Get the Skinny
on all things Vertech

At a conference I attended recently for the water industry, a fellow attendee asked a panel how to implement some basic cyber security at his water plant with essentially no budget. I loved the honesty of the question, and I posed it to a couple of our in-house industrial cyber security experts when I got back to the office. Here are eight no-cost recommendations they provided for shoring up your industrial network security.

All of us in the OT world understand that cyber security is a big deal. Doing something about it has been a challenge, however. The relationship between IT and OT has long been documented as a difficult one, but manufacturing and critical infrastructure enterprises are rapidly acknowledging the need to work together to protect networks, data, and production.

In today’s manufacturing world, businesses are rapidly adapting smart manufacturing and Industrial Internet of Things (IIoT) technology that amass valuable data from all aspects of the organization for faster, smarter decision making. According to the Industrial Ethernet Book, “by 2020 there will be an estimated 20.8 billion devices in the IoT, and more than 30 billion devices will be wireless connected.” However, this digital transformation also means that the line between information technology (IT) and operational technology (OT) is blurring more and more with every passing every year.

This month, our ICS Cyber Security Survival Guide was featured in The Industrial Ethernet Book– the only internationally distributed journal dedicated to industrial Ethernet and wireless technologies. As the respected Internet of Things authority, The Industrial Ethernet Book is a trusted resource for forward-thinking plant manager and network administrators in manufacturing.

How to Securely Get Plant Data into an Azure Database Via a Site-to-Site VPN.

Data that is generated and resides in the plant can be extremely useful for the continued success of the company, but it often resides in a highly protected and regulated environment. Rather than pushing the information to a database on the enterprise network, many people are moving toward cloud-based data processing and analytics for greater accessibility and expandability. So how can we get the data out of that environment securely and allow the business to start further increasing the value of that data? 

In 2015, the BlackEnergy trojan was used to attack the Ivano­Frankivsk power station in West Ukraine and knocked out electricity in 80,000 homes. The bug was delivered via spear phishing emails, disguised as a Microsoft Office attachment from the Ukrainian parliament, and had the ability to delete critical system files and specifically sabotage industrial systems.

In our personal lives, we frequently use the cloud without giving it a second thought to store, share, and remotely access a variety of files ranging from photos to documents to movies. But, when it comes to our professional lives, in general, we have been a little more hesitant to take advantage of cloud technology. However, there are many time and cost benefits to bringing cloud technology into businesses, especially manufacturing facilities. From better reliability and more readily available data to easier scalability and elasticity and integration, there are numerous benefits to incorporating cloud technology into your manufacturing floor. Let’s take a closer look.

In 2015 there were 295 cyber security incidents reported to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in the US. In 69% of these incidents, proof was found of intruders successfully gaining access to critical networks. “ICS-CERT responded to a significant number of incidents enabled by insufficiently architected networks, such as ICS networks being directly connected to the Internet or to corporate networks." You can take some simple steps to keep your facility from being one of these statistics, and you can probably make most of them happen with your existing ICS network investment. (Source - ICS Cert Monitor, Dept. of Homeland Security - December 2015)