A Peer-Submitted Best Practice

Cybersecurity Best Practices for Manufacturing OT

Tip 1: Network Design in Manufacturing: Segmentation and Segregation

The process of network segmentation and segregation involves building and socializing strict security access controls between manufacturing systems (shopfloor) and enterprise network, with minimal impact to business/production operations. Traditionally, manufacturing systems were based on specialized hardware or software that used proprietary network communication protocols. Fast forward to today, this has evolved to be a security risk as there is open and direct connectivity between the shopfloor and enterprise networks.

The best practice to address this risk is to implement the Defense-In-Depth Strategy, which has been inherited from the International Society of Automation’s (ISA) Purdue Model of Computer Integrated Manufacturing. Segmenting the shopfloor network from the enterprise network will not only isolate it from direct communication, but also minimize the enterprise network to be compromised. It is recommended to have an information sharing layer between the enterprise (IT) and shopfloor (OT) networks, where shared resources can be placed for isolated communication.

Tip 2: Cybersecurity Standardization in Manufacturing

  • Asset Inventory Management: to understand the OT landscape and resource connectivity.
  • Secure Remote Access: for vendors to perform operations such as troubleshooting, patching, or system upgrades on manufacturing machines.
  • Endpoint Security: to prevent OT systems from being exploited by malicious actors.
  • OS/Firmware Patching: to keep OT systems up to date on enhancements and bug-fixes.
  • Vulnerability Management: regulatory process of identifying and reporting security vulnerabilities in OT systems and underlying software.
  • Secure Wireless Access: implement strong encryption techniques to secure wireless OT networks from the dynamic evolvement of IoT devices.
  • Security Incident Response: build an IR plan for OT to detect, respond and recover from network security incidents.
  • Security Monitoring: to analyze, correlate and create alerts or events of interest, which will serve in taking remediated actions.
  • Resource Hygiene: to limit the use of external devices such as USB drives to the systems.
  • Security Awareness Training: to help personnel on what actions to take in the event of an asset being compromised.

About the Author

Sanjit is a sedulous cybersecurity professional with over a decade worth of experience working in information security technology, models, and processes. He is the core member of the IT Security Architecture team at Kennametal (India), with the responsibility to review, design, and deliver security solutions across the enterprise. Kennametal is an American metal-manufacturing supplier of advanced tooling and industrial material innovation for more than 75 years.

Previously as a Senior IT Security Systems Administrator, Sanjit has worked across major cybersecurity operational domains ranging from network firewall and remote access administration, incident response, vulnerability management, and identity and access management.

Sanjit holds a Postgraduate Degree in Computer Science (MTech CS) from Manipal University and a Bachelor’s Degree in Electronics & Communications Engineering (BE E&C) from Anna University

Photo of Sanjit Ambalayam

By Sanjit Ambalayam

Senior Analyst IT Security Architecture at Kennametal

Share this Best Practice

You might also be interested in these Best Practices