Staying on top of new technology and cybersecurity at aging plants is complicated. Many plants have equipment that is 10, 20, or even 30+ years old and may be relying on unsupported operating systems or software. These legacy systems often cannot be patched or upgraded, and migrating to a new operating system is not cost-effective. To help you overcome these challenges, here are four key ways to bolster your operational technology (OT) network by increasing threat visibility.
1. Baseline Your Network
To help determine which communication activities are normal and which may be threats, it’s essential to have an accurate baseline reading of your entire network. A compressive device inventory is necessary to observe when new or unapproved devices connect to your network. It’s also vital to understand which devices communicate to each other and what OT protocols they are using.
2. Centrally Collect System Logs
System logs can help correlate events across different devices and different manufacturers. This will provide horizontal visibility across your company. If you’re able, automate the review of these logs with machine learning technology.
3. Implement Incident Response Playbook
With the additional data you’ll collect from various threat detection tools, it’s important to develop an incident response playbook for your company. Collecting logs, baselining your networking, and implementing tools will provide little to no value unless you have a plan in place to monitor and act upon this data. Consider implementing tabletop exercises to roleplay the various scenarios.
4. Develop a Central Pane of Glass
It’s crucial to develop a dashboard with specific key points of interest across all your company’s verticals. This will help your operation center teams efficiently parse the data. With the continuing convergence of IT and OT, it is important to have central visibility. This visibility will help close the gap and provide insight into the wide variety of devices that can be seen today.
In manufacturing, security has typically taken a secondary role to production. However, the industry is beginning to see a rapid increase in OT threats. By implementing some of these best practices, you can gain additional visibility into the threats facing your OT network.
Where Can I Learn More?
Interstates has plant cybersecurity experts ready to help. If you have any questions about network threat detection, reach us at (712) 722-1662 or www.interstates.com/contact/.
David Smit is a Systems Analyst who works in Operational Technology at Interstates, a certified member of the Control System Integrators Association (CSIA). For more information about Interstates, visit its profile on the Industrial Automation Exchange.