Cybersecurity Best Practices for Manufacturing OT

Tip 1: Network Design in Manufacturing: Segmentation and Segregation

The process of network segmentation and segregation involves building and socializing strict security access controls between manufacturing systems (shopfloor) and enterprise network, with minimal impact to business/production operations. Traditionally, manufacturing systems were based on specialized hardware or software that used proprietary network communication protocols. Fast forward to today, this has evolved to be a security risk as there is open and direct connectivity between the shopfloor and enterprise networks.

The best practice to address this risk is to implement the Defense-In-Depth Strategy, which has been inherited from the International Society of Automation’s (ISA) Purdue Model of Computer Integrated Manufacturing. Segmenting the shopfloor network from the enterprise network will not only isolate it from direct communication, but also minimize the enterprise network to be compromised. It is recommended to have an information sharing layer between the enterprise (IT) and shopfloor (OT) networks, where shared resources can be placed for isolated communication.

Tip 2: Cybersecurity Standardization in Manufacturing

• Asset Inventory Management: to understand the OT landscape and resource connectivity.
• Secure Remote Access: for vendors to perform operations such as troubleshooting, patching, or system upgrades on manufacturing machines.
• Endpoint Security: to prevent OT systems from being exploited by malicious actors.
• OS/Firmware Patching: to keep OT systems up to date on enhancements and bug-fixes.
• Vulnerability Management: regulatory process of identifying and reporting security vulnerabilities in OT systems and underlying software.
• Secure Wireless Access: implement strong encryption techniques to secure wireless OT networks from the dynamic evolvement of IoT devices.
• Security Incident Response: build an IR plan for OT to detect, respond and recover from network security incidents.
• Security Monitoring: to analyze, correlate and create alerts or events of interest, which will serve in taking remediated actions.
• Resource Hygiene: to limit the use of external devices such as USB drives to the systems.
• Security Awareness Training: to help personnel on what actions to take in the event of an asset being compromised.