In order to know whether there is a cyber security issue, we need to be aware of potential factors that can pose security threats. We need to have a complete overview and predictability of our own cyber security. This includes an overview of the installed base, both regarding to hardware and software, hereunder IP-addresses and configuration, not to mention available revisions and versions of software/firmware we are currently running. If you don’t have a complete overview of your installation, chances are that the installation is at risk. Most often, we don’t realize that we have a cyber security issue until it is too late.
It is important to understand that a small act can, in worst case, create a threat to the entire installation. If something were to happen due to an attack or a mistake, you can in best case, get back to operation without dire consequences if you have good routines. In other cases, you could be lucky, and the systems will not be knocked out, or you’re able to clean up with the use of back-ups. In the worst cases, you can lose critical data and 1000s of man-hours can be lost, which in turn means losing the ability to operate the asset. Getting back to regular operation after an incident can take anywhere from a few weeks to months, depending on the severity of the attack. Some equipment might have to be switched out, which is an added cost. In this case, some potential side effects of an attack can be loss of information or technology, industrial espionage, others gaining competitive advantages in technology, to name a few.
External threats are not the only cyber security issue. The behaviour of our employees plays a vital role in ensuring top security. A widespread issue is with people who perform risk-filled tasks, as someone can expose critical networks without being aware of it. Anything from inserting a Flash Drive to connecting via a wireless network, can be a threat to the cyber security on your installation. A way to ensure top cyber security is by spreading awareness throughout the company and setting up training for employees.
The most important part of cyber security is the attitude and behaviour of your employees.
However, there are other things than viruses and malware that can pose threats to your installation, for instance not testing the systems and having backups of critical information, testing of new configurations, or running discontinued systems that could expose you to loss of data if an equipment problem arises.
Another threat to cyber security is not being in control of LCI (Lifecycle information). This is a problem if equipment breaks or shuts down, and the company doesn’t have updated drawings, documentation, or the information needed to maintain an installation.
It can be a threat if we don’t have control of the changes within the system, especially during new configurations. If something happens, we need gather information from our suppliers, and to do that we need the best possible overview of the situation and what went wrong. Also, if we receive a factory notice for some equipment, we need to know if that affects us, which is another reason why we need documentation on the equipment running in the installation.
The types of systems and the flow of data within your network can also pose security threats. It is therefore important to check for unwanted dataflow between networks and shut gates to reduce unnecessary flow, as this will lower the risk of network intrusions. Establishing a system for access control, restricted accesses, conditions for passwords, two-factor authentication, and similar, are all measures you can take to ensure better security and lower the risks if something were to happen.
There are different ways of noticing poor routines and creating better ones to ensure the security of your installation and its continued operation. If you need help, invite your employees to challenge you. Look into how the installation is run on a day-to-day basis. You can set up different scenarios for your employees and ask how they would handle them. This should consist of a selection of employees of different demographics to find trends that mirror those of the organisation. You can set up a plan for improving the routines and creating a stricter infrastructure, based on your findings, along with tailor-made employee training. Eager employees will try to help you and listening to everyone might help you uncover other threats.
It is important to lower the threshold within the company of admitting that you have a cyber security issue, so that you can take preventative measures, preferably before a problem arises.