Analysis
Expert
Industry 4.0
OT Network security
Perimeter security

Takepoint Research whitepaper focuses on cybersecurity in manufacturing, critical infrastructure sectors

January 17, 2024
Takepoint Research whitepaper focuses on cybersecurity in manufacturing, critical infrastructure sectors

Analyst firm Takepoint Research published Tuesday a whitepaper that explores the complexities of industrial control systems (ICS) in modern manufacturing and emphasizes the urgent need for robust cybersecurity in the industry 4.0 era. It discusses the vulnerabilities of ICS in the transition from traditional to advanced manufacturing, including threats from legacy or multi-vendor environments. The paper highlights the importance of balancing innovation with risk management in smart manufacturing and integrating resilient system strategies with existing security infrastructures.

Titled ‘​​Moving to Prevention – Securing Critical Assets in OT,’ the whitepaper emphasizes proactive prevention and secure communication, as well as the implementation of security measures that are operationally flexible and compatible. While many organizations focus on network-based security solutions for detection, only a few recognize the importance of directly protecting ICS. The paper stresses the alignment of these solutions with recognized OT (operational technology) cybersecurity best practices and regulations.

The primary objective of the Takepoint Research whitepaper is to offer clarity and strategic vision in industrial cybersecurity. It aims to present a comprehensive outlook on the current and future industry, focusing on key players, regulatory focus, critical technologies, solutions, services, and industry best practices, Jonathon Gordon, directing analyst at Takepoint Research, told Industrial Cyber. The paper is designed to guide these organizations in confidently navigating each stage of their cybersecurity journey, with a particular emphasis on ensuring the safety and resilience of critical infrastructure and manufacturing sectors.

Gordon identified that the intended audience for the Takepoint Research whitepaper primarily includes industrial enterprises and cyber defenders who are responsible for the safety, resilience, and productivity of organizations within the critical infrastructure and manufacturing sectors.

Main topics include:

  • The Case for Prevention: This section emphasizes the importance of proactive measures in securing critical assets in OT.
  • Ensuring Secure Communication Channels: Strategies to maintain secure communication within OT environments.
  • Comprehensive Protection Beyond the Network: Looking beyond traditional network security, advocating for a holistic approach to protecting critical OT assets.
  • Various factors: This includes operational workflow impact, compatibility, flexibility, resource efficiency, and vendor collaboration.
  • Alignment with OT Cybersecurity Best Practices, Frameworks, and Regulations: It advises on aligning with existing best practices and regulatory standards.

Addressing the complexities of integrating ICS in manufacturing systems impact production efficiency and security, Gordon said that integrating ICS in manufacturing involves balancing safety, automation, and cybersecurity to enhance operational efficiency and mitigate risks. The secure integration and operation of Engineering Workstations (EWS) and Programmable Logic Controllers (PLCs) are crucial in this context, demanding robust security measures and compliance with industry standards. These complexities arise due to several factors, including the transition to advanced manufacturing, resilient system strategies, operational flexibility and compatibility, integrity and availability of production lines, operational workflow impact, and resource efficiency.

He detailed that establishing a critical link between EWS and PLCs poses challenges in operating across OT and ICS environments due to various factors. These include securing EWS-PLC communications which is critical, given the high-risk threat vectors targeting PLCs. Implementing effective security measures without compromising system functionality is a significant challenge.

Gordon also pointed out that identity-based access control is essential, including role-based access control (RBAC) where administrators set permissions between EWS and PLCs. “Unauthorized access to PLCs can disrupt industrial processes and pose safety hazards. Securing access to PLCs ensures operational integrity and prevents data tampering or theft. Adhering to OT cybersecurity best practices and regulations is imperative, especially considering the complexity of securing EWS-PLC connections,” he added.

He also recognized that older OT systems often operate on outdated hardware and software, making them difficult to update or patch. Compensatory controls are necessary to accommodate the unique limitations of these systems.

Addressing how arriving at gauging risk appetite becomes challenging, and the inherent risks of such action in the field of industrial cybersecurity, Gordon said that gauging risk appetite in the context of industrial cybersecurity, particularly in environments involving ICS, becomes challenging due to several factors, including balancing manageable risk, prioritization of risks, and dimensions of risk – likelihood and impact.

“The goal in industrial cybersecurity is to reduce risk to levels acceptable to each organization, not to eradicate it. This necessitates defining the level of risk, which is aligned with the organization’s risk tolerance, determined by the management team,” according to Gordon. “The process begins with identifying all cyber risks and then prioritizing them, with a focus on addressing the most significant risks first. For example, issues like insecure authentication and communication between EWS and PLC might be identified as high risks and, therefore, prioritized.”

He added that risk assessment in this context involves evaluating the likelihood of a threat materializing and the potential impact or consequences of such an incident. This assessment can be complex due to the intricate nature of ICS and the varied nature of potential threats.

