Protecting your IT and OT networks before, during and after a cyberattack not only helps saves systems and equipment, but also reduces and prevents costly downtime.
By Dave Mayer, product manager, Rockwell Automation
The value of cybersecurity can be a difficult topic to navigate for operations and IT security professionals. The perspective that cybersecurity is “just a cost” is common among corporate decision-makers that hold budgetary purse strings — but are they aware of its greater operational worth?
Cybersecurity events — attempts to gain unauthorized access to or disrupt electronic systems and the information they store — are a growing threat. And no company is immune. That’s why having the right systems in place to help prevent and mitigate cybersecurity events is so important.
Decision-makers consider the security policies, procedures and controls that need to be in place throughout the continuum of a cybersecurity event — before, during and after. The visibility of and ability to monitor network changes during each of those stages not only provide great value from a cybersecurity perspective, but also contribute to the overall health of an organization’s operations.
The right cybersecurity policies put comprehensive protections in place for an industrial firm’s valuable assets before, during and after an event, or attempted event. Take a closer look at best practices pertaining to each stage.
1. Before an Event
Build a robust asset inventory of both information technology (IT) and operational technology (OT) assets. With deeper understanding of both connected and disconnected assets, you can more readily characterize security risk within your environment.
An added benefit to this step is an updated asset inventory. This can be used to help you minimize lifecycle risk by storing an appropriate amount of spares onsite, staying ahead of end-of-life dates, and proactively maintaining your critical assets.
2. During an Event
The ability to detect when an event is taking place requires a level of visibility into your operations that, until recently, was hard if not impossible to achieve. Various security technologies and controls can provide continuous monitoring and detection for increased visibility into normal day-to-day operations. Any event that deviates would signal an alert.
Deploying the cybersecurity toolsets appropriate for your needs provides a higher level of operations visibility, with the added benefit of establishing a baseline for “normal” operations. This visibility is provided by alerts when anomalous events, such as an incorrect maintenance task, are taking place.
3. After an Event
With correct response and recovery programs in place, such as backup and disaster recovery procedures for applications and data, organizations can become programmatic about responding to anomalous events. If the appropriate policies and procedures are put in place to respond effectively to a cybersecurity event, operations are able to return more quickly to normal production.
Are Your Methods Enough?
For decision makers, the journey to secure connections first requires understanding whether your current cybersecurity capabilities adequately help protect your operations from the many threats that exist.
Your cybersecurity systems should provide comprehensive support before, during and after an event — detecting when an event is taking place, sending alerts immediately and effectively responding.
It may be worth the investment in peace of mind alone, but can translate to cost savings in real ways. The ability to recover quickly from cyber events, whether malicious or incidental, with appropriate response/recovery procedures and technology in place can translate directly into reduced downtime, resulting in greater productivity.
For example, the ability to restore an application because back-ups and procedures were already in place minimizes timely activities to manually restore the application.
Finding operational value in cybersecurity initiatives is not hard to do — and there are plenty of ways to be proactive about your cybersecurity. As we’ve learned, the true value of comprehensive cybersecurity is not only in the range of protection provided for systems and equipment, but also in the reduction and prevention of costly downtime.
The Journal From Rockwell Automation and Our PartnerNetwork? is published by Putman Media, Inc.