IT in Manufacturing


Practical advice for cybersecurity

June 2023 IT in Manufacturing

As the OT/IT convergence trend continues to grow, almost every industrial organisation has started reinforcing its network security and taking cybersecurity precautions to protect its operations. One of the main reasons for this is that critical infrastructure and manufacturing facilities are more likely to be targeted by cyberattacks. These concerns are well founded as we can see by the frequent news reports about companies halting their production lines for more than one day due to a cyberattack. In addition to incurring financial losses when a company is hit by a cyberattack, if it makes the news it will often also lead to reputational damage. It is fair to say that increasingly more companies are being targeted by ransomware attacks, and even some of the biggest players in the industry that have already taken precautionary measures are being targeted. These attacks demonstrate the high risk of an interconnected world, and that no organisation is immune from cyberattacks.

CISOs and CSOs are desperate to learn more about OT environments and how to implement cybersecurity measures effectively, without disrupting industrial operations. This is a complicated field where there are many approaches and architectures that must be carefully considered before a decision can be made. We will explore two of the most common security architectures used nowadays, and share some tips to help industrial organisations implement them in unique OT environments.

The initial focus of zero trust architecture, as stated in the NIST Special Publication 800-207, is to only grant minimum access privileges to those who need to operate on the network. This will prevent a situation when someone has a legitimate reason to access the network, but is unnecessarily given unrestricted access to other parts of the network, which increases the chances of a cybersecurity breach occurring.

The defence-in-depth approach contains multiple layers of security protection to reinforce network security for industrial operations. The rationale behind this is that you will have a second chance to protect zones and conduits if the first layer of protection fails. According to the IEC 62443 cybersecurity standard, it is necessary to start this process by partitioning areas based on the levels of protection required. Each partition is called a zone and all the communication devices within it share the same security level, which means they all have the same level of protection. If you want to enhance security even further, it is possible to place a zone inside another zone with additional security measures.

By combining these two approaches, you can build well-defended industrial operations with layers of protection as the foundation, and then add further protection by adding the zero trust mechanism to ensure access is restricted to only those who need to access certain areas of the network. After considering these two approaches, it is clear there is no silver bullet for cybersecurity, and there are multiple angles that must be considered to ensure your network is secure.

In addition to the examples we just considered about how to implement zero trust and defence-in-depth networks, it is very important to enhance cybersecurity awareness across different departments and make sure all team members have the same mindset regarding cybersecurity. Employees should be encouraged to understand the benefits of following technical security requirements, as this will increase the chances that the guidelines are adhered to. This requires coordinated security responses, and network monitoring and management;an assumption that all devices and networks will be compromised; and ensuring there are robust recovery and response processes.

One unfortunate scenario that is often seen in industrial networks is when user credentials are compromised. For networks that do not utilise the zero trust principle, a user’s credentials might be all a malicious actor needs to gain access to the network. However, for a network that utilises zero trust architecture, a malicious actor requires not only device access control but also user authentication and authorisation. On top of that, it is also suggested that trust lists for granular control of your network be utilised. By using trust lists, rate control and failure logout, network devices only allow access from trusted devices that are equipped with the secure boot function and prevent excessive attempts such as brute-force attacks.

By verifying the user’s credentials when logging on to devices, network devices will log all user access attempts and provide the lowest level of privileges based on the role of the user. If organisations hope to reinforce security, trust lists can be a good way to control network traffic. One common practice is to create a trust list for IP addresses and service ports, and to leverage deep packet inspection technology to granularly control the network with features such as read or write privileges.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Quantum computing and its impact on data security: a double-edged sword for the digital age
IT in Manufacturing
Quantum computing is poised to redefine the boundaries of data security, offering groundbreaking solutions while threatening modern encryption’s foundations. For third-party IT providers, this duality presents both a challenge and an opportunity to lead organisations through one of the most significant technological transitions in decades.

Read more...
Next-generation road-legal race car.
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software has announced that Briggs Automotive Company (BAC) will move to the Siemens Xcelerator portfolio of industry software and use it to develop the next generation of its single-seater road-legal race car, Mono.

Read more...
Cybersecurity at a crossroads
IT in Manufacturing
here’s a growing unease in boardrooms, data centres and cabinet offices across South Africa. It’s not just about economic headwinds or political uncertainty, it’s about something quieter, more technical and yet just as dangerous - the rising tide of cyber threats.

Read more...
Enabling a sustainable industrial organisation
IT in Manufacturing
This article explains the top sustainability trends and key actions that you can leverage to become a more sustainable organisation.

Read more...
Navigating discrete manufacturing in South Africa through digitalisation
IT in Manufacturing
South Africa’s discrete manufacturing sector faces mounting pressure from global competition, fragmented supply chains and outdated infrastructure. In this complex environment, digitalisation is a critical lever for survival, resilience and growth.

Read more...
Africa’s pragmatic approach to AI and how data centres are enabling it
Schneider Electric South Africa IT in Manufacturing
In Africa, the current AI momentum is driven by a fundamental need, building a resilient digital infrastructure that addresses the real-world challenges of the continent’s communities.

Read more...
World first simulation of error-correctable quantum computers
IT in Manufacturing
Quantum computers still face a major hurdle on their pathway to practical use cases, their limited ability to correct the arising computational errors. In a world first, researchers from Chalmers University of Technology in Sweden have unveiled a method for simulating specific types of error-corrected quantum computations.

Read more...
Platform to accelerate supply chain decarbonisation
Schneider Electric South Africa IT in Manufacturing
Schneider Electric has launched Zeigo Hub by Schneider Electric, a powerful new digital platform designed to help organisations decarbonise their supply chains at scale.

Read more...
Future-ready data centres
IT in Manufacturing
The white paper ‘Future-Ready Data Centres’ by Black & Veatch outlines how integrating sustainable design principles not only helps meet ESG goals but also ensures reliability, operational efficiency and business continuity in the face of climate change and growing digital demand.

Read more...
Sustainable energy management
Siemens South Africa IT in Manufacturing
Utilising its innovative ONE approach technology, Siemens provides complete transparency on resource consumption and offers data-driven optimisation recommendations for sustainable energy management.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved