CYBERSECURITY


        Operational protection and threat       By unifying protective controls with real-time monitoring, organisations can both
        detection                               harden their systems against known threats and rapidly detect emerging risks. This
        Once an organisation has carried out a full   dual approach not only meets compliance standards (NERC CIP, IEC 62443) but
        asset inventory and risk assessment, it’ll be   also minimises downtime, ensuring that security measures enhance, rather than
        in a position to protect critical assets and   hinder, industrial reliability.
        detect emerging threats. In OT environments,
        where legacy and modern systems as well   Security audits and compliance
        as real-time operations demand specialised   To ensure detection and protection is working, organisations must conduct
        security approaches, organisations need   regular security audits. These will validate whether an organisation’s cybersecurity
        solutions that defend without disruption   measures align with industry standards, regulatory requirements and internal
        while maintaining constant vigilance for   policies. In industrial sectors, audits often focus on frameworks like IEC 62443,
        anomalies.                              NIST CSF, or ISO 27001, which mandate specific controls for protecting critical
                                                infrastructure.
        Industrial endpoints, such as PLCs, engineer
        workstation and HMIs, require security   A robust audit process includes:
        measures tailored to their operational   •  Policy reviews to ensure cybersecurity governance is in place;
        constraints. Many run on outdated operating   •  Technical testing (e.g., vulnerability scans, configuration checks);
        systems (e.g., Windows XP) or lack traditional   •  Gap analysis against compliance benchmarks;
        IT safeguards, making them vulnerable.   •  Remediation planning to address deficiencies.
        Effective protection includes:
        •  Safe endpoint threat prevention methods;  For OT environments, audits must also assess physical security, access controls
        •  Whitelisting to block unauthorised   and third-party vendor risks. Findings should be documented and presented to
          software execution;                   executive leadership to secure ongoing investment in cybersecurity improvements.
        •  Air-gapped update mechanisms for offline
          or sensitive environments;            Network segmentation for tighter control
        •  Tunable system resource consumption.  The final piece in the puzzle is network segmentation (zones and conduits).
                                                Done well this can isolate critical systems and limit lateral movement in case
        These controls must support industrial   of a breach. Based on standards like IEC 62443, this approach groups assets by
        protocols (Modbus, DNP3) and integrate   function and risk level (e.g., safety-critical vs. non-essential).
        seamlessly with automation systems to
        avoid operational disruptions.          Key benefits include:
                                                •  Reduced attack surface by restricting unnecessary communication;
        Because OT networks are complex and     •  Improved monitoring through traffic filtering and encryption;
        heterogeneous, attackers can operate    •  Compliance adherence with industry regulations.
        undetected until damage occurs. Advanced
        detection solutions compensate by:      Advanced tools like SD-WAN and ICS-aware firewalls enable dynamic
        •  Analysing network traffic via Deep Packet   segmentation while maintaining operational flexibility. Continuous refinement,
          Inspection (DPI) for malicious control   using real traffic data and threat intelligence, ensures the architecture evolves with
          commands;                             emerging risks.
        •  Leveraging machine learning to identify
          behavioural anomalies in devices or   Working with the experts
          processes;                            The OT systems outlined in this article undoubtedly add another layer of
        •  Monitoring configurations for unauthorised   complexity for already stretched security teams. This is where purpose-built
          changes (e.g., altered PLC logic);    platforms, such as Extended Detection and Response (XDR) solutions designed for
        •  Providing extended detection and     critical infrastructure, can make a meaningful difference.
          response capabilities for hosts and
          networks.                             By combining network-level traffic analysis and anomaly detection with endpoint
                                                protection for both modern and legacy industrial devices, platforms like Kaspersky
        When integrated with a Security Information   Industrial CyberSecurity (KICS) help organisations simplify deployment and
        and Event Management (SIEM) system, these   improve response. Working with a specialist third-party provider can accelerate
        capabilities enable centralised alerting,   maturity, ensure alignment with best practices and ultimately strengthen the
        helping teams distinguish between cyber   resilience of both operations and infrastructure.
        threats and operational malfunctions. For
        example, unexpected traffic patterns could   To learn more about industrial cyber resilience and ways to enable
        indicate a cyberattack, or a misconfigured   comprehensive protection of all the assets and processes, read this
        device needing maintenance.             interactive guide.



                                                15 | EngineerIT June/July 2025