The challenges Gordon identified include expensive operational setbacks, security vs. performance trade-offs, insider threats, and physical and network security risks.

“Misjudging the risk appetite can lead to vulnerabilities that might result in significant operational and financial damage, impacting the company and potentially posing a wider threat to the environment and economy,” Gordon said. “Striking the right balance between robust security measures and system performance can be challenging. Overly complex security measures might introduce new risks or impede system performance.”

He added that granting unrestricted access to critical systems, such as PLCs, can broaden the scope of insider threats. This can lead to unintentional or malicious compromise of the system’s integrity and security. “The differentiation between local and remote users in ICS environments presents unique security challenges, as both types of users can introduce risks leading to operational disruptions or equipment damage.”

Considering the emphasis on productivity, integrity, and availability of production lines, Gordon analyzed how organizations can effectively address the challenges posed by the sometimes subtle nature of controls within ICS technology deployed across manufacturing environments.

He said that to address the challenges posed by the sometimes subtle nature of controls within ICS technology across manufacturing environments, organizations can adopt several strategies, focusing on productivity, integrity, and availability of production lines, including balancing innovation with risk management, resilient system strategies, proactive prevention and secure communication, and alignment with best practices and regulations.

Gordon also included effective Identity and Access Management (IAM), understanding key players in OT cybersecurity, a systematic approach to ICS design, adopting a strategic, risk-based approach, and continual review and adjustment of security measures.

Gordon also recommended implementing robust IAM practices to control access to critical systems and data and recognizing the roles of various stakeholders involved in ICS, including vendors, third-party technicians, and operators. This understanding is vital for establishing effective collaboration and security measures.

“Utilize frameworks like the Purdue Model for a structured approach to understanding and securing ICS. Each level of this model has its own set of functions and security considerations, providing a roadmap for ICS design,” according to Gordon. “Emphasize a risk and consequence-based strategy, calling for tailored security measures to protect critical infrastructure. This strategy should address high-risk, high-impact scenarios, with a focus on proactive measures to secure ICS. Regularly review and adjust security measures to keep pace with evolving threats and the changing landscape of industrial manufacturing,” he added.

Sagi Berco, CTO at NanoLock Security, explains how NanoLock OT Defender stands out with its cutting-edge features and addresses cybersecurity challenges in OT and ICS environments. Berco highlights that OT Defender offers device-level protection and brings substantial benefits to operational teams.

“It provides zero-trust protection at the device level (level-1, PLCs) by controlling and managing access to the PLC for programming in a multi-vendor environment. Empowers OT teams and maintenance teams to gain complete control and traceability over users and devices, even those operated by third-party contractors,” Berco said. “While Intrusion Detection System (IDS) solutions provide threat detection after the fact, lacking preventive measures, NanoLock’s OT Defender prioritizes prevention against both outsider and insider threats, rather than relying solely on detection to secure ICS/OT assets.”

He added that it supports online and offline multi-generation PLCs – both new and legacy. “NanoLock OT Defender allows you to leverage multi-factor authentication (MFA) and stringent device-level access management.”

Elaborating on the specific scenarios or threats that the solution effectively helps to mitigate, Berco said that attack scenarios and the threat landscapes have changed in the last few years. “CISA has warned that the insider threat, whether it occurs knowingly or is manipulated, has become a major threat. Furthermore, third parties such as vendors and suppliers entering production sites have access to systems, devices, and credentials, enabling new and harder-to-prevent threats.”

He added that NanoLock eliminates the need to mitigate by preventing the incident from happening in the first place, protecting from both insider and outsider threats. Berco highlighted how OT Defender stays ahead of the curve by constantly adapting to the ever-evolving landscape of cybersecurity threats and attack techniques. “NanoLock’s OT Defender operates on a zero-trust principle at the asset levels. Therefore, no matter how advanced the attack techniques are, the PLCs are segmented from any attack vector, no matter how basic or sophisticated it is. Consequently, OT Defender reduces the attack surface and minimizes the threat landscape, preventing incidents regardless of their source or method,” he added.

Anna Ribeiro

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Strategic Decision-Making in Cyber-Physical Risk Assessments and Cyber Ethics.
Strategic Decision-Making in Cyber-Physical Risk Assessments and Cyber Ethics.
Sprinting Toward NIS2 Compliance
Sprinting Toward NIS2 Compliance
Vulnerability handling according to the European Cyber Resilience Act (CRA)
Vulnerability handling according to the European Cyber Resilience Act (CRA)
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
What the Cyber Resilience Act requires from manufacturers
What the Cyber Resilience Act requires from manufacturers
Comprehensive Guide to Integrated Operations 1
Comprehensive Guide to Integrated Operations (Part 4)
Comprehensive Guide to Integrated Operations 1
Comprehensive Guide to Integrated Operations (Part 3)
First Impressions and Lasting Insights from an S4 Rookie
First Impressions and Lasting Insights from an S4 Rookie