Cybersecurity is like yoga. If you want it to work, you don’t do it once and call it a day, said Paul Griswold, chief product officer of cybersecurity for Honeywell Connected Enterprise.
Griswold presented a session on improving operational technology (OT) cybersecurity for the life sciences and specialty chemicals track at the Honeywell Users Group conference on June 20 in Orlando, Florida.
Prioritizing cybersecurity can be a competitive differentiator because it enables operational resiliency and remote-work opportunities, Griswold said.
“If you’re able to produce more product than your competitors because you have better defenses in place, you’re not having unplanned downtime,” he says. “And then overall reduction of the risk will help you demonstrate compliance.”
Getting there means treating cybersecurity as an ongoing, formal program that has executive management support and has money allocated to it, much like safety.
Griswold discussed some of the ways organizations can evaluate and secure their system, including:
Security assessments – An OT cybersecurity assessment includes a technical scan of assets to determine their location and vulnerabilities. This process also involves evaluations of physical devices, such as badge readers are working and that server cabinets are locked.
Asset inventory – This often involves the use of an automated program to identify devices on the network to find rogue applications and devices that are unmanaged. “You’ll be able to determine on an ongoing basis what’s out there, what its state is and help feed that into your patching program.”
Network mapping – OT configurations change over time. Network mapping allows organizations to determine which devices should be connected to a network and those that should not have access to web browsers, for example. Having visibility into network traffic helps organizations enforce policies.
OT organizations don’t necessarily need to add protection solutions that utilize advanced technologies, such as artificial intelligence, to secure their systems, Griswold said. In many cases, OT environments need to begin with basic protections.
“It’s maybe not the place you want to start if you’re not doing something basic like antivirus,” he said. “So, when we talk about programs for OT, a lot of times we will start with having a secure and controlled way of getting in and out of the environment remotely that’s actually controllable and auditable.”
From there, organizations can move to patching and antivirus management, next-generation firewalls, USB protection and application whitelisting, Griswold said. Continuous monitoring will be necessary to detect anomalous behaviors, either using internal staff or managed service providers.
Organizations also need to have a response plan in place if they’re victims of an attack. A tabletop exercise that simulates an actual attack can help organizations mitigate damages. The action plan may need include personnel from human resources, legal and public relations departments.
“If God forbid you have an attack like Colonial Pipeline, that went from a technology problem to a stock price problem within a matter of a day,” Griswold said.