Building Cybersecurity for Industrial Control Systems

For interconnected manufacturing, industrial control systems are key to preventing unauthorized access to data

As manufacturers and other tech companies continue to evolve amid the Fourth Industrial Revolution and prepare for the fifth, industrial control systems (ICS) remain the cornerstone of organizationsโ ability to deliver on their goals of increased safety, productivity, efficiency, quality and innovation.
The use of advanced technologies has become table stakes for manufacturers, especially over the last two and a half years. But the proliferation of networked technologies also brings more risks and exposure to advanced cybersecurity threats. Corporate espionage targeting companiesโ networks is also becoming a more prevalent way that bad actors can gain competitive intelligence and extort organizations. Attackers have evolved, moving away from large, multipurpose attacks on network perimeters and toward focused attacks that expose businesses to more diverse risks.
Companies across the economy are acutely aware of the risks; 72% of the 400 middle market executives who responded to a recent RSM US Middle Market Business Index survey on the topic of cybersecurity said they anticipate unauthorized users will attempt to access data or systems in 2022, โa sharp rise from 64% last year and the highest number since RSM began tracking data in 2015.โ
As manufacturers become ever more networked, their devices become more interconnected and they require faster decision-making using real-time data, robust and consistently updated cybersecurity protocols are paramount. And rigorous cybersecurity protocols arenโt just crucial in terms of staying ahead of the competition; customers, business partners, suppliers and vendors increasingly require a higher level of security assurance amid rising concerns, and regulators are requiring more thorough security controls. Lawmakers in the United States, the European Union and Canada, for instance, have recently enacted or introduced rules that would tighten cybersecurity protocols across a wide array of sectors.

The Role of Talent
A significant element of addressing the above issues and developing a sustainable cybersecurity program is hiring and retaining the right people. Companies in all sectors are battling for talent in a tight labor market, but the competition is particularly acute for tech workers, including those focused on cybersecurity.
โFrom a technology standpoint, more companies are moving data and applications to the cloud for access to a higher level of protection and controls, with many infrastructure costs going away,โ according to RSMโs cybersecurity report. โHowever, as companies in all sectors are finding, the talent to manage that cloud environment is becoming more expensive and more difficult to find and retain.โ
This will continue to be a pain point for manufacturers, especially as more of them shift from on-premises data facilities to using cloud applications and services.
Questions to Frame the Path Forward
Manufacturing companies that want to determine how their cybersecurity practices stack up to the evolving threat landscape should foster honest conversations among members of their leadership teams to address the following questions:
- How does your team assess the information security risks specific to your industrial control environment?
- What steps and/or systems do you currently have in place to secure your industrial and manufacturing operations?
- How often does your team review your business processes to identify new information security risks relevant to your manufacturing processes?
- How often do you perform security threat tests and report results to the management team?
- What is your response plan for a potential operational technology breach?
Having open-ended conversations to address these issues is one of the first steps in building more resilience against cyberattacks and future threats. Working with a third-party advisor on security testing and system assessments can also be an invaluable way to determine what changes the company needs to make to protect itself. M
About the author:
Tauseef Ghazi is a principal at RSM US LLP.
