Protect critical plant control and automation systems from cyberattack
Comprehensive review of cybersecurity risks and vulnerabilities
Industry 4.0 is transforming global industrial processes. But it also brings with it heightened cybersecurity risk. The frequency cyberattacks on industrial control systems has increased at an alarming rate in recent years. It’s risk that you ignore at your peril. The cost of an industrial cyberattack will vary according to its severity and the size of the company, but the effects can be significant. Malware infection of a plant control or other automation system can quickly bring production to a halt. In worst case scenarios, it may even result in damage to critical equipment, putting personnel at risk of harm and causing negative environmental impacts. Industrial automation systems are also typically older, unpatched – and thus more vulnerable to – cyberattack. Which was OK when they worked in isolation. But advancing digitalisation and connectivity is exposing these systems to greater risks. All this means it might be time to consider a comprehensive cybersecurity assessment of your plant control and automation systems. And who better to undertake that assessment than the experts who supplied both your equipment and automation systems? Our cybersecurity assessments offer a comprehensive analysis of system risks and vulnerabilities, with prioritised recommendations and guidance to improve your system resilience against cyberattack.
How do I know if I need a cybersecurity assessment?
If you answer ‘no’ to any of the following questions, we recommend you undertake a cybersecurity assessment as soon as possible: • Do you have an up-to-date inventory of all devices on your automation network? • Are critical devices patched and free of known vulnerabilities? • Are you sure that there is no unauthorised software installed on OT (operational technology) servers or clients? • Are you sure that there are no unauthorised internet connections or devices with multiple network connections? • Is your firewall up to date and correctly configured? • Are USB ports blocked or protected from malware execution? • Are administrative accounts secured and not used for other purposes? • Are backups taken regularly and stored securely; are you sure that an attacker could not access them; are they tested? • Is antivirus software installed and kept up to date on all devices? • Do you have a prober insight and understanding of which and how devices are communicating on the network?
Our detailed assessments are tailored to match your needs and the equipment you have onsite. A typical assessment comprises:
1. A review of existing FLSmidth drawings and documentation. 2. Remote information gathering via Go2FLS remote access (if available). 3. Information from FLSmidth McAfee antivirus server (if used). 4. Online meeting with customer to clarify outstanding questions. 5. Onsite visit to clarify and complete the information-gathering process, including observations, interviews, and passive data-collection tools: • Verification of existing documentation and asset list. • Collection of asset inventory in plant automation network(s). • Review of lifecycle support status and firmware/patch status, considering any known vulnerabilities. • Verification of systems configuration in scope (e.g. servers, clients, PLCs, switches, and firewall) • Review and verification of the existing network drawings. • Review of IT-OT communication. • Review of backup and restore procedures. • Review and verification of systems configuration backups. 6. Presentation of results: • Report on current status with recommendations based on cybersecurity standards, best practices, and the information gathered. • Executive summary of the results and recommendations. • Asset inventory of programmable devices, with lifecycle status and recommendations, including prioritised list of recommendations for upgrades or replacements. • Updated network and configuration drawings • Online meeting to present the results. Additionally – when requested - we can work with you to secure your systems based on the findings of the assessment. This may include: • A prioritised investment plan for required upgrades, replacement of obsolete equipment, or other mitigations. • Making configuration changes or other mitigations, either as part of planned maintenance visits, remotely as part of a PlantLine service agreement, or in a further dedicated site visit. • Supporting you to implement mitigations yourself with detailed instructions. We also offer additional cybersecurity services, including: • Secure remote access, application control, equipment hardening, security patching, and backup testing to ensure that your plant is made secure and stays secure. • Network segmentation. • OT network security monitoring integration with your existing security operations centre (SOC) or FLSmidth’s security partner.
