The last several months have resulted in several major industrial cybersecurity (ICS) incidents, primarily ransomware attacks. This highlights the challenges in using technology in manufacturing today. The reality for manufacturers is that it is virtually impossible to insulate your plant from a cybercriminal determined to breach your systems. Of course, you should do your utmost to select and implement the most secure technology you can find. Putting in place a robust cybersecurity program will limit potential exposure to a ransomware attack. Lastly, providing training for employees is a smart defense to help ensure your investments are fully utilized.
Despite these preventive measures, you must also prepare for the eventuality that your facility, division, or company may ultimately fall victim. This means that you need to have a plan that is already in place where know in advance who you can work with from the government to recover your operations quickly while minimizing the costs to do so.
The Colonial Pipelines ransomware attack initially focused on Colonial paying the ransom, and while the FBI was able to recover the majority of it, the incident created supply chain disruptions that rippled throughout the US. According to the company, The Colonial Pipeline provides roughly 45 percent of the fuel for the East Coast. You need to ensure if you are hit you can achieve a resolution that minimizes the disruption while working with authorities to minimize the financial downside. Collaborating with the appropriate government agencies now and advocating for a strong national industrial cybersecurity program is in a manufacturer’s best interest.
Forewarned is Forearmed
The US government has funded extensive cybersecurity research, much of it through the MITRE Corporation, a not-for-profit entity that manages six Federally Funded Research and Development Centers. One of the outputs of this research is the MITRE ATT&CK Framework. This free and accessible framework provides a knowledge base of ICS threats, current activity, and models of attacks.
To properly defend against ICS threats is to fully understand the scale and scope of the threats. By modeling your environment and running it through the ATT&CK protocols, a manufacturer can be in a much better position to not only defend against attack but also how to respond more effectively and reduce exposure.
Read more about cybersecurity threats, Aerospace Manufacturing Cybersecurity is More than Classified Design Information
An Ounce of Prevention is Worth a Pound of Cure
Once you understand your vulnerabilities the first task should be to implement preventative tools to both put policies and protocols in place to minimize exposure and then to put in place detection and prevention technology. Putting tools in place without the proper staff education and support will effectively negate the security investment and likely result in a breach.
Your technology architecture plays an important part in your security profile. Proper architecture, populated with solutions from suppliers that themselves prioritize security, is your best defense against penetration. Of course, good backup and recovery practices are an important part of your cybersecurity program. But, as recent events have shown, cybercriminals are relentless, and threats are constantly evolving.
Consequently, another part of your cybersecurity program must be a continual reevaluation of threats and exercises to test your response capabilities. In that way, if an incident does occur, you can respond quickly to minimize exposure.
Government Involvement is Essential with Ransomware Attacks
Often companies are reluctant to involve authorities during a cyber incident because of a fear of bad publicity or further attacks. If your car is stolen and you don’t report it to the police, the odds of you recovering the vehicle are virtually nonexistent. The same applies to these cybersecurity incidents.
Failure to work with appropriate authorities after ransomware attacks virtually guarantees that you are setting yourself up for further exploitation. But just as a strong neighborhood watch program in cooperation with local law enforcement can reduce the probability of your car being stolen, working with Federal cybersecurity agencies, appropriate to your industry, can be an effective part of your overall defense strategy.
Manufacturers should also have a strong interest in encouraging government action as a preventative measure as well. It is in your company’s best interest if cybercrime is vigorously prosecuted. The international aspect of most cybercrime requires Federal action. Make it a priority to support legislation that puts cybersecurity on par with other national defense interests.