While Cyberattacks Are Inevitable, Resilience Is Vital

The database allows asset owners to research incidents that have occurred in the same industry they operate in. They can learn what has happened to their peers and they can also use it when they become aware of new malware, ransomware, or activity groups. It also helps operators and asset owners understand the magnitude of what kinds of cyberattacks the manufacturing industry is facing and saves time when putting together a justification for a cyber investment.

Find out more from the 2024 Threat Report.

Government involvement

When it comes to resiliency, even the U.S. government understands cyberattacks are inescapable, and it shifted its focus toward building resilient systems. That is why it issued a report on resilience created by the President’s Council of Advisors on Science and Technology (PCAST).

Cyber-physical systems are at the core of the critical services that underpin our lives, PCAST said in its report. Cyber-physical systems are increasingly vulnerable to threats from nation-states, terror groups, criminals, a range of natural disasters, as well as accidents and failures.

One case in point PCAST gave when talking about resilience is the 2021 Texas winter power crisis. While the failure of physical systems due to extreme cold led to a skyrocket in demand for electricity to provide heat, the lack of resilience built into the overall system—including its cyber elements—contributed to the catastrophe that left more than 4.5 million homes without power.

“It is refreshing to see the United States Government (USG) finally consider the importance of resilience when looking at the safe, secure and reliable operation of infrastructure in the eyes of an ever-changing and faster-growing threat landscape,” said Joel Langill, founder and managing member of the Industrial Control System Cyber Security Institute (ICSCSI), LLC. “We should understand that security and resilience are not the same thing, nor are they mutually exclusive from one another.”

Remaining resilient to stay up and running or recovering quickly from an attack is not overly expensive and it is possible for all companies as they most likely have all they need right now to fight off 90% of attacks. They just need to apply the basics.
 

Understand fundamentals

“Cybersecurity in the industrial sector can improve by maintaining strong fundamental practices while integrating advanced tools,” said Dewan Chowdhury, chief executive and founder of security provider, malcrawler. “Core practices like network segmentation, regular backups, comprehensive asset inventories, adherence to security frameworks and secure remote access form a great foundation of a resilient cybersecurity posture.

“Complementing these basics with new technologies such as AI [artificial intelligence] and machine learning can significantly enhance threat detection and response capabilities,” he said.

But, he added, don’t get caught up in all the bells and whistles of new technologies hitting the market. Understand what you need and apply the proper technologies at the proper time.

“Organizations must avoid the common pitfall of investing in cutting-edge technology that remains unused,” Chowdhury said. “Instead, they should focus on integrating these tools into their existing security frameworks to enhance, not replace, fundamental practices. Learning from the past, where many cybersecurity products became obsolete, highlights the importance of staying adaptable and informed about industry trends. By balancing core practices with innovative tools, the industrial sector can build a robust and adaptable cybersecurity defense.”

Taking lessons learned from other practices like safety could help build an understanding of resilience.
 

Learn from safety

“Industrial sectors, especially those with mature process safety cultures, commonly leverage techniques such as peer review or cold eye review (CER) to reduce the likelihood of safety incidents,” said Dave Gunter, director of business development at industrial cybersecurity solutions provider Armexa. “Industrial cybersecurity practitioners, in these and other industrial sectors, could achieve additional levels of maturity by adopting similar practices.”

Gunter continued: “While peer review or CER may seem obvious, in practice, humans often jump to solutions before thoroughly discussing the pros, cons and risks with others before deployment. A diverse team of functional experts brings value to the approach. CER leverages the experiences and skills that you already have within the organization.”

For example, Gunter said, senior members of the team typically introduce tried and true fundamental concepts into the discussion. Mid-career practitioners have a clear line of sight as to what works and what doesn’t in the current field of operations. Junior team members may ask questions like, “Why do we do it this way?”, which may challenge others to consider alternative solutions.

“The result is a clear—and hopefully quick—discussion on the concept, the tool or approach, the fundamentals, what-if questions and a rationalization of why this is occurring and its importance,” said Gunter. “I am not suggesting design by committee or disclosing any cyber-sensitive information; however, validating a concept is a key element in quality assurance and testing.”