Today with ISSSource

Use of removable media in the industrial sector today is continuing to grow and it is just as vulnerable now as it has been over the past five to ten years. A new report is out that analyzes USB-borne malware and some of the results are very interesting.

People, process and technology are three critical components to any security program. When they all are working and in sync, everything comes together in a perfect harmony – and systems stay safe and secure and up and running.

To create a secure manufacturing enterprise, you need to apply defense in depth. That means at a very basic level, if a threat actor is able to get through one level of defense, there are plenty more for them to wade through. A solid defense in depth program can truly halt an attack or really slow it down.

Most industrial firms lack a firm foundation of cybersecurity protection. Bad actors are on the rise and are constantly revising their attack tactics. Learn the best way to start a new journey along the ISA/IEC 62443 protection pathway.

Managed security services. Years ago, the mere thought of an outside organization watching over a manufacturing enterprise and ensuring the site was free and clear and not under attack would have been considered outrageous. Throw in increased connectivity and a shortage of cybersecurity talent and managed security services is a cost-effective way to secure your site.

There is no doubt the Colonial Pipeline ransomware attack was a watershed incident for the oil and gas sector. As a result, the Transportation Security Administration released a prescriptive set of regulations for owners and operators of pipelines and LNG facilities which were very rigid. Then in July last year, after great consternation from the industry, a more flexible set of regulations released and now this July, another set of regulations released. Just what is the impact of the TSA Pipeline Security Directive on the Oil & Gas sector.

Manufacturing's mantra these days is everyone needs to keep the process moving – and that means security can't get in the way. But at the same time, you want to make sure you keep the bad guys out. No easy task. Add on top of that, an expanding attack surface due to digitalization and a lack of qualified security professionals available and you have the potential for the classic low hanging fruit for attackers. That is exactly where managed security services comes in.

There is no doubt attacks are becoming more targeted and more sophisticated toward OT, which means companies need to think how they can find an attack and remain as resilient as possible so they can keep operating. This way you don't have to hear a company say they had to “shut down operations out of an abundance of caution.”

Today, attackers learn from infiltrating systems and glean as much knowledge and capabilities as possible to where they may know the system they are attacking better than the victim. However, with the right technology and the right people behind that technology, it is possible to see an attack either happening or about to happen – and then be able to stop it.

No one will deny this is the age of digitalization across the manufacturing industry. You see it everywhere. Connectivity continues to grow and organizations are working to enjoy the benefits new age digital tools continue bring to the table. What is interesting, though, is while manufacturing enterprises adapt and digitize their processes, safety seems to be missing in action – stuck in an analog world.

Industry 4.0 – or digitalization – is purely a technology-driven initiative brought together essentially to increase productivity and boost profitability. Oftentimes, though, when technology enters the picture, user reluctance and hesitation often follows shortly behind. Add in the proven-in-use, conservative nature of safety professionals, and technology step changes can often become bogged down. That is where Industry 5.0 comes in.

It is no secret global warming is continuing to grow and present a problem for the world. It is also no secret the manufacturing sector is a large contributor to this world-wide issue. As the industry heads toward a lofty, but achievable goal of carbon neutrality, safety can play a vital role.

Clean energy is the mandate for all companies in all sectors across the globe. And that means the transition to greener and cleaner energy sources is at the forefront of manufacturers' discussions these days. What does that energy transition mean for safety professionals? Well, the safety end result will not differ, but the safety component that goes into producing the energy to produce the end product is going to change.

In this evolving digital world where increased connectivity is everywhere, security professionals continue to put out fires all the time. That raises the question: How can a manufacturer ensure a secure environment? With a lack of qualified security professionals available, plus the boom in connectivity brought on by the growth of digitalization and the threat of attacks on the rise, managed security services is in the process of becoming an important tool – if not the only tool – in a manufacturers' tool box.

One of the biggest fears facing manufacturers today is downloading an update or patched software or just plain downloading new software. Where can they do it and ensure they are not downloading tainted code? Straight from the software provider? Downloading code via removable media? That should be safe, right? Well, we are seeing sometimes that just doesn't get the job done. Using a data diode could be one approach.

No one will deny the complexity behind cybersecurity. It comprises an ever-growing and always-changing web of nuances to achieve a balance between ensuring systems are safe while keeping the business up and running. Find out how to see all your OT assets and understand how to protect them.

The goal of and air-gapped network is to remain free and clear of any outside malicious activity. In theory, no outside connections means no chance of attacks. In the digital era, how do you protect an air-gapped network?

No one can deny we are seeing unprecedented levels of cyberattacks across all industries and sectors. From IT enterprises, to operational technology and healthcare, there is no reason why building automation should be left out of the discussion. With such a fragmented sector with so many vendors and contractors working within one environment and with connectivity increasing, it only makes sense buildings are potential low hanging fruit for would be attackers. While almost everybody in the world is aware of cybersecurity issues, the lack of a solid and robust building automation security program can result in damage to a facility and its occupants and/or act as a pivot point for attackers to go after the building's tenants.

That one word can send a chill down the spine of any industry executive. And for good reason because ransomware attacks in manufacturing sector seem to be increasing. But why? The quick answer is they work and they are lucrative. Just what can manufacturers do to fight off an attack? Listen and learn.

There are plenty of attacks making the news these days and while ransomware seems to be on the tips of everyone's tongue, there is another type of attack just simmering slightly below the surface, and while it may seem hard to believe, is more dangerous. That is a supply chain attack.

In a working world where a manufacturing process can run for years at a time, operators, engineers and executives have to be able to adjust and work with what is happening out on the plant floor as a part of everyday life. But now add cybersecurity into the mix and the level of resiliency needs to escalate to new levels on all fronts.

in this day of enlightened cyber awareness, this is the opportunity for companies to design security in from the beginning to act as a foundation for digital transformation. But the question is: Are they?

ISSSource talks with Nasir Mundh about how critical is cybersecurity in non-critical industries

Schneider Electric Vice President of Cybersecurity Services, Jay Abdallah talks about cybersecurity implications during the global pandemic.