Are you missing this layer in your cybersecurity stack?

Published on
December 18, 2023

Cybersecurity is a top concern across all industries, but the stakes are even higher among industrial companies where a breach could trigger downtime, impact worker safety, or disrupt customer service — all nightmare scenarios with direct impact on the bottom line.

Cyber breaches are escalating with many new strains and attack vectors specifically targeted at industrial companies. The IBM Security X-Force Threat Intelligence Index 2023 reports that the manufacturing sector was the top target for cybercriminals for the second year standing. According to the Dragos 2022 ICS/OT Cybersecurity Year in Review, more than 70% of all ransomware attacks focused on manufacturing, putting OT networks at risk, and creating significant problems for a sector that has a low tolerance for downtime. 

IoT and OT devices rank among the least secured assets on an organization’s network. A Ponemon Institute/Microsoft report found that more than half (55%) of responding organizations confirmed they don’t believe IoT and OT devices on their networks were designed with security in mind. Another report found that 90% of OT leaders have experienced at least one intrusion. And the effects of a breach are off-the-charts costly: Estimates are that downtime runs companies $4.2 trillion dollars globally, representing 11% of all manufacturing revenue. (From Copia eBook: Modern Backup Strategies for Industrial Automation)

The U.S. Securities and Exchange Commission (SEC) recently added another wrinkle, releasing new rules for when and how cyber breaches are disclosed. The SEC mandate requires publicly-traded companies to publicize specifics on cyberattacks within four days of realizing that a breach would have a “material” impact on their finances. While the rules don’t go into effect until mid-December, Clorox was among the first to comply, proactively disclosing a breach incident this summer and illustrating the pressure on companies to step up their cybersecurity game.

Recovery practices as backup protection

While a robust cybersecurity stack is the anchor of enterprise safeguards, backup and recovery practices are also key to bouncing back from a security breach. Manufacturing networks, including PLCs and controls platforms, are typically not backed up with the same rigor as IT networks due to the complexity associated with the sheer number of diverse devices, proprietary languages, and different people involved across myriad locations. 

Because of the preponderance of manual processes, automation engineers commonly struggle to find the latest files to restore service in the event of a security incident or even when a device fails. Moreover, “on the fly” modifications made to ensure machines are running properly are often not adequately documented or captured, thus difficult to recreate in the event systems are swept offline.

Copia’s DeviceLink, developed to address the challenges of device backup, can serve as an added layer of protection in an industrial cybersecurity framework, ensuring ease of backup and system resiliency. The system automatically backs up code on devices either on-demand or based on defined schedules or run on-demand anytime, and sends it to the Copia Git-based source control system for ease of archival and retrieval. This process ensures controls data and files are secure and can be quickly restored in the event of a security breach or other catastrophic incident.

In the event of cyberattacks like ransomware, controls engineers can rely on DeviceLink backups to restore the control program and associated data to a clean and secure state. “This minimizes the impact of cyber incidents and ensures the control system can be quickly recovered without compromising operational integrity,” a Copia engineer explained. 

The ability to visualize code (and all code changes) in the Copia source control system, including within a browser, is another asset for reestablishing control and in many cases, avoiding downtime. In the event that systems are knocked offline, having local copies of the latest working versions of projects, including source control, as well as backups of devices, ensures a quick recovery.

There are also disaster recovery benefits to Copia used in conjunction with DeviceLink. “If a PLC module fails, controls engineers can replace the hardware and restore the program from the backup, minimizing production downtime and avoiding the need to recreate the program manually,” the engineer said.

Looking to learn more about how you can prevent downtime? Check out our eBook: Modern BackUp Strategies for Industrial Automation today!