Moxa - Security basics - Part 2
Concrete steps for more security
Cybersecurity often seems like the indomitable Hydra, which is constantly growing new heads as soon as one has been cut off. But with a practical guide, it can be defeated and the security of the company network can be significantly strengthened.
[Part 2 of the article series "Basic Security" lists concrete steps for more security in industrial automation.
Threat Modeling
The first step towards a stable cybersecurity framework is to gain a detailed overview of the existing network and identify the potential attack surfaces. To do this, it is advisable to catalog critical assets, including all machines, systems and areas where intellectual property and confidential information is stored. This is followed by a well-founded assessment of the direct and indirect consequences of potential threats. This allows a response strategy to be defined that reduces immediate risks and prevents long-term consequences. The risks associated with each identified threat can be divided into different categories. Possible responses are considered for each threat:
- Acceptance: Some risks can be considered acceptable. Thresholds should then be used to determine the point up to which the risk is tolerable and monitoring is sufficient.
- Mitigation: A strategy to reduce the likelihood or impact of potential threats may include the implementation of security measures, protocols and redundancies.
- Elimination: Structural changes to the network, the integration of advanced security technologies and the removal of vulnerable components help to eliminate risks from the outset.
Directives, laws and standards
Compliance with EU directives, national laws and industry-specific cybersecurity standards is a must. By keeping up to date with regulations and guidelines, companies not only fulfill their legal obligations, but also increase their own security. On this basis, it is also important to define governance rules. These should include the policies, procedures and protocols that govern the day-to-day operation of industrial automation. Effective cybersecurity governance includes a solid risk assessment, ongoing identification of cybersecurity risks and up-to-date guidelines that are based on industry standards. Integral components of this are access controls, defined responses to incidents and employee awareness and training. Once the governance rules are in place, they must be continuously monitored and regular security checks and assessments must be carried out. This is the only way to identify and rectify new weaknesses.
Building a resilient network
The fundamental step to a secure industrial automation network is to carefully assess the security requirements for each segment. Segmentation involves dividing the network into separate zones to control traffic, improve security and mitigate potential attacks. Each segment can have its own security policies and access controls to increase security and minimize the risk of threats. This allows for a targeted security strategy that focuses on specific parts of the network while improving the overall security of the system.
When evaluating each segment, the company's critical assets and confidential information must be taken into account, potential vulnerabilities identified and the possible impact of security breaches on the individual segments assessed. This allows each segment to be assigned a security level based on the potential likelihood and potential impact of a successful attack. This allows resources to be allocated effectively and protection to be prioritized where it is most urgently needed. On this basis, a plan for a secure network model can be created step by step.
Figure 1: Simple security hygiene measures: regular software updates, password management and basic access controls.
© MoxaTo get started, it is advisable to begin with simple hygiene measures(Fig. 1). These include regular software updates, password management and basic access controls, such as restricting access to certain resources to individual MAC addresses.
More sophisticated solutions follow in the next step. According to the defense-in-depth principle, several layers of security measures can be combined to create a multi-layered defense strategy (see image on the left). A combination of firewalls, intrusion detection systems and encryption is suitable for this. By separating the floor plan from the corporate network with a DMZ (demilitarized zone), a buffer network, direct communication between the corporate and floor network is prevented and access is controlled with firewalls.
In addition, the isolation of critical segments is a crucial aspect in minimizing the movement and thus the spread of threats within the network (Fig. 2).
minimized(Figure 2). To this end, the number of access points and the number of neighboring networks that can communicate with the most secure segments is kept to a minimum. This maintains the integrity of the entire network, even if one area is compromised. In addition, authorization mechanisms should be adapted to the functional roles to ensure that people only have access to resources that are really necessary for their tasks. It is advisable to separate administrative roles from other functions and thus strictly limit access to critical configurations and sensitive information.
Promoting safety awareness
In addition to technical measures, the human factor is crucial. Teams must be equipped with the necessary resources to master the intricacies of different types of attack. This starts with creating checklists and step-by-step procedures that act as practical guides to each type of attack. These materials should be simple and practical, and complex security measures should be broken down into actionable steps. This will enable cybersecurity specialists to empower other teams to respond effectively to threats.
