By Brian Deken, Business Development Manager, NA Connected Services, Rockwell Automation
For all organizations, embracing a digital transformation is essential for preserving relevancy in today’s competitive environment. It unlocks opportunities to gather new information and reveals insights that can quickly improve decision-making and operational efficiency, benefitting both growth and profitability.
While a shift towards network integration comes with a variety of commercial benefits, it exposes the long-walled-off industrial control systems (ICS) realm to a whole host of new vulnerabilities and risks.
With global spending on digital transformation expected to reach $6.8 trillion by 2023, lawmakers and regulators in Washington are rushing to identify and secure critical American infrastructure against Russian government retaliation.
As operation technology (OT) systems adapt for the modern age, companies must factor in cybersecurity as well as traditional safety from the onset in order to mitigate risk and maintain output.
The risks
Given the traditional challenges in upgrading OT systems, it’s not surprising that industrial organizations have been slow to embrace systemic change compared to IT-centric industries despite the undeniable benefits.
Before completely separated from the Internet – OT systems now connected and running applications that are cloud-based can be brought to their knees by an assuming phishing email. The integration of ICS systems to an IT-based network expands a company’s threat exposure ten-fold – providing cybercriminals and nation-state actors new pathways to penetrate networks.
These bad actors recognize the chaos they can unleash once they’ve infiltrated an OT system, able to disrupt the flow of water, gas, and electricity across entire regions.
Where to begin
Before an ICS can even begin its digital transformation journey, cybersecurity must be a main priority along traditional safety and maintaining operational output from day one. A multi-layered cybersecurity framework based on a clear threat assessment mindset, network segmentation safeguards and constant vigilance can harness new opportunities found in network integration and close the door on OT breaches.
From the onset, organizations should recognize and come to terms with the reality that threats lie all around and are inevitable. Breaking down implicit trust in any one system or process, a Zero Trust strategy embeds continuous monitoring tactics while identifying and prioritizing critical assets.
In this way, a Zero Trust strategy supports a digital transformation in tandem by securely adding new user populations, customer engagement models, while launching automated technology, including OT devices and sensors.
Building on the Zero Trust principles, network segmentation safeguards critical assets by separating them from non-critical assets – ensuring that breaches in one part of the network cannot find a path to infect others. For industrial organizations, this “air gap” separating IT networks from the OT systems protects ICS systems from an IT breach.
Although it runs counterintuitively to an effective digital transformation strategy, the air gap techniques and technologies that most industrial security standards already rely on protect OT environments from the fast-growing and constantly evolving threats in the IT realm.
As the digital environment faces continuously evolving and adapting cybersecurity threats, constant vigilance remains the first line of defense for any organization. Round-the-clock monitoring through an in-house team or third-party security operations center allows for continuous situational awareness.
Paired with threat detection software, companies can quickly identify suspicious behavior and stop malware in its tracks before it has a chance to throw critical infrastructure offline.
Building on a rigorous monitoring program, companies running industrial control systems should consistently stress test the operational tension of their cybersecurity plans to identify and strengthen any vulnerabilities.
A secure digital transformation is within reach
The integration of OT and IT environments opens a world of opportunities for growth and success but can expose critical infrastructure to increased risk. As organizations chart their own digital transformation strategies, cybersecurity must remain a core tenant throughout the process.
Working together with strategic partners, the expertise is there to develop holistic cybersecurity strategies capable of mitigating disruption while also improving overall operation reliability and productivity.
Brian has worked in the Automation Industry for over 20 years with various roles involving Services, Sales and Management. Working in Rockwell Automation’s Networks and Security business, he’s responsible for managing and driving a holistic approach that is based in 62443 and NIST standards that deliver customer Digital Transformation outcomes.
.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.