Cybersecurity staples bear repeating

Dec. 6, 2021
Many best practices for cybersecurity may be familiar, but continual reminders are needed to make them effective—and enable new ones to be added later
2021 cybersecurity update

This article is one in the 2021 cybersecurity update multi-part series. 

View the rest of the series here.

The basic steps in a successful cybersecurity program are often well-known and should be increasingly obvious, but frequent reminders make certain that essential tasks are performed, and that as many gaps as possible are closed, particularly as existing threats and potential attacks evolve and new ones emerge.

  • Investigate, audit, risk assess and relearn process applications, equipment, settings and facilities, and identify security vulnerabilities. 

  • Secure management and staff buy-in for cybersecurity program, and recruit system integrators, suppliers, clients and other partners to develop risk scenarios, responses and a united cybersecurity front.    

  • Comply with common cybersecurity recommendations, such as the ISA/IEC 62443 series of standards and the National Institute of Standards and Technology's Guide to Industrial Control Systems  Security.

  • Replace default passwords, and replace existing passwords every two or three months with longer versions (12-16  characters) that are harder to solve. Don't allow shared passwords, demand a unique authentication for each user, and employ two-factor authentication. 

  • Limit internal and offsite access to authorized users only based on the data, processes and network areas that staff, contractors and suppliers need to complete their tasks. Don't allow guest accounts, which often use default passwords, and limit login attempts.

  • Isolate production devices, operating processes and functionally defined sub-networks with Ethernet gateways employed as firewalls from higher-level, IT-based and enterprise networks. Configure firewalls with access-control lists that define rules for who is allowed access and what information they can release.

  • Implement read-only functions in components, so equipment and processes can only deliver outgoing information, and prevent any inward bound requests or orders. MQTT or AMQP publish-subscribe protocols or data diode devices can perform these tasks;

  • Install, maintain and refresh patching procedures from software vendors and other organizations, even if some isolation time is required before implementing them;

  • Instruct in-house personnel and external contractors, clients and other partners how to practice good cybersecurity hygiene and follow common cybersecurity procedures. Foster an overall cybersecurity culture by also developing relationships and a common language between OT and IT personnel. 

  • Set up routine network traffic examinations using a cloud-level service or similar IT-style software, which can find, stop and mitigate cyber-probes and attacks.

  • Routinely reevaluate and revise existing cybersecurity procedures to address new vulnerabilities and counter evolving cyber-threats.    

About the author: Jim Montague
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...