The security of industrial networks is nowadays a key concern for companies and therefore they pay more attention to this issue. They are well aware that cyber attacks on operational technology (OT), sometimes also referred to as industrial control systems (ICS), are becoming more frequent and sophisticated. This increases not only the risk of attacks and data loss, but more importantly, production downtime, which can cost companies tens of millions of Czech crowns.
In the past, OT was primarily focused on controlling and automating industrial technologies and processes. The systems were designed to process large amounts of data in real time, with an emphasis on reliability and fault tolerance. It is therefore increasingly important to integrate OT with IT to create a secure link between the two systems. This enables industrial companies to better manage their processes and improve productivity.
Back in the 1990 a model named the Purdue model (also known as PERA) was developed in the USA, and it is still considered one of the most widely used architectural models in operational technology.
The Purdue model provides a comprehensive framework for industrial process control and automation, allowing functions and responsibilities to be segmented into various levels of control and automation. Cyber threats are constantly evolving, and the interconnection of factory IT and OT systems plays into the hands of attackers. Many manufacturing and industrial companies have become targets of massive ransomware attacks precisely due to the lack of proper segmentation. That is why it is essential to segment industrial networks and constantly monitor them, as well as update security measures in response to the latest threats and trends in cyber security.
There are several basic security principles and pillars that are effective and crucial for ensuring cyber security in the industry. It is not surprising that due to the fusion of the IT world into the OT world, these pillars are adopted from the IT world (but supplemented with OT specifics – such as proprietary ICS protocols, etc.) The main principles and pillars include:
Visibility – you can’t protect what you can’t see. That is why it is advisable to keep an up-to-date list of all devices connected to the network and perform a behavioural analysis of their communications. Another prerequisite is the regular scanning of the status and versions (OT/IT) of devices. Any discovered vulnerabilities must be patched.
Segmentation – another pillar is the isolation, filtering, and inspection of network traffic. It requires NGFW (OT) deployment for the proper (micro)segmentation and filtering of network traffic. IPS/IDS (OT) and virtual patching should be used. Another aspect that should not be overlooked is securing of email and Internet traffic, and the screening of unknown files.
Endpoints –EDR/XDR solutions allow you to collect information about what is happening on devices (including USB device management).
Access Management –thecentralized management of user/machine identities is also recommended, but with strict separation of industry and corporate identities. Jump Servers (+MFA) should be used for network and device management and systems designed for network access control (NAC, 802.1x) should be implemented.
Auditing, backups, compliance, IRP, risk management, SIEM/SOC shouldbe centralized, and their respective security logs should be evaluated. A robust backup strategy allows you to prepare for unexpected situations. Regular training of administrators and staff should not be omitted. Definitely, do not underestimate risk analysis, which can be addressed by implementing or at least taking inspiration from the IEC 62443 standard. And, of course, require contractors to comply with security policies.
Industrial control systems combine a lot of complex hardware and software, often unfortunately very outdated. To maintain the highest level of cyber security readiness in OT, manufacturing companies must be both proactive and reactive in implementing protection. Specialized teams can help you with this. So don’t hesitate, schedule a consultation, and find out where your company stands.
We are in the process of finalizing. If you want to be redirected to our old version of web site, please click here.