Cyber Security for Manufacturers with Michael Rothschild

Michael Rothschild has more than 20 years of experience in security. Prior to his role at industrial security vendor Indegy, Michael worked in product management and marketing roles with Thales, RSA, Dell, Juniper Networks, and Radware. He taught marketing at Yeshiva University and currently occupies a board seat at Rutgers University. In his spare time, Michael volunteers as an emergency medical technician.

October 10, 2019 | Manufacturer

By: Michael S.

I have over 40 years experience in a broad range of manufacturing areas. Starting with an apprenticeship in Germany I’ve worked my way through a variety of positions within the manufacturing field. I got my start as a Tool and Die maker. I next became a supervisor of a class A tool room, then manager of a machining department. I was exposed to lean manufacturing in the mid 90s and adapted the lean philosophy. Loving and teaching the lean approach, I moved on to become a Continuous Improvement manager which led to a job as a manufacturing manager. I joined Acuity in 2015 as their manufacturing expert. I hope to evolve how manufacturers deal with and think about insurance companies, as well as be a resource to my fellow employees – enabling them to better understand the unique needs of manufacturers.

At a high-level, what is cybersecurity, and why should manufacturers care? Are there benefits to utilizing an active versus passive protection system for manufacturers?

Cybersecurity is about protecting your industrial computer systems from unauthorized access, preventing theft, damage, or manipulation of those systems.

Unfortunately, industrial control networks were designed decades ago, before cyber threats in OT (operational technology) environments existed. The focus was operational reliability and ensuring smooth business operations. Today, however, due to a confluence of trends, OT operations are being targeted, and security is more important than ever. Threats to your ICS (industrial control systems) network can come from a variety of sources, including cyberattack, malicious insider, and human error. This is the reason Indegy gives unique focus to being able to monitor and alert on changes within the OT environment, whether the changes were done through the network or locally on devices.

An active system will:

Validate control device integrity and identify changes made via direct physical and virtual connections.
Improve situational awareness and forensic support. By using native controller protocols to query the devices, device integrity gathers important details and provides meaningful alerts, resulting in significantly improved situational awareness and forensic support.
Continuous up-to-date vulnerability analysis and security posture. By regularly querying the controllers for details such as the firmware version, open ports, hardware configuration, patch level installed, and more, discover assets that do not communicate over the network.
Support backup and recovery. Since there is no event log that traces the changes made to control devices, incident recovery can be very difficult. An active system like Indegy’s is capturing a snapshot of the device and can help identify a previously known good state and restore the device to that state.

How does operational technology give hackers potential to access a company’s assets, and what are potential risks associated with an attack?

The focal point for attacks on industrial operations and critical infrastructure has centered on industrial controllers. What really matters is that these controllers are extremely reliable and literally control everything from cooling stations to turbines, electrical grids, oil and gas, and much more. Industrial control systems literally keep the lights on. When industrial controllers were first deployed, they were not connected and interconnected. Today’s advances in technology have put these devices online and, thus, they have become the target of the hacker. Furthermore, controllers were not built to address the security threats or the innocent human errors we now experience. Outsiders, insiders, and outsiders masquerading as insiders are all possible actors that launch sophisticated attacks to take over machines for nefarious purposes. A carefully executed attack can accomplish as much, if not more than, modern day warfare.

Within manufacturing, are there specific segments you feel are more vulnerable or likely to be exposed to a cyberattack?

We find that there is not a specific OT infrastructure that is favorable to an attack. What we do find is that there is generally a fair amount of research or reconnaissance done before an attack is launched. Hackers, whether insiders or outsiders, look for weak links in the chain and use that to exploit. For example, a distributed organization may be well protected at HQ but not as protected at a remote location. The hacker will use the remote location to get into the organization.

To specifically address this reality, there has been a newer deployment model that has opened called ICSaaS, or industrial cyber security as a service, which provides a cloud-based deployment for smaller organizations or organizations that have many remote locations and cannot or do not want to deploy physical gear. It provides the comprehensive security needed to ensure industrial protection across the entire organization.

Cybersecurity remains a large and often overlooked risk within the manufacturing industry. What are key steps manufacturers can take to implement a cybersecurity plan?

There are three key elements (albeit not the only elements):

Perhaps the most important step is to build your systems with security in mind. Too often, security is an afterthought, which leaves organizations in catch-up mode. Making industrial cybersecurity part of the project can yield far more secure OT infrastructures and less costly solutions in the long run.
Ensure your OT security can work in conjunction with your already-deployed IT security. Attacks have the potential of laterally creeping between OT and IT devices. Having that 360-degree view can de-silo your security efforts, thus finding and stopping more threats before any damage occurs.
You are not expected to be an OT security expert, but your OT vendor should be. Ask them the tough questions, and make sure they answer your specific requirements in a way that gives you peace of mind. They are the ultimate ones who will defend your OT environment!

How does the National Institute of Standards and Technology (NIST) standard for cyber protection ensure manufacturers and their assets are less vulnerable to attacks?

The NIST framework was created through collaboration between government and the private sector in response to executive order (EO) 13636: Improving Critical Infrastructure Cybersecurity, which calls for the development of a risk-based cybersecurity framework. It provides a set of industry standards and best practices to help organizations manage and reduce cybersecurity risk to critical infrastructure. NIST is the authoritative standard to which organizations both in the U.S. and overseas map their cybersecurity standard.