A Continuation of Cybersecurity Tips for Industrial Control Systems
Considering recent media coverage on cybersecurity breaches, CBT Specialists have been receiving several questions regarding how to update firmware on industrial controllers. The questions stem from recommendations reported by Homeland Security and Rockwell Automation on potential vulnerabilities. Let’s discuss the implementation of a cybersecurity program for ICS (Industrial Control Systems), when you should look at updating firmware, and why this is so important.
Firmware upgrades within ICS are not always the most straightforward and may not be allowed if the process is subject to any form of validation or regulation. Alternatively, there may be other forms of mitigation that can be evaluated.
As mentioned in our last cybersecurity tips post, the first step is to evaluate your current network and information systems. An audit of the ICS is recommended to get a baseline evaluation. Then the system is assessed for vulnerabilities to known threat attack vectors. This process involves investigating your current operating systems and PC hardware, network firewall rules, and ICS firmware revisions. There are many steps and tools for assessing the threat and the inventory, but let’s focus on the next step, which is equally as important.
Industrial information systems allow data to help support company and business objectives, but as with any exposed network, there can be potential cybersecurity risks. A proper risk evaluation must be conducted to identify and address potential exposures. Risk management allows the business to continue to meet goals and objectives and leads to more opportunities or uninterrupted operations. Additionally, risk management also allows for an important function – to determine if a risk is acceptable when comparing that with the benefit of minimizing or mitigating the risk. The biggest risk for manufacturing operations is potential downtime from network disruption, loss of data, or even loss of complete operating systems. Any vulnerability that could cause disruptions should be considered. Mitigation techniques must also be considered because the mitigation may be worse than the vulnerability. For example, going back to the PLC firmware, a vulnerability patch may be a firmware update. Updating firmware on a processor may unknowingly impact other operations or equipment in a process. It may be better to use other techniques to isolate the components or place other controls in front of them to avoid the vulnerability, rather than remove it completely.
This risk management process can be daunting and there are many components to consider. It may also be necessary to create or contract a dedicated resource to the ongoing risk management, cybersecurity, and industrial information system monitoring and continuous improvement activities. Fortunately, there are tools, techniques, and resources that can be used to help with this task and CBT is ready to help you on your cybersecurity journey. Sign up for our upcoming webinar covering all you need to know about ransomware and how to protect yourself against it.