Demilitarised zones join the battle against industrial cyber criminals targeting Australasia

June 2017 saw arguably history’s worst cyber security attack that impacted more than 2,300 organisations in 100 countries. The destructive malware NotPetya, resulted in losses of over US$10 billion.

It’s clear that NotPetya has had a profound influence on the behaviour of cyber threat actors and cyber security practitioners alike. In the aftermath of NotPetya, ransomware is still thriving within internal unmanaged networks that cannot patch or do not have the visibility to identify vulnerable computers.

Encouraged by the enormous benefits, organisations have increasingly implemented network connectivity. While there’s much to be gained, connections also mean taking on more vulnerabilities, cyber probes, possible intrusions, and potential attacks.

Establish demilitarised zones

At Automation Fair 2023 in Boston last November, Rockwell offered manufacturing and production leaders insights from technology experts and thought leaders who shared industry-focused solutions and digital transformation strategies. Cyber security and some of the innovative solutions developed by Rockwell formed a key element of the sessions.

Much of the equipment in many process applications is decades old and has flat networks, so we’ve spent a lot of time segmenting networks by using switches to establish demilitarised zones (DMZs).

A DMZ is an area within a network that controls communication, in this particular sense, between the corporate side of the business – the information technology (IT) side of business – and the operational technology (OT) side business – the industrial factory side of the business. DMZs provide a level of network segmentation that helps protect internal corporate networks. These subnetworks restrict remote access to internal servers and resources, making it difficult for attackers to access the internal network.

Partner network helps boost defences

VIEW ALL

Given the rising cyber threat levels, Rockwell has taken a proactive approach, partnering with specialist companies to protect its customers and mitigate these risks. In addition to Claroty – which assists organisations secure cyber physical systems in their environments with purpose-built cyber security technology – Rockwell partners with Microsoft, Cisco, Dragos, CrowdStrike and others to offer a portfolio of defences that its customers can use on their digital transformation journeys.

Companies consider following the five cyber security directives formulated by the National Institute of Standards and Technology (NIST), which are: identify assets, protect networks, detect attempted probes and intrusions, respond, and recover. Complementing the NIST directives are the ISA/IEC 62443 series of standards that define requirements and processes for implementing and maintaining electronically secure industrial automation and control systems.

Using both sets of directives as a guide, Rockwell Automation has developed the following holistic set of guidelines that bridge the gap between OT and IT as well as between process safety and cyber security:

• Segment networks into subnetworks to protect them and the devices in them.
• Identify and document assets.
• Prioritise vulnerabilities.
• Develop an incident response plan.
• Implement a real-time intrusion detection system.

Acquiring cyber houses

Over the past few years, Rockwell has been investing heavily in enhancing its cyber capabilities. We started by acquiring three cyber houses specifically to build out our capability. These include Oylo, a Spanish cyber security company, Israeli data security company Avnet Data Security, and US-based Verve Industrial Protection.

That brought into Rockwell many services, engineering capabilities, and the tooling and businesses that come with it. This knowledge is then disseminated across the teams globally. In the OT space, Rockwell is a leader globally, and we have heavily invested in cyber security.

Isolation is no defence

Bits and bytes are not hampered by borders or distance, and Australia’s relative geographic isolation does not make it less likely to fall victim to cyber attacks. Australia and New Zealand are known to be fast and aggressive adopters of new technologies and processes. Maybe it comes down to the fact that we are so remote that we get so used to doing things ourselves, we can’t wait for others to take the first step.

In the industrial environment, this trait can sometimes be a cause for concern. The rapid introduction of new technologies also creates a risk because attackers can exploit it before security solutions have been thoroughly built up. It is thus vital for companies in the region to invest adequately in developing comprehensive incident response plans.

Amid a growing climate of cyber security attacks, OT systems are under more pressure than ever before. The findings of a recent Rockwell Automation-Claroty survey of C-suite executives and heads of security confirm that many OT systems remain exposed. In the survey, 65 per cent of respondents detected at least one OT-related cyber security incident, with 20 percent reporting over 10 attacks in the previous year.

With attackers getting smarter and more devious, companies are well advised to ramp up their penetration testing, harden their networks and carry out tabletop exercises to test for vulnerabilities. John Chambers, former Cisco chairman, famously said: “There are two types of companies, those that have been hacked, and those who don’t know they have been hacked.”

Rod Beard is the cyber security lead for south Pacific at Rockwell Automation.