In order to anchor cybersecurity awareness in the minds of employees, regular training programs are needed that cover theoretical aspects as well as practical exercises on real-life scenarios.
|
Also read parts 1 and 2 of the article series "Cybersecurity basics": |
|---|
Corporate culture is also an important pillar for security awareness: an environment in which team members can report security concerns without fear of reprisals is crucial. Assigning blame for security incidents is counterproductive. Instead, the focus should be on understanding the causes and taking corrective action. Praise is also an effective way to encourage positive behavior. Recognizing vigilance and responsiveness encourages employees to actively contribute to the safety of the company.
Security in the ecosystem
A solid security strategy also takes all of the company's partners into account. This starts with formulating clear rules. Authentication should be one of the non-negotiable aspects of security, as it is proof of the legitimacy of interactions within the industrial ecosystem. Authentication protocols must, of course, comply with industry standards and regulations. In addition, partner assessments, audits and security practices should be continuously reviewed by experts.
Under the motto "Together we are stronger", an active exchange of threat intelligence and best practices is also recommended to ensure that security measures reinforce each other.
Network monitoring
The first step in network monitoring is to gain a comprehensive understanding of the activities within the industrial ecosystem. With the help of modern tools and technologies, network traffic, device interactions and communication patterns can be monitored in real time. This allows anomalies, potential vulnerabilities and unauthorized access to be detected. Monitoring security breaches requires robust intrusion detection systems, log analysis and actively searching for signs of unauthorized access, malware or other security breaches. This is where the aforementioned culture of encouraging employees to report security incidents comes into play.
Every security incident should be meticulously documented, even (seemingly) minor incidents. It is helpful to develop a standardized process for recording the details of the incident, the measures taken and the lessons learned. Such documentation not only ensures compliance with regulations, for example during audits, official inspections or internal reviews, but also provides valuable insights for the continuous improvement of cybersecurity.
Continuous improvement
Cybersecurity is a never-ending task. With defined processes for continuous improvement, companies create the conditions for a continuous improvement cycle. This should include the regular review and refinement of security protocols, incident response procedures and monitoring mechanisms. The evaluation should involve team members from different departments and hierarchical levels and suggestions should be considered without reservation. Training programs, awareness campaigns and collaboration frameworks should also be part of continuous improvement. At the same time, the threat landscape is constantly changing. Active participation in threat intelligence networks and industry forums as well as continuous training help to be prepared for evolving threats.
You might also be interested in
The e-paper for the special issue
Safety & Security 2024
What needs to be considered when implementing the new MVO by January 2027? How do safety and security interact? And how do you develop a suitable cybersecurity strategy? You can find answers to these questions, among others, in our special issue on...
read more...Moxa - Cybersecurity Basics - Part 1
The Fundamentals of Cybersecurity
Cybersecurity is a bare necessity that much is clear. What is less clear, however, are the basic principles that form the foundation of a strong and effective cybersecurity strategy. If they are missing, the entire concept is rickety.
read more...New Vice President of Global Partner Ecosystem appointed
Effective immediately, John Ryan is the new Vice President of Global Partner Ecosystem at Claroty, a specialist in the security of cyber-physical systems (CPS).
read more...Increasing cyberattacks on the manufacturing sector
A report from Check Point Exposure Management on the threat landscape in the manufacturing industry shows a dramatic increase in ransomware, supply chain attacks and OT-related cyber incidents. As smart factories and connected supply chains become...
read more...Cybersecurity is a top priority for car manufacturers
The latest "Automotive Manufacturing Outlook Survey" from ABB Robotics shows that cyber security has become the most important focus for automotive manufacturers around the world. This indicates a clear change in the perception of digital risks.
read more...Cloud security often inadequate
According to Red Hat's "State of Cloud-native Security" Report 2026, 97% of the companies surveyed with hybrid cloud environments reported security incidents within a year. This is based on data from around 600 IT specialists.
read more...CRA guide for Powerlink checked
TÜV Rheinland has audited the "CRA Guide for Powerlink" from B&R. The guide is one of the first independently audited technical documentations for the implementation of the EU Cyber Resilience Act in automation.
read more...Dragos expands collaboration with Microsoft
Dragos, a global provider of cyber security for OT environments, is expanding its collaboration with Microsoft. The aim is to support companies in modernizing and securing their cyber-physical operating processes.
read more...All for One acquires stake in BrightFlare
All for One acquires a minority stake of 25.1% in the Austrian company BrightFlare. BrightFlare is a cybersecurity services provider for the protection of industrial plants and critical infrastructures.
read more...