Cybersecurity is a trending topic in current news cycles. More devices are being connected to the Internet to improve the way things are done or make things simpler and more accessible. Unfortunately, the security of those devices is sometimes an afterthought. We see this same cycle happening with the evolution of devices on a factory floor. Equipment was previously connected through proprietary data networks to control or extract information from that equipment. Standard Ethernet, the same as used in the corporate environment, has been developed for use on the factory floor, making it extremely simple to connect corporate devices and the Internet to the factory floor. The security of those devices is most often a secondary initiative.
Now that these devices are connected to the Internet, they are at risk from any number of attack vectors from more people and various techniques designed to disrupt operations.
One example could be a targeted attack against a critical target such as water supply or oil and gas distribution. Unfortunately, we have seen these attacks already, and a recent example is an attack on a major US gas pipeline that affected gas prices nationwide. A second example could be a phishing attack against an employee email account. The sender of that attack does not care what is infected; they are looking for cryptocurrency to give access to your equipment back. Again, this could be devastating if the equipment is critical to production
There are several aspects of cybersecurity that can be applied to manufacturing in any industrial sector. The first are assessments that need to be performed to determine what is existing and the priorities of that existing equipment. The scope of a cybersecurity project must contain an acceptable level of risk to develop a plan. Plus Group can help with this process by performing these audits and assessments. We have an Automation/IT group specifically dedicated to performing these assessments and recommending the appropriate mitigation techniques.
Cybersecurity does not stop with an assessment and installation or configuration of equipment. The networks and equipment should be continuously monitored, evaluated, and audited for compliance with the desired cybersecurity scope. Plus Group can also provide this continuous monitoring and auditing service. We are certified by ISACA, formerly Information Systems Audit and Control Association, for information system auditing. We follow standard frameworks and apply specific requirements applicable to industrial and manufacturing applications. Our experience in the industrial environment makes us unique in this industry due to the specific requirements that industrial networks and equipment have versus the corporate environment.
There is no guaranteed protection from a cyber-attack, but we can minimize the impact and likelihood of occurrence with the proper controls, monitoring, and recovery techniques. It does not matter where you are in the development of a cybersecurity program. Plus Group is here and ready to assist in making your operations as safe as possible.
Written By: Dave Jennings
Editing: Torie Powers