Today our Cybersecurity – Identity and Access Management series, Chris Grove explains why rather than planning to ‘not fail’ in any aspect of an IAM program, we should be planning to fail.
Eventually, even great empires fall. Well built, properly designed things fail. Reliable, well-manufactured products break. Recognition of these realities drives us to mitigate catastrophes before they happen.
This includes many of the tenets of an identity and access management program, a hallmark of the operational technology (OT) security Australian manufacturers rely on to protect their production processes. IAM is a framework of security and data management that controls who can access systems and what different users can do once inside. It’s vital for manufacturing outfits with complicated networks that connect across the globe via supply chain systems.
Research indicates manufacturing accounts for 13 per cent of known cyber-attacks in Australia, which is one of the reasons why manufacturers implement strong credentialling to actually plan on the risk of a failure of the perimeter controls. If the network firewalls fail to protect the resources, we leverage passwords as the next line of defence to prevent intruders from gaining deeper access to systems.
Within the common controls used in IAM, manufacturers are leveraging this tactic at a deeper level. They expect a simple dictionary-based password will fail, so they now enforce complexity requirements on the password. The secrecy of the password is also likely to fail, so that risk is further mitigated with things like password management, two-factor authentication (2FA), and password-less access – which might use email or app notification verification instead of a password.
Practitioners within the IAM space need to ensure they’re planning to fail, otherwise they’re failing to plan.
In manufacturing – especially as IT and OT security systems converge – failure in IAM could have unacceptable consequences. This goes far beyond an inability to login – failures in IAM can pose risk to availability, and subsequently, the operational metrics of a manufacturing operation, or worse, put human lives at risk.
Rather than planning to ‘not fail’ in any aspect of an IAM program, we should be planning to fail. What does our world look like when we have a failure within our IAM program, infrastructure, technology, or processes? Is it lights-out, or do we have some form of resiliency to our industrial control systems (ICS) and processes?
Further, could we even detect a failure, or does there need to be a catastrophe before we’re aware? What kinds of tools can we leverage to help detect IAM bypasses or failures? Are we resilient to multiple concurrent failures, such as stolen credentials and a firewall bypass? What if our cloud security posture impacted operations? Are we properly monitoring for misconfigurations in our zero trust model – which follows the philosophy of ‘never trust, always verify’?
If the answer to any of the above is ‘no’, you’re not truly planning to fail, and the penalties could be prohibitively expensive. Embracing consequence-reduction tactics as part of a greater cyber-resiliency strategy can help start that journey for manufacturers staring down the barrel of greater threats that could grind their operations to a halt. This means they can more confidently, and with less risk, embrace the Industry 4.0 resurgence taking place across Australia.
Subscribe to our free @AuManufacturing newsletter here.