Maintenance Technology May 2017 - 33

CYBERSECURITY

These seven areas should form the backbone of your cybersecurity program.

Get Your
Cybersecurity
Off the Ground
IMPLEMENTING CYBERSECURITY defenses for
industrial-control systems can seem intimidating. The right
initial actions are crucial. Alexandre Peixoto, cybersecurity
expert for the DeltaV distributed-control system from
Emerson (Round Rock, TX, emerson.com), urges users to
look closely at these seven key areas. They can offer a good
defense-in-depth strategy in the short term:
■ Workstation hardening: Ensure that the workstation
configuration meets security policies.
■ User-account management: Maintain unique user
accounts and password-change routines.
■ Patch/security management: Keep hardware and software
up to date.
■ Physical security/perimeter protection: Limit physical
and electronic access to system networks.
■ Security monitoring/risk assessment: Develop security
policies and system-monitoring behavior.
■ Data management: Develop guidelines for secure data
creation, transmission, storage, and destruction.
■ Network security: Ensure that system networks are
properly segregated and protected.
For organizations wanting to get new cybersecurity
programs off the ground fast, Peixoto recommends starting
with the first three items on this list. Inexpensive to implement, they typically can be completed in-house.
-Jane Alexander, Managing Editor

Workstation hardening
Workstations are usually the entry points to isolated networks. New
installations run at peak security but, over time, changes intended for
temporary use, such as a remote access or use of removable media, are
not reversed. These changes increase the system's attack surface, especially if the allowed remote connections aren't monitored or periodically audited.
Cybersecurity isn't a set-and-forget type of initiative. Operations
should monitor and maintain all workstations using the initial configuration as a baseline. System administrators should keep records of their
system's security policies and develop policy guidelines surrounding
what can and cannot be changed.
Dedicated applications are available to help audit essential files and
services running on each control-system workstation. These applications can be valuable tools in assessing cyber-threats within an industrial control-system environment.
User-account management
Individual user accounts with appropriate permissions should be
part of every organization's security policy. Properly assigning user
permissions also has a strong impact on cybersecurity. While it may
seem easier to give every user high privilege access to the system, this
approach increases the impact of a cyberattack, no matter which account is stolen. Developing and applying guidelines for user accounts
is the first step, but setting a strategy for account management, based
on those guidelines, is key to long-term control-system cybersecurity
support.
Strict enforcement of password complexity and change routines
will make it harder for unauthorized users to gain access using stolen
passwords or brute-force attacks. A best practice is for each user to have
a unique username and password for the control system that is distinct
from those they use on enterprise business systems.
Patch/security management
Properly maintaining a control system means keeping hardware and
software up to date. When a system is unpatched or outdated, the organization is exposed to cyberattacks.
Organizations need to keep track of operating system updates, antivirus updates, and software hotfixes that are available for their systems
and regularly apply these patches. Unpatched systems are vulnerable
to cyberattacks that are based on known vulnerabilities. Appropriate,
timely patch management can be accomplished internally or by using
support programs available from automation-system vendors.

Bottom line
Not only is it easy to overlook cybersecurity, it's difficult for
plants to justify allocating resources for it if they've never been
attacked (or have been, but don't know it). Unfortunately, when
security vulnerabilities are exploited, the costs required to
recover a system are high and the impact widespread.
Focusing on the right first steps today can help secure your
industrial-control system and develop an internal cybersecurity
posture in your organization. MT

For more information on cybersecurity, go to emerson.com/cybersecuritymanagement.
MAY 2017

MAINTENANCETECHNOLOGY.COM | 33


http://www.emerson.com http://www.emerson.com/cybersecuritymanagement http://www.MAINTENANCETECHNOLOGY.COM

Table of Contents for the Digital Edition of Maintenance Technology May 2017

Maintenance Technology May 2017 - Cover1
Maintenance Technology May 2017 - Cover2
Maintenance Technology May 2017 - 1
Maintenance Technology May 2017 - 2
Maintenance Technology May 2017 - 3
Maintenance Technology May 2017 - 4
Maintenance Technology May 2017 - 5
Maintenance Technology May 2017 - 6
Maintenance Technology May 2017 - 7
Maintenance Technology May 2017 - 8
Maintenance Technology May 2017 - 9
Maintenance Technology May 2017 - 10
Maintenance Technology May 2017 - 11
Maintenance Technology May 2017 - 12
Maintenance Technology May 2017 - 13
Maintenance Technology May 2017 - 14
Maintenance Technology May 2017 - 15
Maintenance Technology May 2017 - 16
Maintenance Technology May 2017 - 17
Maintenance Technology May 2017 - 18
Maintenance Technology May 2017 - 19
Maintenance Technology May 2017 - 20
Maintenance Technology May 2017 - 21
Maintenance Technology May 2017 - 22
Maintenance Technology May 2017 - 23
Maintenance Technology May 2017 - 24
Maintenance Technology May 2017 - 25
Maintenance Technology May 2017 - 26
Maintenance Technology May 2017 - 27
Maintenance Technology May 2017 - 28
Maintenance Technology May 2017 - 29
Maintenance Technology May 2017 - 30
Maintenance Technology May 2017 - 31
Maintenance Technology May 2017 - 32
Maintenance Technology May 2017 - 33
Maintenance Technology May 2017 - 34
Maintenance Technology May 2017 - 35
Maintenance Technology May 2017 - 36
Maintenance Technology May 2017 - 37
Maintenance Technology May 2017 - 38
Maintenance Technology May 2017 - 39
Maintenance Technology May 2017 - 40
Maintenance Technology May 2017 - 41
Maintenance Technology May 2017 - 42
Maintenance Technology May 2017 - 43
Maintenance Technology May 2017 - 44
Maintenance Technology May 2017 - 45
Maintenance Technology May 2017 - 46
Maintenance Technology May 2017 - 47
Maintenance Technology May 2017 - 48
Maintenance Technology May 2017 - Cover3
Maintenance Technology May 2017 - Cover4
http://www.nxtbook.com/atp/MaintenanceTechnology/epfeb2020
http://www.nxtbook.com/atp/MaintenanceTechnology/epjan2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epnovdec2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epseptoct2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epmay2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epapril2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epseptember2019
http://www.nxtbook.com/atp/MaintenanceTechnology/epaugust2018
http://www.nxtbook.com/atp/MaintenanceTechnology/0818schneider
http://www.nxtbook.com/atp/MaintenanceTechnology/epjuly2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epjune2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epmay2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epapril2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2018
http://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2017
http://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2017
http://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtsept2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2017
http://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2016
http://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2015
http://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2015
http://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2015
http://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTJune2015
http://www.nxtbook.com/atp/MaintenanceTechnology/M
http://www.nxtbook.com/atp/MaintenanceTechnology/0415endress
http://www.nxtbook.com/atp/MaintenanceTechnology/MTApril2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTMarch2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTFebruary2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTJanuary2015
http://www.nxtbook.com/atp/MaintenanceTechnology/MTDecember2014
http://www.nxtbook.com/atp/MaintenanceTechnology/MTNovember2014
http://www.nxtbook.com/atp/MaintenanceTechnology/MTOctober2014
http://www.nxtbook.com/atp/MaintenanceTechnology/MTSeptember2014
http://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2014
http://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2014
http://www.nxtbookMEDIA.com