1660238328261 Jimmontague0609

Cyber protection punch-list

July 12, 2021
Many basic cybersecurity tasks remain the same, but the list continues to grow—and must be reevaluated to meet each the need of each application, user and facility

Many end users, system integrators, managers, businesses and other organizations are familiar with their main cybersecurity responsibilities, procedures and chores. However, just as "eternal vigilance is the price of freedom" and "practice make perfect," they need to be continually reexamined and reapplied if a cybersecurity program is going to be effective and successful. As always, the basic steps include:

  • Design, apply and turn on more complex passwords; initiate other authentications for users and components, including two-factor capabilities; set email and messaging apps to block unfamiliar files formats or extensions; and implement and update anti-virus software.

  • Account for and evaluate all network, software and hardware connections at  production sites, overall organization and affiliates. Employ passive and active network search and discovery tools to find and shutdown unused or open ports or links.

  • Segregate on-the-floor and in-the-field devices and other operations technology (OT) networks from administrative, enterprise, corporate, Internet and other information technology (IT) networks with network gateways configured to serve as firewalls. Also, maintain firewall configurations, such as scanning compressed files, and upgrade packet-inspection functions when available.

  • Divide geographically distributed sites, production lines, workcells, equipment and other functional areas into sub-networks; prioritize them according to security and safety risk levels; and add firewalls and demilitarized zones (DMZ) between them.

  • Enable publish-only devices like data diodes or publish-subscribe protocols such as MQTT, which permit plant-floor devices or software to send data outwards, but don't permit incoming communications or software downloads.

  • Enlist an organization-wide group of staffers; gain management and enterprise-level support for a cybersecurity program; and cooperate with IT and OT to develop cybersecurity policies and procedures, such as staff education and practical software patching.

  • Teach, train, practice and refresh personnel on carrying out routine cybersecurity tasks. Repeat regularly, so good cybersecurity  hygiene and best practices become cultural norms.

  • Disallow mainstream software apps or functions from running in operational areas or the field. These auto play, file sharing or remote desktop services.

  • Allow only the most narrowly defined privileges and network access that users must have to do their jobs. These are determined by their titles, job descriptions, actual roles and tasks they're required to perform. Keep track of known and authorized users and applications, and block others.

  • Establish and maintain regularly scheduled network traffic evaluation and anomaly detection using IT-based software that can identify, isolate, reject and prevent unusual and unauthorized messages, communications and other activities that could be the precursors to cyber-probes, intrusions or attacks.

About the author: Jim Montague
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.