Tony Baker, Portfolio Manager, Security at Rockwell Automation, presented recommendations on best practices and actionable steps industrial companies can take with reference to network security and standards within the industry during PACK EXPO International 2018 at The Innovation Stage.
Learn how OEMs are preparing their organizations for a cyberattack and how they are mitigating risks: What Lies Beneath a Cybersecurity Breach
Baker said that many manufacturers have the mindset that they cannot afford for a cybersecurity incident to occur in their organization or with their equipment, and they take all necessary precautions to prevent them. However, these companies don’t have a plan in place if an attack were to happen, and that’s where a company opens themselves up to vulnerabilities.
“It’s important to not only think about what you are going to do before the attack, but it’s critical to know what you will do during and after,” Baker told PACK EXPO attendees. “Companies need to understand that measures need to be in place for during a cyber-attack and after because that is where you can drive down the cost of impact.”
Baker acknowledged that a number of factors stand in the way of a company being immune to cybersecurity incidents. The skills gap is one of those factors that not only affects an OEM’s ability to staff their workforce, but a lack of available staff also makes it difficult to expand operations to mitigate cyber risks. All manufacturers are vulnerable—whether they realize it or not. Security has consistently been an afterthought for OEMs, Baker said. Aging industrial control systems and protocols don’t stand a chance to the ever-evolving industrial security standards and technology, which often leave a lack of proper policies and procedures around cybersecurity. Add these potential vulnerabilities to the low adoption of risk management processes and lack of comprehensive assent inventory, and OEMs can easily and quickly become a target for a cyber hack.
“We need to expand how we view security and understand that it needs to be more pervasive,” Baker said. “When you look at the companies who are really successful with IT/OT convergence, they are the ones who sit down, have discussions, make a plan of attack, and actually carry it out across their organization.”
Learn more about how Rockwell Automation is helping its machine builder partners with cybersecurity: Industrial Security