Grimm is helping us celebrate Cybersecurity month by taking an in-depth look at both risks and mitigation strategies
The Business of Cybersecurity in Advanced Manufacturing
2021 has been the year of ransomware. The frenzy of attacks against Colonial Pipeline and JBS Foods within a week of each other suddenly sparked dialogue among businesses, politicians and everyday citizens about cyber vulnerability. The security of our critical infrastructure, food, and manufacturing supply chains were now front and center. Manufacturers suffered a barrage of attacks over the last year with focus on new access points and threats arising from the IT/OT environments. Advanced manufacturing technologies increase the cybersecurity challenges confronting manufacturers in this new era of technology and risk.
Enterprise IT typically lacks the security necessary to mitigate risk, even with air gapping, and monitoring OT environments can lead to costly downtime, or worse, physical harm, if not managed properly. These are challenging times for manufacturers. It has never been as important to be both an expert in informational and operational technologies. But here we are, facing the need to enhance the cybersecurity posture to reduce the risk of attacks. This article will outline both the cyber risks and offer remediation strategies for manufacturers to consider.
Increasing technology in the manufacturing environment is beneficial to the bottom line. Technology enables manufacturers to move toward continuous improvement cycles and accelerate production schedules via technology integration. Digital tools drive revenue, making them increasingly important to manufacturers who often face low profit margins. To overcome net margin issues, more manufacturers are using smart manufacturing technologies to reduce waste and enhance revenue but increasingly struggle with deploying comprehensive cyber strategies which naturally cost money, not make money. According to the Deloitte : 2020Smart Manufacturing Ecosystem Study, manufacturers are increasingly taking an holistic approach:
- 58% saw increase in pace of new digital products/services in market
- 53% expanded company’s innovation capacity
- 58% acceleration in company’s digital maturity
- 42% saw reduced operational costs through greater efficiencies
IP-Based Cyber-Physical Systems
While Industrial Internet of Things (IIoT) technologies enable manufacturers to connect their machines and factory floors to the cloud, they face vulnerabilities arising from inadequately protected networks, processes, and operations. According to research, nearly 1 in 5 manufacturers experienced a cyberattack in 2020-2021, with the impacts of:
- 35%: up to a week to recover
- 18%: up to two weeks to recover
- 5%: 15-21 days to recover
- 8%: more than 21-days to recover
Malware attacks were most prevalent, with 40% of organizations with attacks reporting malware attacks and 17% of the incidents arose from ransomware. The enterprise network is often a primary attack vector because of inherent security vulnerabilities. User access and compromised devices on the enterprise network pose risk. In the past, air gapped OT networks were safe from risks like phishing attacks and brute force attacks, but risk exists because IT/OT are converged. They can no longer be completely separated.
Prior to COVID-19, manufacturers may have been able to avoid workers bringing their own devices into their networks. However, remote access became mission-critical in 2020 and mainstreaming of “work from home” policies may be here to stay. Supporting IIoT devices offering mobile applications or web-based interfaces and ensuring the appropriate security for workforce member devices is more important than ever.
Cyber Resilience in A Converged IT/OT Environment
The advent of Industry 4.0 technologies offers significant advantages for manufacturers needing to thrive in a technological world. Balancing budgets to mitigate data breaches, ransomware attacks or worse, physical harm or death of an employee, are holistically addressed. This is particularly challenging for small and mid-sized manufacturers often targeted as the “weak link” in the supply chain, now needing to prioritize the cybersecurity vulnerabilities residing in the environment.
Though many are overwhelmed at the prospect of cybersecurity for manufacturing, this article will explain the risk and highlight strategies for mitigating cybersecurity risk.
Every technology and network should be monitored for potential vulnerabilities, and conducting vulnerability assessments and/or security architecture reviews across all connected technologies is a great first step. To address the importance of cybersecurity for manufacturers, CISA released its “Critical Manufacturing Sector Security Guide” in July 2020 advocating for protective vulnerability assessments.
As OT networks are no longer isolated from the enterprise IT, manufacturers should strive to create zones of segmented networks:
- Virtual zoning
- Logical separations
- Filtering and inspecting network traffic across zones
- Protocol inspection
Penetration tests for connected IT/OT environments can be difficult but necessary to investigate systems to validate controls. With OT, any “breakage” can lead to costly downtime and manufacturers considering an IT/OT penetration test should ensure the project scope includes the following to mitigate undesirable impacts:
- Identifies and documents all devices and processes
- Understands data flows and network architecture
- Conducts data discovery, classification, and analysis
- Review OT user access
Setting best practices configuration baselines for IT connected devices reduces the potential impact that known vulnerabilities can have on the OT environment. Traditional scanning devices often fail to detect outdated or high-risk configuration issues on OT networks. Suggestions for ensuring secure configurations across the converged IT/OT environment include:
- Tracking all remote changes
- Identifying and tracking local changes
- Maintaining version control across firmware and hardware
- Ensuring appropriate patch management
To ensure cyber-resiliency, organizations should create proactive security programs adopting an assumed breach paradigm which assumes compromise. Threat hunting is a proactive security measure that looks for indicators of compromise by:
- Leveraging threat intelligence
- Understanding tactics, techniques, and practices used by threat actors
- Validating controls to protect against attacks
GRIMM is a cyber research firm dedicated to supporting our clients with increasing the cybersecurity resilience of their systems, networks, and products by introducing the adversarial perspective to allow our offense tactic to be our clients’ defense. For more information about GRIMM’s consulting, research, and training, visit their website here.