When asked how she got into cybersecurity, Nicole Darden Ford replies “cybersecurity kind of finds you.” The new chief information security officer at Rockwell Automation began her career in the military, where she first got into cybersecurity, then created a cybersecurity program for the U.S. Department of Agriculture before taking several leadership roles in the private sector.
Today, her advice for companies is surprisingly similar: cyberattacks will find you. As she puts it, “It’s not if, it’s when. And it’s not one time, it’s several.”
So how should manufacturers prepare for these threats? We spoke to Darden Ford recently about her recommendations, as well as Rockwell’s efforts to safeguard its own supply chain and provide services to other companies.
The current situation: “Manufacturers account for 65% of industrial ransomware last year. We’ve seen an unprecedented number of attacks, and we’ve seen attackers focus on OT,” Darden Ford says. She predicts the attacks on OT will only escalate.
- Meanwhile, many manufacturers have a clear strategy for IT, but they have not given as much thought to protecting their operational technology. Yet, as machines get more connected, their operations may become more vulnerable—especially as companies try to integrate legacy systems that weren’t “meant to be connected or patched.”
- In addition, “because we are so connected, there are third-party risks,” Darden Ford says. Small manufacturers may be more inviting targets for hackers than they realize, since their systems could provide a back door into the networks of their larger clients.
- On the plus side, manufacturers are getting smarter in building their defenses, she says. And that’s where Rockwell comes in.
Rockwell’s role: The company aspires to become a “trusted advisor” to companies seeking cyber defenses, says Darden Ford. Rockwell already manufactured OT, so moving into cybersecurity for such equipment was a natural next step.
- Its partnerships with other firms, including Dragos, CrowdStrike, Cisco and others, allows Rockwell to offer bespoke cyber monitoring and other services to its clients.
- These services include penetration testing, threat detection and response and an OT “SOC”—i.e., a security operations center, which monitors threats to clients’ operations remotely.
Read the full story here, including Rockwell’s cybersecurity “roadmap” for its own suppliers.