The digital revolution has ushered in a new generation of streamlined manufacturing, operations, and logistics. But beware, this new world of connectivity brings with it great risk.
Each new internet-connected device, whether it’s a large manufacturing robot or a small sensor, carries with it the burden of joining a local network in accordance with the latest cybersecurity practices. So putting too many roadblocks, such as limiting access via firewalls or making access so difficult it impedes productivity, potentially limits its ability to communicate freely with other devices or send critical diagnostic reports back to stakeholders.
On one hand, manufacturing has now become the world’s most targeted industry according to IBM Security’s 2022 X-Force Threat Intelligence Index. On the other hand, the promise of greater business growth through connected devices has motivated many companies to continue forward while ignoring cybersecurity risks over plant efficiency and modernization.
For the first time in five years, operational technology (OT) facilities are an even bigger target than the finance or insurance industries. We can attribute this to both taking advantage of an industry where even an hour of downtime can have a significant financial impact on a company, making high ransoms more likely to be paid, in addition to the ease of hacking into these improperly secured OT networks that operate on legacy machines and components, made some 30 or 40 years ago.
With recent years showing us that manufacturing supply chains are as critical as they are vulnerable, asset owners and operators are facing their greatest challenge—applying the proper cybersecurity controls within their OT networks without hampering their production capabilities.
Here are four pillars to securing OT devices both in the short and long-term:
- Visibility reduces risk: It’s easier said than done to understand the security status of OT machines. CISOs are tasked with securing connected machinery they cannot take offline to review credentials, apply a manufacturer-approved update, or even for a general inspection. With so many devices operating in such synchronous precision, the risk of any downtime, including installing an update or doing a simple restart, may result in more lost revenue than it’s worth. Gaining full visibility into the network, mapping it, and understanding what the crown jewels are and how to protect them challenges CISOs and security decision-makers every day.
- Assess risk: Start by asking how much risk is acceptable? Or, if rephrased, where do I start, and how do I prioritize my security roadmap? With the newly virtually-mapped facility, carry out risk assessments by running simulated attacks and remediation techniques. Many times, teams are surprised that Facility A, which houses more critical equipment, is less impacted, while the impact on Facility B was worse than anticipated. Take the opportunity to compare previous hypotheses against newly- produced data. Update playbooks, practice mitigation techniques, and consider which investments are critical to achieving the company’s risk reduction goals.
- