Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
Table of Contents
Complexity as an Excuse:
When it comes to Operational Technology (OT) and Industrial Control Systems (ICS), the landscape is complex - no question. But here’s the harsh truth: complexity should never be an excuse for insecurity. With more OT systems getting connected and exposed, cybercriminals are lurking, waiting to exploit any vulnerabilities.
It’s often argued that there’s engineering involved, physical processes, health and safety issues, needs more budget, tools, resources and specialised skills, without these, you can’t start an OT Cybersecurity program for a secure your OT/ICS network operations.
It’s time to stop the excuses and start protecting the heart of your industrial operations. Let’s talk solutions.
Special Message:
Before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks!
Securing Things Academy:
IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.
Checkout a brief overview below:
Complexity is NOT a Free Pass
Ok, we all get it - managing OT/ICS environments can be / feel overwhelming. From legacy systems to incompatible protocols, it’s a lot. But attackers thrive in complexity. Failing to secure these systems isn’t just risky; it’s business-critical.
🚨 What’s at Risk? 🚨
Production Downtime: a breach can halt operations for days. (btw, an non-cyber incident can cause the same impact/consequence).
Safety Incidents: Compromised control systems can lead to unsafe working conditions.
Reputation Damage: A cyberattack on your OT/ICS systems can damage customer trust, costing you much more than money.
In the following sections we’ll cover:
👉 Key Concepts = Industry 3.0 & 4.0, Diff b/w 3.0 vs. 4.0, IIOT, Digital Transformation, UNS.
👉 Global survey insights vs. real-world ransomware incident vs. real world case study of a global business operations (I was engaged with).
👉 Start OT/ICS Cybersecurity Journey = how do you start the journey & what to expect?
👉 Elevate your OT/ICS Cybersecurity Posture = focus on few example quick wins to kick-start program.
Join Securing Things Newsletter
Key Concepts
As manufacturing is continuously evolving with new innovative technologies, understanding the distinction between Industry 3.0, Industry 4.0, IIoT, and OT becomes critical for both digital transformation and cybersecurity. These technological advancements are not only reshaping industrial processes, but also fundamentally transforming business models.
Industry 3.0 = focused on automation and digitization of production processes, leveraging computers, Programmable Logic Controllers (PLCs), and robotics. Manufacturing shifted from manual processes to using electronics and IT to automate production.
Industry 4.0 = Marked by the integration of cyber-physical systems (CPS), IoT, AI, and cloud computing, enabling “smart” and interconnected manufacturing processes. A modern "smart factory" uses connected machinery, real-time data analysis, and automated supply chain management systems to optimize production flows. Two most example protocols used are MQTT (a lightweight messaging protocol for IIOT devices) and OPC UA (a key standard for industrial communication).
Difference b/w 3.0 & 4.0 = The leap from isolated automation to fully interconnected, data-driven ecosystems. Focus on integrating IT and OT, leading to new challenges in cybersecurity, including threats that target both digital systems and physical processes.
IIOT (Industrial IOT) = IIoT is a key enabler of Industry 4.0, connecting industrial devices and systems to the internet to collect, exchange, and analyze data in real time. Enables predictive maintenance, real-time monitoring, and process optimization. Provides operational efficiency, by process improvements and reduction of downtime through data-driven insights.
Digital Transformation = integration of digital technologies into business operations, fundamentally changing how organizations operate and deliver value to customers. Both digital transformation and cybersecurity strategies aim for resilience and adaptability in a rapidly changing environment.
UNS (Unified Name Space) = "single source of truth" for data across all nodes / systems in a factory. It enables real-time communication between OT and IT systems, helping to break down data silos. Facilitates real-time data exchange: by seamless integration of data from production lines to enterprise-level systems and improved decision-making with unified access to data enhances analytics and insights. UNS challenges the traditional Purdue Model by all nodes across the automation stack connected to a central name space, creating new challenges in securing both IT and OT environments. Cybersecurity must now cover broader attack surfaces and integrate across more layers of the architecture.
Security Considerations: Expanding the attack surface with connected devices across all layers of automation stack or across the Purdue levels, makes it crucial to integrate cybersecurity controls at every layer.
Surveys vs. Real-World Incident vs. Case Study
A typical manufacturer that is planning to and or going through a digital transformation journey, have a high risk exposure as outlined in the table below:
Industry Surveys | A Real-World Incident | A Real-World Case Study |
|---|---|---|
Ransomware – Top Threat. Causing downtime & financial damage. | A black basta ransomware attack on a global manufacturer. | Current State = Critical Risk |
No mature IT Security Program. | Yes | Yes |
almost all attacks compromise IT networks initially. | Yes | Had malware outbreaks. Unusual activities on network. |
flat networks on IT & OT (in few cases a firewall in between with VLANs). | Yes, No firewall in between IT, Factory & Automation Network (only diff subnets and routing devices). | Yes, a firewall in between with simple port based VLANs (with potential mis-configs). |
Lack of assigned OT security ownership. | Yes, No one owns. OT assumes its IT. IT assumes its OT/production. | Yes. No one owns. Everyone assumes its the other responsible. |
Many still lack OT security program / governance. | None existing | None existing |
Lack of OT/ICS Asset & Traffic Visibility. | No asset / traffic visibility solution, process and or document. | No asset / traffic visibility solution, process and or document |
Multiple insecure & non-standards methods of remote access. | Vendor provided. User approved. Lack of hardening / controls. | 3 types of RA connections: - Employee - Contractors - System Integrators each with different solution. |
Legacy OT/ICS assets with vulnerabilities. | 15% or > EOL assets. | Almost >45% of windows assets with EOL (layer 3+2). |
Lack of integrated cybersecurity monitoring. | No central monitoring & correlation between IT & OT. | No log collection and consolidation, no internal SOC and or MSSP for log monitoring & correlation. |
Absence of an Incident Response Plan/Procedures. | No defined / document and tested IR plan / procedure for OT. | No defined / document and tested IR plan / procedure for OT. |
Given above, the only likely suggestion for asset owner is to consider current state as “assume compromised” and work towards fixing the immediate bleed and then long term health treatment plan.
This results in 🚨manufacturers, struggling to protect IT & OT systems🚨
If you are CISO / CIO / CTO / CDO / Security Director for a manufacturer or industrial org. - responsible for building, executing and managing an IT & OT/ICS Cybersecurity Program? but:
-> not sure where to start?
-> are new to this responsibility?
-> revisiting program maturity?
-> want integrated IT & OT/ICS strategy?
-> don’t have policy/security requirements?
-> digital transformation initiated? or have recently going through one?
-> lack skilled resources in your IT/OT security team?
-> wants to skill team up?
-> want an independent view / second opinion on your teams / consultant’s recommendations?
-> and more...
and if you answer Yes to any question above - it means you need help with:
➡ your IT & OT/ICS Cybersecurity & Resilience Transformation Program ❇
Start OT/ICS Cybersecurity Journey
🚀 Unlock Your Manufacturing Potential: Start Your Cybersecurity Journey Today! 🔒
✅ Understand the manufacturing lifecycle (from selling goods, receiving raw material from back door, finished goods out the front door, shipping and billing).
🔧 Take first step towards a secure Future! don’t let cybersecurity concerns hold you back.
🌟 Perform Rapid Cybersecurity Discovery/Review Assessment! 🌟
✅ start with Identifying/discovering business inventory, vulnerabilities and risks across the automation stack
✅ Pinpoint crown jewel assets, and potential vulnerabilities
✅ Identify quick wins - across people | process | technology
✅ Build and executes a plan that fits your reality.
A typical OT/ICS cybersecurity starts with having significant gaps & missing Security Program - below is an example list (but not limited to):
Windows machine on layer 3 and layer 2 or 1, can reach internet.
