For Stefan Turi, Sales Executive for Network and Security Services at Rockwell Automation, 2017 was a landmark year. That was, he says, when the first ‘ransomware’ attacks were made to compromise the computer systems of commercial organisations to extort money from them.
Turi says unambiguously that companies today can face “multiple types of threats” to the integrity of their computer systems from equally diverse external sources – “hackers, ransomware groups, hostile governments, even rival commercial interests wanting access to intellectual property”. He adds that for almost all companies it is a question of “when” not “if” such a threat will materialise.
His verdict is borne out by official figures and advice. In the UK, for instance, the Government states that 39 per cent of all businesses reported suffering cyber attacks in 2022. In the US in the previous year, the Federal Bureau of Investigations (FBI) specifically alerted the food producing industry that it was becoming a target for ransomware attacks.
Cyber attacks aim to infiltrate the victim organisation’s computing infrastructure by finding or creating a weak point which need be “just one computer in a network”, says Turi. Ransomware often operates in this way – a standard tactic is to send large numbers of emails to a company each addressed to a named individual. It then only requires one person unwittingly to open such a communication to release some malign entity into the wider network.
To stop cyber attacks from achieving the “lateral movement”, it is a vital counter-measure that ransomware needs to be really destructive. As such a strategy to protect a company from cyber attacks has two essential elements – not just detection but also the partitioning of company’s networks by means of internal ‘firewalls’ that can stop threats from spreading.
This “micro-segmentation”, says Turi, is especially apposite in manufacturing environments. The operational technology (OT) domain has autonomous areas such as logistics and production equipment: “So firewalls between them mean threats cannot spread.”
The cybersecurity services Rockwell Automation offers to counter cyber threats to manufacturing companies, therefore, utilise both its own products and expertise and those of partner organisations to optimise their effectiveness. Rockwell Automation itself will carry out initial risk assessments and that essential micro-segmentation in OT will use either its own Stratix technology or a counterpart provided by Cisco.
“Vulnerabilities can take various forms,” says Turi. “An outdated switch or a controller with legacy firmware might provide an entry point, so might the filesharing function of an older operating software.” A particular danger is when companies seek to add modern digital techniques to older software, which can create “heterogenous landscapes” in which previously secure data silos are opened up.
One company that has taken advantage of Rockwell Automation’s expertise is Italian supplier of packaging equipment CT Pack. It has used Rockwell Automation’s FactoryTalk Remote Access solution to ensure it can comply with the IT security requirements of its customers to enable it to provide them with immediate support services.
Turi has a final warning. On average, he says, it takes “242 days” from the time hackers gain access to a company’s computing infrastructure to their detection and no company can afford to give malicious forces that much opportunity.