Connected World: The manufacturing industry reported the highest share of cyberattacks in 2022. Why do you believe this is happening?
Zakarya Drias: The manufacturing industry has undergone a significant digital transformation, resulting in increased profitability, efficiency, and modernization, as well as the emergence of certain challenges. While the integration of new digital technologies into the production process has generated substantial benefits, it has also inadvertently exposed vulnerabilities that malicious actors can exploit. It’s essential to recognize that these vulnerabilities stem not solely from the adoption of technology, but also from the absence of cohesive processes and procedures that should accompany these innovative approaches. Furthermore, a noteworthy concern arises from the insufficient cybersecurity expertise among operators who interact with these advanced systems.
Another crucial factor contributing to this scenario is the inherent nature of the manufacturing sector itself. From the perspective of potential threat actors, the manufacturing sector stands out as an alluring target. The industry’s limited tolerance for operational downtime, coupled with the valuable intellectual property held by manufacturers, makes it an exceptionally attractive focal point for various types of malicious threat actors.
CW: What can manufacturing companies do to address this?
Drias: There’s a lot that can be done, but it’s challenging to figure out where to begin. Asset owners should start by taking a comprehensive approach to protect their OT (operational technology) environment from cyber-attacks. This means considering people, processes, and technology and leveraging international frameworks, such as IEC62443 and NIST CSF.
- First, understand where the risks are. Identify vulnerabilities, potential threats, and what could happen if a threat exploits those vulnerabilities.
- Next, take action to reduce risks. Use security controls, processes, and procedures to lower the risk to an acceptable level.
- Train your team. Having the right technology is not enough; your team’s mindset and skills matter too.
- Continuously watch your security posture and adjust your strategy to stay ahead of potential threats.
In short, it’s about understanding risks, taking steps to reduce them, training your team, and staying proactive in managing cybersecurity. This is an ongoing process that needs to continue and keep improving as it goes. Asset owners need to make this an ongoing priority to be successful.
CW: How does Managed Security Services help mitigate threats?
Drias: The essence of our Managed Security Services group at Schneider Electric revolves around a vigilant focus on threats. It begins with continuous monitoring, realtime threat detection, and proactive threat hunting. This comprehensive approach is further enhanced by vulnerability assessment and subsequent remediation efforts. For asset owners equipped with these capabilities through an MSSP, a distinctive advantage emerges. They are empowered to proactively defend against threats and adeptly manage incidents, effectively minimizing their impact to the industrial processes and the dependent operations. Further, as their operations evolve, we are able to update our support strategies to include new equipment and operations.
CW: What value does this ultimately provide companies?
Drias:
- Expertise and Experience: MSSPs bring specialized knowledge and experience in OT cybersecurity. Their teams consist of skilled professionals who are well-versed in the latest threats, vulnerabilities, and best practices, allowing them to provide effective protection and response to threats.
- Threat Detection and Response: MSSPs leverage advanced tools and technologies to identify and analyze potential threats in realtime. They can determine whether a malicious activity is process related or a real cyber threat and respond to it effectively before it impacts operations.
- Proactive Risk Management: MSSPs take a proactive approach to managing risk by identifying vulnerabilities and implementing measures to mitigate them before they can be exploited by attackers. This helps reduce the probability of a threat actor successfully exploiting potential vulnerabilities.
- Cost Efficiency: In addition to the cybersecurity-related benefits, partnering with an MSSP provides companies with a cost-effective alternative to building their own in-house teams, upskilling them, and retaining them without compromising the quality of the outcome, which is staying ahead of threat actors.
- Focus on the Core Business: Partnering with an MSSP to augment their capabilities in managing cybersecurity allows companies to focus on the core of their business and safely harvest the benefits of the digital transformations as we mentioned earlier.
In summary, MSSPs provide companies with a comprehensive and cost-effective solution to manage the cyber risk to their operations. This unlocks all the benefits of adopting digital technologies to increase operations efficiencies, business growth, and profitability.
CW: How do these services fit with what the manufacturing company does already?
Drias: Numerous manufacturing companies have embarked on their cybersecurity endeavors, yet the level of progress varies depending on their investments and actions taken against cyber threats. Managed Security Service Providers seamlessly align with companies of all maturity levels. In the case of well-established organizations, MSSPs extend their capabilities to encompass advanced offerings like threat intelligence, threat hunting, and malware analysis. They function as an extension of the internal cybersecurity team, delivering high-value services.
For companies in the early stages of their maturity journey, MSSPs play a pivotal role in expediting progress. They provide the full array of previously mentioned services, assuming the role of the core cybersecurity team and a trusted advisor. This is particularly evident in the construction and execution of robust cybersecurity strategies and programs.
CW: Do we still need to keep people, processes, and technology in mind?
Drias: Absolutely! The principles of people, processes, and technology remain vitally important, regardless of whether a company engages with a Managed Security Service Provider (MSSP) or not. Here’s why:
- People: The human element continues to be a critical factor in cybersecurity. Even with an MSSP, internal personnel play essential roles in understanding the company’s unique needs, collaborating with the MSSP, and ensuring that cybersecurity practices align with business objectives. Training and awareness for employees remain pivotal in preventing social engineering attacks and maintaining a cybersecurity-conscious culture.
- Processes: Defined processes and procedures are essential for effective cybersecurity management. Regardless of an MSSP’s involvement, a company needs clear processes for incident response, access control, network segmentation, and other security-related activities. These processes ensure consistency, facilitate collaboration with the MSSP, and streamline cybersecurity efforts.
- Technology: While an MSSP can provide advanced technological solutions, the company’s existing technology infrastructure still needs to be considered. Integration of security tools, monitoring systems, and network architecture all need to be contextualized to the company’s unique environment and requirements. Technology forms the foundation upon which the cybersecurity strategy is built, regardless of external support.
In essence, an MSSP complements and enhances a company’s cybersecurity efforts, but it doesn’t replace the need for a well-rounded program that addresses people, processes, and technology. The collaboration between the company and the MSSP should harmonize with these core principles to ensure comprehensive and effective cybersecurity management.
About the Author
Zakarya Drias, director, cybersecurity managed services, Schneider Electric. Drias is a cybersecurity leader and a driving force behind innovative solutions in the realm of OT cybersecurity. In his strategic role, he orchestrates cutting-edge customer centric initiatives, providing customers with better ways to accelerate their path to resiliency.