Dec 7, 2021

In the recent Computer Security Day, cyber security experts have been sharing a humongous number of resources and cyber security tips. Be it for consumers or industries, all of them proved that it is an important subject of awareness. Here, let’s touch on several tips that can help you assess the security of your operations.

 

1.    Tracking, Tracking, Tracking

Implementing new and edge-cutting technologies is an exciting adventure and helps boost productivity. But is it recorded? Do you know what is the oldest device your operations is using? Which one of your trusted software is no longer supported by its vendor?

Take a quick check of your inventory and see if those questions are answered.  If you’re just starting the operations and not sure what you need to track, you can start by checking out the CIS Hardware and Software Asset Tracking Spreadsheet and see what information about your assets can be tracked.

2.    When Is the Last Time It’s Updated?

Now you’ve had your tracking system on track (pun intended), how frequent should you visit it?  Well, how long does your software is supported? Most software can have a kind of “expiry date”, which can be recognized with the word long-term-support (LTS). For your machines, how long does the warranty hold, including firmware support by the vendors?

The best time would be whenever any significant or mass changes had been done. Else, it could be done quarterly or yearly. Having a routine check keeps your operations up to date. It doesn’t hurt to be prepared for an audit when you have a good maintenance routine.

3.    Can I Access Them Without Privileges?

Machines may not be the only things you need to worry about. Imagine what happens if someone can have administrative privileges and alter the instructions of the machines. It can suddenly malfunction and cause accidents during your operations. You’ll need to replace the defective machine, compensate hospital bills, pay lawsuits, or even lose important people in your organization. All because it’s too inconvenient to change the machine access login from the default “username: admin, password: admin”. 

Ask around your staff how they access the machines during operations. Do they share login details, or write it down somewhere open? Or do they have proper authentication methods, such as access cards, biometrics, or multi-factor authentication?

4.    What’s In My Network?

You get it. It’s the era of smart manufacturing. Everything is connected. However, it doesn’t mean everything should be accessible to everyone. Would it make sense if a receptionist’s laptop is within the same network as your IoT printing machinery? Or the marketing team, who will be the most responsive with emails and external websites, making them susceptible to malware attacks, to also have access to the operational machinery network?

Check with your IT, security or network administrative team if network segmentation had been done. Most importantly, ensure that your IT and OT network is separated. The smaller the segments, the better. It is easier to isolate 3 possibly infected devices under one subnet than to shut down the whole range of connected machines in the operations.  An added bonus: this also improves operational performance as it reduces network congestion.

These are only the tip of the iceberg and can be considered as a foundation. For more in-depth security assessment, you can refer to the CIS controls and benchmarks to see how your operations security fares with the standards. Should you want to go a step further, get a hold of a reputable industrial cyber security consultation to get a more comprehensive assessment.