Ever growing # of Remote Access methods, solutions & their vulnerabilities
No endpoint protection (AV/EDR, Whitelisting, USB controls etc.)\
Shared Passwords between IT & OT systems
100’s of dormant accounts / outdated passwords
Passwords are standard and are never rotated
Servers has extra NICS enabled
Dual homed PCs/Workstations
HMI’s/EWS are almost never securely deployed
OEM application server isn’t patched
Devices invisible on backplane
Misconfigured firewalls / switches.
NAT Routers are not updated
Unauthorized Wi-Fi Access Point.
Many more.
Elevate your OT/ICS Cybersecurity Posture
Elevate your current OT/ICS Cybersecurity posture by focusing on quick wins, e.g.,:
Restrict direct access (outbound) from plant machines to internet (block all).
Limit browsing capabilities from OT hosts and use an updated AV.
Change all defaults & remove unwanted software, tools, services, user accounts.
Disable auto-play on USB drives, and only allow clean and authorised USB devices.
Limit wireless connectivity between OT & wireless LAN with firewall restrictions.
Do not connect / allow personal devices to be connected to plant equipment.
Implement IT and OT segmentation using a next gen firewall (ideally with a DMZ).
Limit external contractors to connect their devices to production/OT network.
Align and follow strict change management before implementing anything.
Only allow secure methods for remote access (MFA, session recording etc.)
Provide OT and industrial IT users with appropriate OT security awareness training.
And more..
What would you add more for quick wins? type in comments below. Remember this is not a full roadmap.
Next, move on to the strategic and tactical initiatives on the roadmap. Mature over time.
Start fast, efficient, and it doesn't need to break the bank.
Get ahead of cyber threats without the headache!
Empower your manufacturing operation with the knowledge and tools to protect against threats.
👉 If you need any help DM or contact us (info[@]securingthings[dot].com to schedule your Rapid Assessment and secure your manufacturing future without disrupting the production operations.
My Recent Most Viewed Social Posts:
In case you’ve missed - here are some of my recent most viewed social posts.
Ready for Transformation? - IT & OT/ICS CySEAT training on Securing Things Academy - join the wait-list.
Getting OT/ICS visibility for industrial, data centre or smart buildings environments. Note: Do checkout the pdf guide on the process & the offer.
IT & OT Security Dozen framework for building, executing & managing a Cybersecurity & Resilience Transformation Program. Note: Do checkout the pdf guide on the process & the offer.
My Top IT, OT/ICS, & AI Cybersecurity Newsletters - You Can’t go Without! - a newsletter about my top cybersecurity newsletters. Note: Do checkout the pdf to download. Apparently this was a viral post, accumulating to more than 12K+ views (9.5K+ on this & rest on company LinkedIn page).
CIOs / CTOs / CxOs Guide to IT & OT/ICS Cyber Resilience Strategy & transformation Program - outlines an example process and approach to take.
CISO’s Guide to AI - 12 Steps, CISOs should take to address AI related cybersecurity risks.
Defending OT with ATT&CK - provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments.
Getting started in IT & OT Cybersecurity - a blueprint / framework to 2x / 5x / 10x your cybersecurity career. Links in comments of the above post.
Securing Things Academy:
IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.
Checkout a brief overview below:
Ways in which I can help?
Whenever you are ready - I can help you with:
A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.
B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program subscription based service.
C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.
Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.
D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.
Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.
How are we doing?
I invite you as part of #SecuringThings community to share your feedback.
Rate the newsletter content
Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society.
Let us know how we can improve this and or what you’d like to see in future?
Thank you for your trust and continued support.
Do register, validate your email, and request login link to submit poll to be able to enter a chance to win a future course giveaway.
Thanks for reading - until the next edition!
It’s a Great Day to Start Securing Things for a Smart & Safer Society.
Take care and Best Regards,
M. Yousuf Faisal. (Advice | Consult Cyber & business leaders in their journey on Securing Things (IT, OT/ICS, IIOT, digital transformation, Industry 4.0, & AI) & share everything I learn on this Newsletter | and upcoming Academy).
