These are fundamental steps that build a cybersecurity foundation from which an organization can continue to build. While maintaining proper cyber hygiene is essential, a connected organization will want to go further to develop a more robust cybersecurity program implemented across all operations.
You Might Also Like
Explore this issueApril/May 2019
A security-through-obscurity approach no longer offers sufficient protection against today’s wide array of threats and threat actors. An organization should build its security around the idea that any one point of protection probably can and will be defeated. A defense-in-depth strategy creates multiple layers of protection through physical, electronic, and procedural safeguards. In the event of a threat, the organization has more than one line of defense in place.
There are six primary components in a defense-in-depth strategy: 1) policies and procedures, 2) physical, 3) network, 4) computer, 5) application, and 6) device. While every organization will have a unique security strategy, each of these components will have a role to play in the effectiveness of the overall approach.
Policies and procedures address the human side of security, helping to shape employee behaviors—and to confirm that security practices are followed and technologies are used appropriately. Physical security limits facility access among both external and internal audiences. For personnel, access should be tightly controlled, limited not only in terms of areas within a facility, but also to entry points on the physical network infrastructure, such as control panels, cabling, and devices.
The network security framework should be developed through close collaboration between IT and OT, working together to identify and implement the right technologies and policies. These technologies likely will include an industrial demilitarized zone, which separates the enterprise and industrial zones and helps manage access and monitor traffic.
The computer component is vital, as software vulnerabilities represent the top means of intruder entry into automation systems. Patch management, antivirus software, application whitelisting, and host intrusion-detection systems are specific measures that help harden an organization’s computer assets. At the production application level, security devices are needed to restrict both physical and digital access. Authentication, authorization, and accounting software helps restrict and monitor application access and changes.
Finally, devices represent the last area of defense-in-depth security. Organizations should consider deploying device authentication and unauthorized device identification as well as modifying default configurations for embedded devices.
Much of this defense-in-depth approach is focused on proactive, defense measures that prevent threats from fully manifesting. However, it also is important for an organization to investigate and prepare for the entire lifecycle of potential threats, including those that may escalate into a security incident.
The most robust and effective cybersecurity program addresses each phase of the attack continuum—before, during, and after an attack occurs. The steps and activities detailed above relate directly to the “before” phase, when an organization needs to focus on the identification and protection of its assets, both IT and OT. A thorough, frequently updated risk management plan and a robust cybersecurity program put an organization in the best position to minimize the occurrence of attacks.
Of course, constant vigilance is necessary in the face of the increasingly complex and evolving threat landscape. Organizations must have systems in place to monitor for and detect any network behavior that does not conform to the expected patterns or baseline, equipping them to react, adjust the system, and impede potential threats during an attack.
After an attack, the top priority ensuring safe production and minimizing downtime as a result of the cyber-attack. An organization’s risk management plan should include processes for containing an attack, eradicating its effects, and recovering rapidly. The plan also should outline steps for a post-incident investigation with the goal of identifying root causes and means of strengthening resilience.
For years, food and beverage producers have focused on the physical security measures that promote food quality and safety, protecting consumers and stewarding the nation’s food supply. In today’s connected environment, however, physical security and cybersecurity are inextricably linked. Now is the right time for organizations across the industry to confirm they have a robust cybersecurity program to mitigate the broader spectrum of potential risk and threats. Applying the same rigor across physical and cybersecurity programs best positions food and beverage producers not only to protect people, but to protect their brand, reputation, and financial interests.