Sabyasachi Goswami, Commercial Leader, Commercial Services, APAC shares his 
thoughts on what industrial players need to stay cybersecure in the age of 
cyberattacks. Rockwell Automation 
Inc.(https://www.rockwellautomation.com/en-id.html)(NYSE: ROK), is a global 
leader in industrial automation and digital transformation. The following 
opinions are his own, and do not necessarily reflect those of Rockwell 
Automation as a whole.

The pandemic has exposed the vulnerabilities of the global manufacturing and 
supply-chain processes long hidden beneath the surface. Cybersecurity has been 
a decades-long "grey rhino" in the wings of this "black swan" event. Last year, 
a Tokopedia data breach jeopardised more than 15 million user accounts, and 
cybercrime accounted for 43 percent of all crime in Singapore. 
Interconnectivity in a digital landscape may bring greater agility and 
convenience to manufacturers but the same benefits apply to malevolent players 
which are now no longer encumbered by geography. 

Much like multi-layered anti-COVID measures, from defense(face masks and hand 
sanitisers) to prevention(lockdowns), rapid detection(PCR kits), and a cure 
(vaccines and antiviral drugs), corporations need to apply the same robust 
approach to protecting critical infrastructure.

Convergence of IT and OT

Increased interconnectivity also extends to hackers. Companies need to 
understand that there is no "air gap" between Information Technology(IT) and 
Operational Technology(OT) - the technology directly monitoring and or 
controlling industrial equipment, assets, and processes. These are not separate 
entities but two halves of a whole enterprise. 

While many have taken measures to secure IT, their OT systems remain 
under-protected, becoming a convenient "backdoor" for hackers. Ransomware 
incidents have become increasingly frequent in manufacturing. Ransomware 
attackers can penetrate a chink in the armour within minutes and spend months 
"dormant." They silently infiltrate the entire network and stay undetected for 
months while gathering data and critical information before striking. 

A recurring issue in OT security is legacy infrastructure, built decades before 
high-speed internet was commonplace. This means older machinery and computer 
systems are a worrying blind spot to IT and security operations teams and can 
also result in exposure. For example, a factory's central conveyor belt might 
still run on an outdated edition of Windows XP no longer supported by its 
developer, nor compatible with the latest updates and protections. 

There is a lot of complexity in the OT layer for manufacturers to address, 
alongside balancing the costs to modernise. This process is often deprioritised 
and delayed. Modernisation takes time and requires multi-year transformation. 
But by making these changes now, organisations can immediately adopt best 
practices to build a holistically secure IT/OT network environment to 
neutralise potential threats.

The myth of the panacea 

Similar to how we have managed to bring disease outbreaks such as polio and 
smallpox under control, a multi-layered defence strategy is needed to detect 
and deter malicious players. Organisations should start with a holistic 
enterprise-wide security assessment that includes: 

1.An inventory of authorised and unauthorised devices and software 
2.Detailed observation and documentation of system performance 
3.Identification of tolerance thresholds and risk and vulnerability indications 
4.Prioritisation of each vulnerability based on impact and exploitation 
potential 
5.Mitigation techniques required to bring an operation to an acceptable risk 
state

To develop a robust safety net, organisations must account for software, 
networks, control systems, site-infrastructure nuances, policies, procedures, 
and even employee behaviours. Rockwell Automation has defined five core 
security principals in place:

1.Secure network infrastructure - A resilient industrial network security 
system limits access to authorised individuals and protects data against 
manipulation or theft. With telecommuting becoming the norm, security systems 
must account for the remote connectivity of people, processes, and information. 
Networks used in large-scale industrial applications can harness cloud 
technology, data analytics, and mobility tools to optimise systems monitoring. 

2.Authentication and policy management - Often overlooked when developing 
safety controls around user authentication is the need to minimize potential 
exposure to threats from internal resources. Management user accounts should be 
integrated with a means of centralised control. Scalable solutions should also 
be planned to allow for flexible workflows around disconnected environments, 
guest user access, and temporary privilege escalation before the necessity 
arises. 

3.Content protection - Automation equipment such as controllers often contain 
sensitive information. Smart industrial systems require a common, secure 
environment to protect an organisation's intellectual property while 
maintaining productivity and quality.

4.Tamper detection - Unwanted activity and modifications within operational 
systems can be quashed through speedy detection, recording, and a strong 
coordinated response. Measures to deter and address potential threats should 
include a means to centrally record and track all user actions, regular backups 
of operating asset configurations and electronic files, as well as a meticulous 
inventory of all devices on a plant floor. 

5.Robustness - Plant machinery, operation systems and data storage units can be 
brought together under a single-system architecture that allows for centralised 
monitoring and reporting. By leveraging Converged Plantwide Ethernet(CPwE), 
multinational corporations can achieve greater flexibility, visibility, and 
efficiency required to remain competitive while retaining full control over 
their digital assets. 

Prevention is always better than cure 

Placing equal importance on cybersecurity advancements is essential to 
future-proofing an organisation. Investing in IT alone can capture short-term 
growth prospects but leave these gains vulnerable to an overnight cyberattack. 
Much like how vaccines are crucial to herd immunity, a modern enterprise is 
only as strong as its weakest link. The best defence is a good offence, via a 
comprehensive network security system.

SOURCE:Rockwell Automation