Page 15 - EngineerIT June July 2025
P. 15
CYBERSECURITY
Operational protection and threat By unifying protective controls with real-time monitoring, organisations can both
detection harden their systems against known threats and rapidly detect emerging risks. This
Once an organisation has carried out a full dual approach not only meets compliance standards (NERC CIP, IEC 62443) but
asset inventory and risk assessment, it’ll be also minimises downtime, ensuring that security measures enhance, rather than
in a position to protect critical assets and hinder, industrial reliability.
detect emerging threats. In OT environments,
where legacy and modern systems as well Security audits and compliance
as real-time operations demand specialised To ensure detection and protection is working, organisations must conduct
security approaches, organisations need regular security audits. These will validate whether an organisation’s cybersecurity
solutions that defend without disruption measures align with industry standards, regulatory requirements and internal
while maintaining constant vigilance for policies. In industrial sectors, audits often focus on frameworks like IEC 62443,
anomalies. NIST CSF, or ISO 27001, which mandate specific controls for protecting critical
infrastructure.
Industrial endpoints, such as PLCs, engineer
workstation and HMIs, require security A robust audit process includes:
measures tailored to their operational • Policy reviews to ensure cybersecurity governance is in place;
constraints. Many run on outdated operating • Technical testing (e.g., vulnerability scans, configuration checks);
systems (e.g., Windows XP) or lack traditional • Gap analysis against compliance benchmarks;
IT safeguards, making them vulnerable. • Remediation planning to address deficiencies.
Effective protection includes:
• Safe endpoint threat prevention methods; For OT environments, audits must also assess physical security, access controls
• Whitelisting to block unauthorised and third-party vendor risks. Findings should be documented and presented to
software execution; executive leadership to secure ongoing investment in cybersecurity improvements.
• Air-gapped update mechanisms for offline
or sensitive environments; Network segmentation for tighter control
• Tunable system resource consumption. The final piece in the puzzle is network segmentation (zones and conduits).
Done well this can isolate critical systems and limit lateral movement in case
These controls must support industrial of a breach. Based on standards like IEC 62443, this approach groups assets by
protocols (Modbus, DNP3) and integrate function and risk level (e.g., safety-critical vs. non-essential).
seamlessly with automation systems to
avoid operational disruptions. Key benefits include:
• Reduced attack surface by restricting unnecessary communication;
Because OT networks are complex and • Improved monitoring through traffic filtering and encryption;
heterogeneous, attackers can operate • Compliance adherence with industry regulations.
undetected until damage occurs. Advanced
detection solutions compensate by: Advanced tools like SD-WAN and ICS-aware firewalls enable dynamic
• Analysing network traffic via Deep Packet segmentation while maintaining operational flexibility. Continuous refinement,
Inspection (DPI) for malicious control using real traffic data and threat intelligence, ensures the architecture evolves with
commands; emerging risks.
• Leveraging machine learning to identify
behavioural anomalies in devices or Working with the experts
processes; The OT systems outlined in this article undoubtedly add another layer of
• Monitoring configurations for unauthorised complexity for already stretched security teams. This is where purpose-built
changes (e.g., altered PLC logic); platforms, such as Extended Detection and Response (XDR) solutions designed for
• Providing extended detection and critical infrastructure, can make a meaningful difference.
response capabilities for hosts and
networks. By combining network-level traffic analysis and anomaly detection with endpoint
protection for both modern and legacy industrial devices, platforms like Kaspersky
When integrated with a Security Information Industrial CyberSecurity (KICS) help organisations simplify deployment and
and Event Management (SIEM) system, these improve response. Working with a specialist third-party provider can accelerate
capabilities enable centralised alerting, maturity, ensure alignment with best practices and ultimately strengthen the
helping teams distinguish between cyber resilience of both operations and infrastructure.
threats and operational malfunctions. For
example, unexpected traffic patterns could To learn more about industrial cyber resilience and ways to enable
indicate a cyberattack, or a misconfigured comprehensive protection of all the assets and processes, read this
device needing maintenance. interactive guide.
15 | EngineerIT June/July 2025