Critical Manufacturing – Implementing a CSDP

Cyber security professionals are often tasked with trying to defend more
than they have the resources to defend. This is especially true in the area
of Critical Manufacturing as there tends to be a strong desire to protect
everything.  In many cases when we try to protect everything we end up
protecting nothing.  A Cyber Security Defense Program (CSDP) needs to be
very focused and strategically deployed to protect the systems and areas
which need to be protected.

Critical Manufacturing as defined by the Department of Homeland Security
(DHS) is primary metal, machinery, medical, electrical and transportation.
Primary metal is Iron, Steel, Aluminum non-Feros metals;  medical includes
facilities and devices, machinery is engines, turbines and power
transmission, within electrical is electrical equipment manufacturing,
transportation is: vehicle, aviation and aerospace parts and vehicle
manufacturing and railroad rolling stock.   Products made by these are
essential to critical infrastructure sectors. The Critical Manufacturing
sector focuses identification, assessment, prioritization and protection of
nationally significant manufacturing industries within the given sector
that may be susceptible to manmade or natural disasters.  This area is one
that is critically in need of a strong CSDP.   The discipline for CSDP must
not be twisted to taint what should be a strategic approach to the
industrial base (“Critical Capabilities At Risk,” 2009).

One critical component to the protection of a Critical Manufacturing
environment is that of using next generation, aka smart, firewalls with
intrusion prevention and with some form of malware prevention and
detection, updated via global feeds, enabled. This firewall environment
should be set up in such a way as to segment the Critical Manufacturing
infrastructure. Each individual plant or factory within the Critical
Manufacturing environment should be on their own local area network (LAN)
segment. A very basic way of thinking about this is captured in Figure 1
below.

Because of the method in which business decisions are made for factory
systems, it is critical that organizations involved in Critical
Manufacturing use strongly firewalled network segmentation methods to
ensure that each of their factory sites sit behind their own firewalls and
on their own network segment (DHS, 2009).  This allows better control of
the environment and enables the isolation of one factory without impacting
the rest of the factories owned by the organization.  In this way, if one
factory is compromised by a hacker or group of hackers, it can be removed
and isolated from the organization’s global IT infrastructure.

To learn more about protecting critical manufacturing read Chapter 4 Critical Manufacturing in Protecting Our Future: Educating a Cybersecurity Workforce, Vol. 2.