on the factory floor to the CRM used by your sales and marketing team.
What does this holistic approach to cybersecurity mean, though? What are the practical steps that should be taken by pharmaceutical, medical device, and technology manufacturers?
The Challenges of the Increasing Attack Surface
A good starting point is to have a clear understanding of the scale of the challenge when you integrate and connect devices and therefore increase the attack surface and potential risks. Some of the main points include:
- Many OT legacy systems have complex cybersecurity vulnerabilities.
- One of the reasons for the above point is the fact that OT equipment is traditionally older and less adaptable to change.
- Software upgrade and security patching processes often lack structure.
- The process of rolling out updates and security patches is more challenging with OT equipment. This is because OT equipment directly controls the production process. As a result, each upgrade and security patch must be risk assessed and qualified.
- Visibility across the entire operation is limited.
Industry 4.0 Cybersecurity Best Practices
A crucial component of Industry 4.0 cybersecurity is to make sure there is correct OT/IT bridge separation to isolate and protect OT equipment from external threats. This OT/IT bridge separation will also provide protection against the internal risks that are often present in large corporate IT networks.
This protection of OT equipment requires the implementation of robust architecture during connectivity design. This architecture needs to allow data through while at the same time preventing inward threats.
Other essential Industry 4.0 cybersecurity best practices include:
- Make cybersecurity an integral part of your smart manufacturing strategy.
- Take an end-to-end approach to cybersecurity that includes technology, processes, and people.
- Put in place a cybersecurity governance programme covering both IT and OT. This includes developing comprehensive cybersecurity procedures, controls, and policies. These procedures, controls, and policies should also be regularly reviewed and updated.
- Put in place a strategy to continuously raise awareness of cybersecurity risks. This should apply at all organisational levels and should ensure constant vigilance while also providing education on new and emerging threats.
- Implement a strategy of continuous cybersecurity skills improvement throughout the organisation.
- Continuously focus on emerging threats as well as existing threats.
Getting it Right All the Time
There is a difficult and unfair reality about cybersecurity that is universal – those who seek to attack your organisation only have to be right once, whereas to properly protect your OT systems, you have to be right all the time.
This fact should not be a barrier to continuing on your Industry 4.0 journey as there are too many benefits to be ignored. However, cybersecurity considerations must be a core priority in everything you do and at all levels of the organisation.