Cyber security professionals are often tasked with trying to defend more than they have the resources to defend. This is especially true in the area of Critical Manufacturing as there tends to be a strong desire to protect everything. In many cases when we try to protect everything we end up protecting nothing. A Cyber Security Defense Program (CSDP) needs to be very focused and strategically deployed to protect the systems and areas which need protected.
Critical Manufacturing as defined by the Department of Homeland Security(DHS) is primary metal, machinery, medical, electrical and transportation. Primary metal is Iron, Steel, Aluminum non-Feros metals; medical includes facilities and devices, machinery is engines, turbines and power transmission, within electrical is electrical equipment manufacturing, transportation is : vehicle, aviation and aerospace parts and vehicle manufacturing and railroad rolling stock. Products made by these are essential to critical infrastructure sectors. The Critical Manufacturing sector focuses identification, assessment, prioritization and protection of nationally significant manufacturing industries within the given sector that may be susceptible to manmade or natural disasters. This area is one that is critically in need of a strong CSDP. The discipline for CSDP must not be twisted to taint what should be a strategic approach to the industrial base (“Critical Capabilities At Risk,” 2009).
One critical component to the protection of a Critical Manufacturing environment is that of using next generation, aka smart, firewalls with intrusion prevention and with some form of malware prevention and detection, updated via global feeds, enabled. This firewall environment should be set up in such a way as to segment the Critical Manufacturing infrastructure. Each individual plant or factory within the Critical Manufacturing environment should be on their own local area network (LAN) segment. A very basic way of thinking about this is captured in Figure 1 below.
Because of the method in which business decisions are made for factory systems it is critical that organizations involved in Critical Manufacturing use strongly firewalled network segmentation methods to ensure that each of their factory sites sit behind their own firewalls and on their own network segment (DHS, 2009). This allows better control of the environment and enables the isolation of one factory without impacting the rest of the factories owned by the organization. In this way if one factory is compromised by a hacker or group of hackers it can be removed and isolated from the organization’s global IT infrastructure. Network segmentation, also called Network Control (NC) is a primary bastion for a defense in depth strategy and it can also be used to help prevent a blackhat from pivoting from a relatively unsecure factory system to a core business system. Combining an Intrusion Prevention Appliance (IPS) or functionality with the firewall inside of a network segment provides a strong front line of perimeter defense for factories involved in Critical Manufacturing. These IPS’ do not have to be overly tweaked and analyzed to be effective, running them in default signature mode is an adequate layer of defense for the network segment protecting and controlling a factory environment (DHS, 2009).