While there’s much to be gained from network connectivity, connections also mean taking on more vulnerabilities, cyber-probes, possible intrusions and potential attacks.
To protect against and mitigate these risks, Rockwell Automation and its well-known partners offer a comprehensive and growing portfolio of defenses that its customers can use on their digital transformation journeys. Mark Cristiano, global director of networks and cybersecurity, and Brian Deken, North America commercial manager for networks and cybersecurity, both of Rockwell Automation, updated industry media on the company’s latest cybersecurity initiatives at Automation Fair 2023 this week in Boston.
“Much of the equipment in many process applications is decades old and has flat networks, which is the same as no network, so we’ve spent a lot of time segmenting networks by using switches to establish demilitarized zones,” said Cristiano. “However, when the NotPetya and WannaCry attacks happened in 2017, that’s when investment in cybersecurity really began to take off.”
To-do list based on NIST
However, despite these famous cyber-attacks and others in more recent years, Cristiano states, “We’re still seeing that everyone is still not doing enough on cybersecurity. Everyone is seeking an answer, but there isn’t one answer. There are lots of answers. In addition, cybersecurity still doesn’t reach down to many legacy and device levels, which is where many vulnerabilities persist.”
Cristiano and Deken advise following the five cybersecurity directives formulated by the National Institute of Standards and Technology (NIST), which are:
• Identify assets,
• Protect networks,
• Detect attempted probes and intrusions,
• Respond, and
• Recover.
Using these directives as a guide, Deken reported that Rockwell Automation’s version includes:
• Segment networks into subnetworks to protect them and the devices in them;
• Identify and document assets;
• Prioritize vulnerabilities;
• Develop an incident response plan; and
• Implement a real-time intrusion detection system (IDS).
Assess, plan, protect—and repeat
“The reason we do asset and vulnerability identification is that we can then do risk scoring, and then make recommendations for users to mitigate those risks,” says Cristiano. “This shows us where basic networks segmentation is needed, so we can isolate a subnetwork if it gets hit, as well as monitor threats by taking snapshots of normal activities that let us identify deviations that might indicate possible problems or intrusions.”
These initial identifications and assessment measures form the basis of the incident response plan that needs to be developed next. These plans include recruiting an expert cybersecurity partner, conducting penetration testing, and performing tabletop exercises to simulate breaches. “We just need to know what to do with something happens,” adds Cristiano. “Continual monitoring is needed to refine risk scores, and assessments are also helpful in generating funding to comply with NIST and ISA/IEC 62443 cybersecurity standard requirements.”
Cristiano added that Rockwell Automation can help customers consistently address their cybersecurity issues in multiple locations and reduce the individual sources of ambiguity they may be facing. “We can meet customers wherever they are thanks to NIST’s recommendations,” he said.
For example, Cristiano and Deken reported that Rockwell Automation has been developing its managed security services, so it will be a preeminent provider of cybersecurity capabilities in conjunction with its partners Claroty, Dragos, Fortinet, Cisco and Verve, which it acquired most recently. “All of these can be integrated into a comprehensive security operation center (SOC) solution,” added Cristiano. “This is how Rockwell Automation can help customers mitigate their vulnerabilities, and deal with whatever comes next.”