Treat your ICS as part of your corporate network
Ideas about cybersecurity in the manufacturing sector have started to change, and it’s about time. Until recently, a common misperception among those in the industrial world was that that they had little to attract hackers—no credit card data, no health records, no bitcoin. But manufacturers do have data, and it’s immensely valuable — their trade secrets. Profit isn’t the only motivation for hackers many just want to cause chaos. There are plenty of reasons for hackers to attack manufacturing systems; the proof is that one out of three industrial control systems (ICS) computers were hacked last year (Kaspersky Lab, Sept 2017).
That number seems daunting. Many industrial automation systems have only limited internet connectivity, if at all. But they are connected to their corporate networks, and that’s where the weakness lies. Only half of manufacturing businesses isolate their ICS networks from their corporate networks (www.ncms.org/CyberSecurityReport). The rest are the mercy of the same phishing, ransomware, and insider attacks as any financial or healthcare organization.
One vulnerability that affects manufacturers in particular is poor security practices among their vendors. It just takes one weak partner to infect an entire supply chain. Hackers are efficient criminals; they conduct research using Lexis Nexis, LinkedIn, and even dumpster dive to learn what they need to know to launch the most effective attack possible against their target of choice. If they want to attack your business, they may learn who your vendors are, choose those they suspect to be the weakest¾which may be a mom-and-pop shop, or may be a larger business that has a reputation on the dark web as an easy takedown¾and breach the weak vendor in order to hop onto your network.
Security professionals like to say, “Security is people.” The average worker at a bank or hospital is highly aware that their employer is a high-value target, so they are more cautious than those in other industries about clicking on links or opening attachments. The average worker in an industrial business may not be as guarded. Security awareness training is a step in the right direction, but not all workers will take it seriously. Even if every worker did keep security at top-of-mind, humans still make mistakes. It just takes one accidental click to open the door to malware. And once inside, it may make its way to whatever target its authors desire. That could be your trade secrets, or it could be the main controllers in your automation system.
How Optimal IdM Protects Manufacturing
Manufacturers have a complex environment to protect. They belong to lengthy global supply chains, have workers in the field using mobile devices to access their controllers, and may frequently scale their workforces up or down. Password management rules and security awareness training are not effective in a dynamic business that has many trading partners and regularly onboards new workers.
Manufacturers need to provide access to their systems to varying numbers of people across varying numbers of trading partners, and they need to do that without hurting productivity. One option is the OptimalCloud™, a sophisticated and powerful Identity and Access Management (IAM) solution complete with concierge managed services.
Virtual Identity Server
Optimal IdM’s Virtual Directory and LDAP Proxy protect your Active Directory, LDAP and hundreds of other possible directory silos providing:
- A secure LDAP firewall to your infrastructure. This provides a single pane of glass to apply identity security policy administration as well as a single point of auditing and reporting.
- An Identity Firewall
- Centralized Identity Access Control & Security Policy Management
- Dynamic, Real-time Policy enforcement
- Brokering without storing data
- Functions independent of any single application – no application retooling
- Vendor Agnostic, Heterogenous, Standards-based
- Filters to hide any attribute
- Complete audit logging for all AuthN transactions
Our LDAP Proxy rides on our powerful Virtual Directory technology which can project a single view of hundreds of A.D. forests, LDAP directories, SQL, Oracle, mySQL and other directory repositories as well as web apps and claims-aware applications. The Virtual Directory supports LDAP migrations (e.g. SUN to Active Directory), and a host of other benefits – all without the need to synchronize to/from those directories.
Single Sign-On and Federated Identity
Workers don’t need to remember passwords anymore. Single sign-on (SSO) lets users sign on one time with a single set of credentials when they arrive at work, and then move between systems throughout the day securely. Users can be more productive and free from the frustration of forgetting passwords. They don’t have to call the help desk for password resets, which reduces IT costs, and they never need to write down or share passwords, which improves security.
SSO works across supply chains. Trading partners can access to a manufacturer’s systems with federated identity. Federated identity gives users the same experience of SSO; they can log into their home networks once with a single set of credentials, and then access the systems of their trading partners without having to provide their credentials again.
Logging user activities and monitoring accounts is easy, and a complete user management system that includes a custom entitlements engine and self-service administration capabilities lets administrators work more efficiently. Optimal IdM’s Federated Identity solution also supports multi-factor authentication and authorization in the cloud, on-premise, or in a hybrid environment.
None of our solutions require you to retool your applications. We provide a broker in front of them and can transform identity calls into exactly what the applications expect to receive. We’ve done it for thousands of apps and often can deploy in as little as a day.
Control Access To Your Industrial Controllers
Manufacturers are at the leading edge of technology today. Their systems are automated and connected to supply chains that reach around the world. But those systems were designed for productivity, not cybersecurity, and they may not even be managed by the IT department.
Manufacturers that want to secure their Internet of Things (IoT) and ICS devices need to prioritize a strategy for identity and access management. Whether a manufacturer runs its business in the cloud, on-premise, or in a hybrid environment, its IAM solution needs to be seamless, scalable, and secure.
Contact us today to learn how Optimal IdM can assist with your access management needs.