A common misconception is that both cyberattacks and cybersecurity controls are sophisticated and complex. “In fact, the methods criminals use to infiltrate industrial networks are often relatively straightforward,” warns Charles Blackbeard, business development manager for ABB Ability Digital Solutions.
“Therefore, it follows that protection measures also often do not need to be overly convoluted, especially when implemented in line with a defined strategy based on a risk assessment, and managed by a user-friendly application that enables everyone to be part of cybersecurity efforts.”
Cybercriminals may gain access to a facility through insecure remote login software by exploiting disclosed vulnerabilities in the software or sending phishing emails to employees, who open them on a system connected to the plant network. Attackers may then take control of the mouse on an individual workstation and perform malicious tasks, undetected in the guise of a control system engineer performing their typical job but remotely.
“While controls such as patching, malware protection and system backups offer essential protection from cyberattacks, they need a solid foundation,” stresses Blackbeard. Suppose an industrial system is built on a poorly designed, indefensible network, where all devices are separated from the internet by a single firewall. In that case, additional risks are added to the mix and may even offset the benefit from the implemented security controls.”
Combining this with an ageing distributed control system relying on unsupported Windows computers makes it much easier for attackers to find and infiltrate the operation without using sophisticated methods. Implementing and maintaining even the most basic security controls upon a solid architecture significantly reduces the risk of being compromised. Over time, when the assessed threat changes, one may need to add more security to stay ahead and remain aligned with the company’s strategy and risk appetite.
According to the SANS 2021 OT/ICS Cybersecurity Report, 48% of organisations surveyed did not know whether their industrial control system (ICS) had been compromised. “That statement by itself is rather disturbing, but even more so when coupled with the evidence that most systems already are or have been compromised,” highlights Blackbeard. “This illustrates that the urgent need to secure operational environments is matched only by the need for cultural change. Leadership must understand and support OT cybersecurity efforts and instigate an organisational cultural shift to prioritise training and action. Without culture and behavioural change, it is unlikely that any investment in technology or software will lead to long-term protection.”
The threat posed by cyberattacks on industry regarding financial loss, production downtime and reputational damage cannot be underestimated. A total of 61% of factories report that they have experienced a critical cybersecurity incident, while 75% say an incident has halted production. The average cost of OT-specific malware attacks for organisations is nearly R50 million. Ransomware attacks carried out by criminals for financial gain account for around eight out of ten attacks. Industrial companies are viewed as easy, high-value targets whose OT systems may be outdated, unprotected and exploitable, maybe even via the internet, making an attack even easier.
He adds that the question industrial companies should be asking is not “Can I afford to implement a cybersecurity strategy?”, but rather “Can I afford not to?”. Viewed in terms of business criticality, protecting internal systems from hackers is now a business priority, particularly when it comes to critical public infrastructure such as electricity, or fuel and water supplies.
Defining ROI from cybersecurity is never easy, because you are effectively buying risk insurance, rather than tangible increases in revenue and production. However, companies are increasingly aware that security is not just about protecting critical assets: it is also about answering to investors and protecting their right to operate by complying with international best practices and standards.
Keep in mind that the yearly cost of implementing a robust cybersecurity strategy and controls that can be upgraded to respond to evolving threats to OT production assets, in partnership with a trusted service and technology provider, works out far less than the cost of an insurance policy. A well-implemented cybersecurity strategy may reduce the insurance premium to fund these cyber efforts partly or fully.
ABB Ability Cybersecurity Workplace (CSWP) simplifies the process of monitoring and maintaining foundational security controls by collecting security-relevant data from implemented cybersecurity solutions and forwarding it into a consolidated application. Operators can seamlessly monitor the status of basic security controls such as patching, malware protection and system backup, perform standard security tasks, and receive alerts with actionable insights to remediate weaknesses and reduce risks – all from a single, easy to use dashboard.
This makes maintaining your cybersecurity easier, quicker and less daunting. CSWP is scalable, meaning it can be updated with new security features to keep up with evolving threats, and support regulatory compliance without a lengthy learning curve. For example, an industrial plant may have McAfee malware protection software, and Windows Server for patching, and separate software for backup, which can be complex to operate and maintain.
CSWP makes this both standardised and configurable, and consolidates all security controls into one view so that staff do not have to access multiple applications. Equipping frontline workers with the tools to secure the operational environment also reduces labour and operating costs. Another feature requested by many is the power to isolate the OT and IT environments with a click of a button, and prevent IT network intrusions and external actors from affecting the OT systems and potentially harming people, assets or the environment. CSWP also reduces the risks associated with remote access by managing user accounts and authentication, notifying staff when someone remotely accesses the systems, and letting operators activate and terminate remote sessions at will.
Tel: | +27 10 202 5000 |
Email: | contact.center@za.abb.com |
www: | www.abb.com/za |
Articles: | More information and articles about ABB South Africa |
© Technews Publishing (Pty) Ltd | All Rights Reserved