When you think of cybersecurity, what comes to mind?
Nine times out of 10 you’re more likely to think of IT, like conventional computers or
laptops.
Maybe you’ll think of something like firewalls or debugging software.
Or you might cast your mind back to those scenes in blockbuster movies, where the
“hackers” type for approximately 2.1938 seconds and then proclaim those famous words:
“I’m in.”
But this fictionalized take on cybersecurity is in fact doing more harm than good.
For example, far fewer people think of operational technology (OT) cybersecurity – or at
least they don’t think the right things about it.
Cybersecurity for OT is vital for protecting industrial systems, especially those in discrete
manufacturing. But this fact is clouded all too often by some common myths and
misconceptions.
In this blog post, we’ll take a look at the 10 most common myths we’ve heard about OT
cybersecurity for discrete manufacturing, and debunk them to help you implement OT
cybersecurity into your discrete manufacturing processes more effectively.
Not true! It would be nice if all OT systems were 100% secure by default; unfortunately,
that’s just not the case.
That’s because OT systems often have outdated legacy components, and were often
designed with reliability and functionality in mind, rather than security.
This means older OT systems can lack the modern security features and updates that you
need, leaving the legacy equipment more vulnerable to cyber threats.
To keep your discrete manufacturing fully protected, you need to make sure that you’re
always implementing new cybersecurity measures in your OT systems – especially in older
systems.
Sadly, OT systems isolated from external networks – or air-gapped OT systems – can still
be compromised. Cyberattacks can come from multiple different sources, whether it’s
through physical access or USB devices.
And in cases like Stuxnet, the first known cyberweapon, more advanced threats are now
able to jump across air gaps and cause untold havoc.
So, while limiting external connectivity is generally considered good practice, it might not
be good enough on its own.
As a result, it’s crucial to protect against internal threats and USB-based attacks as well
with a comprehensive security approach.
We come across this particular myth very often. In fact, OT discrete manufacturing
systems are becoming increasingly targeted for supply chain disruption, industrial
espionage, extortion, or intellectual property theft.
As a result, attacks on critical infrastructure can have severe consequences.
With this in mind, discrete manufacturing companies need to carefully plan and implement
OT cybersecurity measures that will prioritize security, without compromising operational
efficiency or resulting in production disruptions.
The key takeaway here, though, is that this is the most dangerous myth you can believe. No
matter what the industry, cyberattacks will always be a danger.
4. “Firewalls are sufficient protection for OT networks.”
Firewalls are vital, but they’re not foolproof. No one firewall can address every single threat
you might encounter in discrete manufacturing, especially the threats that exploit
vulnerabilities within the network or which are introduced through social engineering.
Industrial automation protocols don’t necessarily cover all of these bases either. They’re
designed for efficiency, but lack the built-in security features you need.
The trick to safeguarding your protocols is to encrypt communication and ensure you have
secure configurations across your entire OT system – without over-relying on one firewall.
5. “Security in OT is solely an IT responsibility.”
This is another common misconception that we often hear from our clients.
In reality, OT security needs collaboration between both IT and OT teams to ensure that
security measures span across all facets of the company.
This is especially crucial for discrete manufacturing, as this joint effort will make sure that
companies will consider both the business and operational perspectives when they
implement cybersecurity measures.
And with both IT and OT teams being thoroughly versed in the unique aspects of industrial
systems, it’ll be even more important for them to work together to implement effective
protection.
6. “OT systems don't need regular updates and patches.”
The exact opposite is true – regular updates and patches are critical for closing
vulnerabilities.
But the challenge here lies in implementing updates without disrupting crucial industrial
processes. So it’s vital to plan carefully to prevent any interruptions from happening and
keep discrete manufacturing processes running smoothly.
Not to mention zero-day vulnerabilities – or vulnerabilities that you might not be aware of
– are always a big concern, and one that hackers will use to their advantage.
So it’s essential to have regular patching and updates within your OT systems.
That way, you’re more likely to cover both your known vulnerabilities and prepare your OT
systems against cyberattacks from unknown vulnerabilities that may surface in the future.
7. “Security through obscurity is a viable strategy.”
This might have worked in the past, but this certainly isn’t a future-proof way to approach
your OT cybersecurity in the discrete manufacturing world.
Relying on the secrecy of system details as a security measure isn’t effective, and isn’t a
substitute for robust security practices and measures.
8. “OT systems are too different for standard cybersecurity practices to apply.”
Another common myth we hear is that discrete manufacturing equipment and OT systems
are so unique and so specialized that standard cybersecurity measures don’t apply to them.
And once again, this couldn’t be further from the truth.
Of course, discrete manufacturing equipment and OT systems might be very tailored to
their specific requirements or tasks throughout the process. But that doesn’t mean they
can’t have proper cybersecurity in place.
In fact, many cybersecurity best practices from the IT domain can still apply. While you
might need to customize your cybersecurity for OT systems, the necessary basics still
apply – everything including network segmentation, access controls, and regular updates.
9. “Incident response is not essential for OT environments.”
What’s a surefire way to let a cyberattack on industrial processes get out of hand?
Not having incident response to quickly detect and respond to a threat.
So having incident response is crucial in OT environments, because the quicker your
system can identify and react to a threat, the less damage a cyberattack can cause.
Cybersecurity is an ongoing process that requires continuous monitoring, updates, and
adaptation to evolving threats.
So implementing cybersecurity won’t be enough to maintain a secure OT environment if
you only do it once.
In fact, cybersecurity in discrete manufacturing means you’re not only taking preventive
measures but also implementing robust incident response and recovery plans to minimize
downtime and avoid costly production disruptions.
And as cybersecurity threats continue to evolve, new vulnerabilities will emerge. So
continuous monitoring, regular updates, and routine assessments will help you adapt to
these changing cybersecurity risks.
In short, your cybersecurity strategy should be tailored to the specific needs and
challenges of discrete manufacturing environments. Regular training, risk assessments, and
staying informed about emerging threats are essential components of a robust
cybersecurity approach.
By debunking these common myths, you can develop effective strategies to better secure
your discrete manufacturing company’s operational technology and critical infrastructure.
Ready to find out how SCADAfence can help with your discrete manufacturing
cybersecurity?