Defence in depth – could your industrial facility withstand a cyber-attack?

Posted on 22 Mar 2021 by The Manufacturer

It goes without saying that the pandemic has changed numerous areas of our lives; from the way we work, travel, even to the way we interact with others.

The fallout in all sectors of industry were quickly felt in 2020, especially those which relied on a physical presence to stay operational. Few operations shifted as quickly however as the cyber security industry along with relevant IT suppliers.

For our partners in the industrial sector, the move was equally as quick. Remote access to OT networks and operational data was used on a massive scale, with many discrete and process sector employees continuing their work from a distance.

Within industry, large sections of OT and IT have become intertwined and there is often a lack of understanding within organisations of the stark differences between the two fields. While the pandemic has accelerated this convergence, it has ultimately left some companies wide open to threats from within the two worlds. Paired with an increased number of operations now remote and cloud-based, the time for increased cybersecurity across OT networks has never been greater.

Throughout the pandemic, we have been working with numerous industry customers to support them in securing their plants form cyber threats. In recognition of high cyber security standards, Siemens has been awarded the Cyber Essentials Plus (CE+) certification, a prerequisite for organisations applying for critical national infrastructure (CNI) and defence projects in the United Kingdom.

We also work closely with other major organisations to share best practice and learn in this constantly evolving market. Siemens and eight partners from industry signed the first joint charter for greater cybersecurity. Initiated by Siemens, the Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalisation.

security
image supplied by Siemens.

Ensuring no one is left behind

For our customers who have either installed new equipment, have legacy systems or perhaps have not yet, our consultants can work with them to bring older machinery online, safely, securely and cost effectively. This is not about ripping out and replacing vast swathes of machinery. We can work with older machines to get them connected with minimal disruption to day-to-day productivity.

Unfortunately, a disconnected system is not the answer to securing a plant and ‘air gapped’ operations which have no other forms of protection could pose a higher risk of infiltration than a well-secured OT cloud-based one. We like to use the analogy of a wall. An air-gapped system is akin to a big, single wall around your infrastructure. The trouble is that while the wall is high, once an individual has scaled it and dropped into your network, they’re in and have free reign on your OT system, effectively opening the door for external actors. Now imagine that same, tall wall around your operation, but behind it is a moat, another wall, three fences and some attack dogs.

Organisations needs to ask themselves; can someone just walk up and plug their mobile phone into your production system and download a virus? We look at security in all these different levels and we even look at physical security, CCTV and putting locks on doors, and training staff. You need this defence in depth.

Detailing your defences

A chain is only as strong as its weakest link and this is why we work so closely with our suppliers. Our Cyber Essentials + accreditation means that we provide the security throughout the value chain. Machine builders, system integrators, product vendors – we provide the building blocks (products with security built in) so that they can build-up a secure production line.

Is your security standard in line with the ‘defence in depth’ concept, or do you still have work to do? Our team of consultants can offer you a free cybersecurity health check and you will quickly learn how fit your company is in terms of industrial security. The pandemic has presented cyber criminals with a new opportunity to exploit weaker industrial systems. With Siemens’ help, we can ensure that those weaknesses are found by us and not the criminals.

Click here to book and free cybersecurity health check.