Major cyberattacks like the ransomware attack on America’s largest oil pipeline and the world’s largest meat processing plant are becoming far too common. The amount of damage from these attacks depends on the level of security across an organization’s office and its manufacturing infrastructure.
When it comes to securing an IT/OT environment, every layer must be considered to protect valuable data and information. Layers can include the physical security of a data center, network architecture, application security, or operating system security on an HMI. Think of a medieval castle; to attack the medieval lord on the throne, you would have to get past the stockade, moat, walls, bridge, etc. The same concept applies in an IT/OT environment. To protect highly sensitive data, such as a grandma’s secret sauce recipe stored on the lower levels of a PLC network, you must get past multiple defenses of the IT/OT infrastructure. If somehow an attacker got past your permitter firewall, the next level of protection would slow down or prevent the attacker from reaching his goal.
Today’s secure layered defenses, also known as Defense in Depth (DID) strategies, have evolved beyond protecting corporate office networks. A secure, architected environment must now exist in the office and then be mirrored on the manufacturing side as well.
What are the layered defenses?
- Policies, procedures, and awareness regarding the use and security of computer systems. Office users and plant operators should be trained and familiar with policies and the consequences of violations.
- Physical security of a building and access to data centers, network closets, and electrical panels.
- Firewalls that restrict communication to ports and IP addresses on the edge of a network. This is typically the connection to your Internet provider, but it should also be at the core of your office and manufacturing network, sometimes even extended down to the line level.
- Modern firewalls with built-in Intrusion Prevention Systems (IPS) accept and reject packets based on rulesets from a database that regularly updates with new threat data.
- An extension of IPS, Intrusion Detection System (IDS), analyzes and monitors network traffic for security policy violations, port scanning, and viruses.
- Security patching and malware protection for OS platforms.
- Application and data security that requires authentication and authorization to corporate computers or operator workstations, such as a login with a unique account into the OS, PLC, HMI, or database applications. Users only have access to the system and data in line with their job responsibilities.
- A team to monitor and respond to incidents proactively and reactively.
These defenses are just a high-level description of measures and barely scratch the surface on comprehensive defense strategies. CISO, OT architects, plant managers, and controls technicians
should share a common goal of a secure DID strategy, but not every organization has the resources in-house to create one.
Interstates has decades of experience securing IT/OT environments against cyberattacks. If you want to learn more about DID strategies for your plants, contact us today at 712-722-1662.
Ricardo Romero, Senior Systems Analyst
This blog was originally published in the Current Connections Fall 2021 issue.