Moxa - Cybersecurity Basics - Part 2
Specific steps for more security in industrial automation
Cybersecurity often seems like the invincible Hydra, constantly growing new heads as soon as one has been cut off. However, with practical guidelines, you can defeat it and significantly strengthen the security of the company network.
[German] Part 2 of the article series "Cybersecurtiy Basics" lists concrete steps for more security in industrial automation.
Threat Modeling
The first step towards a stable cybersecurity framework is gaining a detailed overview of the existing network and identifying the potential vulnerabilities. To do this, it is advisable to catalogue critical assets, including all machines, systems, and areas in which intellectual property and/or confidential information is saved.
This is followed by a thorough assessment of the direct and indirect consequences of potential threats, allowing you to define a response strategy that reduces immediate risks and prevents long-term consequences. To this end, the risks associated with each identified threat are categorized. Possible responses are considered for each threat:
- Acceptance: some risks may be considered acceptable; thresholds are then used to determine the point up to which the risk is tolerable and monitoring is sufficient.
- Damage containment: a strategy to reduce the likelihood or impact of potential threats may include implementing security measures, protocols, and redundancies.
- Elimination: structural changes to the network, the integration of advanced security technologies and the removal of vulnerable components help eliminate risks from the start.
Directives, laws, and standards
Compliance with EU directives, national laws and industry-specific cybersecurity standards is a must. However, by keeping up to date with regulations and guidelines, companies not only fulfill their legal obligations, but also increase their own security.
On this basis, it is also important to define governance rules. These should include the policies, procedures and protocols that govern day-to-day operations of industrial automation. Effective cybersecurity governance includes solid risk assessment, ongoing identification of cybersecurity risks and up-to-date guidelines based on industry standards. Integral components include access controls, defined responses to incidents, and the sensitization and training of employees.
Once the governance rules are in place, it is important to monitor them continuously and carry out regular security checks and assessments. This is the only way to identify and resolve new vulnerabilities.
Setting up a resilient network
The fundamental step to a secure industrial automation network is to carefully assess the security requirements for each segment. Segmentation involves dividing the network into separate segments or zones to control traffic, improve security and mitigate potential attacks. Each segment can have its own security policies and access controls to increase security and minimize the risk of threats. This allows for a targeted security strategy focusing on specific parts of the network while improving overall system security.
When assessing each segment, consider the organization's critical assets and confidential information, identify potential vulnerabilities, and assess the potential impact of security breaches on each segment. That way, each segment can be assigned a security level based on the probability and possible impact of a successful attack. Resources can thus be allocated effectively and protection prioritized where it is most urgently needed. On this basis, a plan for a secure network model can be created step by step.
Simple security hygiene measures: regular software updates, password management and basic access controls.
© MoxaTo start with, it is advisable to begin with simple hygiene measures. These include regular software updates, password management, and basic access controls, e.g. restricting the use of certain resources to individual MAC addresses.
The next step will show solutions that are more sophisticated. According to the defense-in-depth principle, several layers of security measures can be combined to create a multi-layered defense strategy. A mix of firewalls, intrusion detection systems, and encryption is recommended.
By separating the floor plan from the corporate network with a DMZ (demilitarized zone), a buffer network, direct communication between the corporate and floor network is prevented and access is controlled with firewalls.
In addition, the isolation of critical segments is an important aspect for minimizing the movement and therefore the spread of threats within the network. To this end, the number of access points and the number of neighboring networks that can communicate with the most secure segments are kept to a minimum. This maintains the integrity of the entire network, even if one area is compromised.
Furthermore, authorization mechanisms should be adapted to the functional roles to ensure that people only have access to resources that are necessary for their tasks. It is advisable to separate administrative roles from other functions and thus strictly limit access to critical configurations and sensitive information.
Software upgrades
It makes sense to approach the topic of software upgrades with a meticulous inventory of the firmware versions of all important devices. This demands caution, professionals should check the authenticity of upgrades with the respective provider. Otherwise, the door is open for counterfeit malware.
The upgrade process should be carried out in stages so that the effects of upgrades can be monitored and evaluated on a smaller scale before they are applied to the entire network.
In many cases, an immediate firmware update is not possible. The recommended alternative is virtual patching. This involves implementing security measures at network or application level so that no changes to the firmware are required. Hence, network traffic can be actively monitored, malicious patterns identified, and vulnerabilities prevented from being exploited by outdated firmware.
Foster security awareness
In addition to technical measures, the human factor is crucial. Teams must be equipped with the necessary resources to master the intricacies of different types of attack. This starts with creating checklists and step by step procedures that act as practical guides for each type of attack. These materials should be simple and practical, and complex security measures should be broken down into practicable steps. This will enable cybersecurity specialists to empower other teams to respond effectively to threats.
In order to embed cybersecurity awareness in the minds of employees, regular training programs are needed that cover theoretical aspects as well as practical exercises on real-life scenarios.
| Read also part 1 of the article series "Cybersecurity Basics": The Fundamentals of Cybersecurity |
|---|
The corporate culture is also an important pillar for security awareness, emphasizing an environment where team members can report security concerns without fear of reprisals, which is crucial. Placing blame for security incidents is counterproductive. Instead, the focus should be on understanding the causes and taking corrective action. Praise is also an effective way of encouraging positive behavior. Recognizing vigilance and responsiveness encourages employees to actively contribute to the safety of the company.
Security in the ecosystem
A solid security strategy also takes all of the company's partners into account. This starts with defining clear rules. Authentication should be one of the non-negotiable security aspects, as it is proof of the legitimacy of interactions within the industrial ecosystem. Of course, authentication protocols must comply with industry standards and regulations. Apart from that, partner assessments, audits and security practices should be continuously scrutinized by experts.
Based on the principle "Together we are stronger", actively sharing threat intelligence and best practices is also recommended to ensure that security measures are mutually reinforcing.
Network monitoring
The first step of network monitoring is gaining a comprehensive understanding of the activities within the industrial ecosystem. With the help of modern tools and technologies, network traffic, device interactions and communication patterns can be observed in real time. This allows anomalies, potential vulnerabilities, and unauthorized access to be detected.
Monitoring security breaches requires robust intrusion detection systems, log analysis, and an active search for signs of unauthorized access, malware, or other security breaches. This is where the aforementioned culture of encouraging employees to report security incidents comes into play.
Every security incident should be meticulously documented, even (seemingly) minor incidents. It is helpful to develop a standardized process for recording the details of the incident, the measures taken, and the lessons learned. Such documentation not only ensures compliance with regulations, for example during audits, official inspections, or internal reviews, but also provides valuable insights for the continuous improvement of cybersecurity.
Continuous improvement
Cybersecurity is a never-ending task. With defined processes for continuous improvement, organizations create the preconditions for a continuous improvement cycle. This should include the regular review and refinement of security protocols, incident response procedures, and monitoring mechanisms. The evaluation should involve team members from different departments and hierarchical levels, and suggestions should be considered without reservation. Training programs, awareness campaigns, and collaboration frameworks should also be part of continuous improvement.
At the same time, the threat landscape is constantly changing. Active participation in threat intelligence networks and industry forums as well as continuous training help prepare people for evolving threats.
You might also be interested in
New Vice President of Global Partner Ecosystem appointed
Effective immediately, John Ryan is the new Vice President of Global Partner Ecosystem at Claroty, a specialist in the security of cyber-physical systems (CPS).
read more...Increasing cyberattacks on the manufacturing sector
A report from Check Point Exposure Management on the threat landscape in the manufacturing industry shows a dramatic increase in ransomware, supply chain attacks and OT-related cyber incidents. As smart factories and connected supply chains become...
read more...Cybersecurity is a top priority for car manufacturers
The latest "Automotive Manufacturing Outlook Survey" from ABB Robotics shows that cyber security has become the most important focus for automotive manufacturers around the world. This indicates a clear change in the perception of digital risks.
read more...Cloud security often inadequate
According to Red Hat's "State of Cloud-native Security" Report 2026, 97% of the companies surveyed with hybrid cloud environments reported security incidents within a year. This is based on data from around 600 IT specialists.
read more...CRA guide for Powerlink checked
TÜV Rheinland has audited the "CRA Guide for Powerlink" from B&R. The guide is one of the first independently audited technical documentations for the implementation of the EU Cyber Resilience Act in automation.
read more...Dragos expands collaboration with Microsoft
Dragos, a global provider of cyber security for OT environments, is expanding its collaboration with Microsoft. The aim is to support companies in modernizing and securing their cyber-physical operating processes.
read more...All for One acquires stake in BrightFlare
All for One acquires a minority stake of 25.1% in the Austrian company BrightFlare. BrightFlare is a cybersecurity services provider for the protection of industrial plants and critical infrastructures.
read more...Check Point Cyber Security Report 2026
More attacks on German companies
The new "Cyber Security Report 2026" from Check Point shows a significant increase in cyberattacks on German organizations by 2025. The education sector is particularly affected and is well above the national average.
read more...Claroty appoints new Chief Revenue Officer
James Love is the new Chief Revenue Officer (CRO) of Claroty, a specialist in the security of cyber-physical systems (CPS).
read more...