With the recently revealed hardware kernel level vulnerabilities, named “Meltdown” and “Spectre”, a renewed sense of Cybersecurity awareness comes to the plant floor. It’s important for plant operations to have a plan in place to mitigate the risks of a cyber-related incident. The key work here is risk reduction, since there will never be a single “magic bullet” solution to stopping any and all unwelcome cyber infiltrations.
The concept of “defense-in-depth” is often discussed with working on a cybersecurity risk reduction strategy. Defense-in-depth provides for multiple layers of varying security protocols and tactics to make an unwanted infiltration harder to achieve.
It’s also important to note when developing a cybersecurity risk reduction strategy that not all cyber-incidents are from the outside. In many cases unwanted cyber-related incidents can come from within the walls of your own facility, be it either inadvertently, or on purpose.
When starting out with developing a cybersecurity risk reduction strategy, many look to the NIST Framework as guide. NIST, or the National Institute of Standards and Technology, has developed a framework for improving critical infrastructure cybersecurity. This framework serves as a reference document to help an organization think about the steps needed to reduce their cybersecurity risk level. The framework takes the five most common components of a cybersecurity plan, Identify, Protect, Detect, Respond and Recover, and organizes them to help drive consistency across all businesses. When just starting out, there is no need to reinvent the wheel, when an organization can look to the NIST Framework for best practices from industry.
To learn more about the NIST Framework, visit https://www.nist.gov/cyberframework.
Rockwell Automation’s Industrial Security Advisory Index
This Industrial Security Advisory Index is a publicly available resource that points to specific Rockwell Automation product security alerts, advisories and security recommendations. To stay informed, you can choose to subscribe to updates of the Industrial Security Advisory Index. As new disclosures are added, subscribers will receive a proactive notification. The index provides links to existing Knowledge Base articles that raise awareness of risks to affected product operation or performance and also supply relevant recommendations for how to reduce or removing such risks. a general knowledge base logon is required to access the index.
Additional Cybersecurity Resources
We maintain a page on this website that provides links to various ICS cybersecurity resources and product information. We provide convenient links to ISA, DHS and NIST cybersecurity resource websites.
Visit our cybersecurity resources page at https://trcnew.com/automation-solutions/cybersecurity/.