Protecting Operational Technologies and Control Systems
The primary focus on cybersecurity for most businesses has been keeping customer and employee data secure. But there is growing concern among industrial and manufacturing firms about another threat landscape, one that involves cyberattacks on operational technologies (OT) and industrial control systems (ICS).
Cyber Attacks are on the Rise
As companies have digitized their manufacturing processes and increased their connectivity to the Industrial Internet of Things (IIoT), the breadth of this landscape has increased dramatically, as has the number of security incidents. In fact, in a recent survey of IT security and project managers from companies across a broad range of industries, 94% of respondents claimed to have experienced a security incident in the last 12 months. Among the most common incidents were web application attacks, the imposition of malicious hardware or external media, distributed denial of service (DDoS), and compromises in remote access. *
For many companies, the pace of digitization has outrun the development of effective security measures. Especially problematic has been protecting legacy systems that are now connected to the internet or IT networks but were not originally built with cybersecurity in mind.
Keeping Your Company Safe
To help companies keep malicious actors at bay from both new and upgraded systems, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency (NSA) recently published a new Cybersecurity Advisory that outlines the tactics typically used by attackers to compromise OT/ICS assets and recommends steps companies can take to protect valuable systems and data. The document encourages companies to create a “full connectivity inventory” that identifies all remote access points operating in their control system networks. Once this is done, the following actions are suggested as “best practices” in cyber defense:
- Establish a firewall between control systems and any outside vendor’s access points and devices
- Enforce strict compliance with policies and procedures for remote access
- Use jump boxes to isolate and monitor access to systems
- Change all default passwords throughout the system and update any products with hard-coded passwords
- Continually monitor remote access logs for suspicious accesses
Keeping operational systems safe and secure is a critical mission for most companies. However, implementing effective cybersecurity measures in this area requires substantial expertise and resources, particularly for larger firms with extensive “connected” operations. As your company develops and implements its cyber defense strategy, we at Washington Trust are here to help you plan for the financing you need to improve your business.
*The state of industrial security in 2022, Barracuda, July 2022.
Contact a Trusted Advisor
For more information or to speak with one of our trusted advisors about your unique financial needs, contact us at 800-465-2265 or submit an online form.