As the COVID-19 pandemic continues to rage worldwide, everyone who can is working at home by connecting to a host of expanding and/or newly multiplying Internet networks, but many new links aren't as closely monitored or managed because they're new, hastily set up, and not yet part of established policies and procedures for older, centrally controlled networks. At the same time, the awareness and vigilance about cybersecurity that workers habitually maintain in offices and plants can stretch thin when they work at home or other settings with competing demands for their attention.
In short, more connections and distractions mean more vulnerabilities to probes, intrusions and attacks. So, once again, COVID-19 is throwing a harshspotlight on what users and their organizations are doing—or not doing—and should be doing, in this case, about cybersecurity.
In this multi-part series, executive editor Jim Montague explores the latest in industrial cybersecurity and how the COVID-19 pandemic has put a spotlight on the need for protection.
The best cybersecurity defense
"The pandemic has increasingly brought to light the importance of cybersecurity fundamentals and the benefits that come from following them. COVID-19 and responses to it provide excellent examples of both effective and ineffective security responses to an unknown threat. One crucial observation we can make is that we can't protect our systems (or ourselves) if we don't know the vectors that threat agents use to compromise (infect) a system," says Daniel McKarns, of Matrix Technologies Inc. "Having the fundamentals in place can allow you to effectively defend against many threats and minimize the impact of others." System integrator Matrix shows how users can go on offense against cyber-threats. Read more.
Take-home cybersecurity tools and training
When it comes to cybersecurity during the COVID-19 pandemic, what's works at work can also work at home. All of the useful cybersecurity hygiene practices, antivirus and intrusion detection software, network segmentation and protection, traffic monitoring and anomaly detection, and other cybersecurity tools used in businesses and on plant floors can be extended to remote and residential users. Read more.
DHS advises monitoring, modeling and Malcolm for cybersecurity
Just as cybersecurity projects get easier when management buy-in is gained and a team is drafted, many users and their companies are getting increasingly sophisticated assessment and mitigation services from government agencies, such as the U.S. Dept. of Homeland Security's Cybersecurity and Infrastructure Security Agency. Read more.
INL advocates attacker thinking for cybersecurity
To share and coordinate effective cybersecurity practices more widely, Idaho National Laboratory is participating in the U.S. Dept. to Energy's (DoE) $70-million project to launch the Cybersecurity Manufacturing Innovation Institute in mid-November at the University of Texas San Antonio (UTSA). Learn more.
Fighting ransomware, securing links
One of the most prevalent malware lately is different types of ransomware, which usually invades PCs and lock up their computing capabilities until money is paid to the attacker. Phoenix Contact and Owens Corning offer some recommendations for fighting this type of malware and securing vulnerable links. Learn more.
Phishing and detection arms races ramp up
Unfortunately, just as cybersecurity remedies improve, malware also grows more sophisticated and widespread. System integrator Grantek details how cybersecurity providers are ramping up their efforts. Read more.
Device-level security coming within reach
As Ethernet and microchips pushed down to device-level sensors, they brought along cyber-threats to I/O points, instruments, motors and other analog hardware that were wide open, vulnerable and prime targets for catastrophic attacks. System integrator Matrix and Control's Unfettered blogger Joe Weiss show how cybersecurity is reaching down to cover sensors and instruments. Read more.
Mechanical security needs diverse experts
Two instructors from SANS Institute advocate for mechanical-level cybersecurity, but add that experts from multiple disciplines must participate to determine what protections are needed. Read more.
Take your own cybersecurity medicine
System integrator AE Solutions uses many of the same cybersecurity measure it prescribes for clients. Read more.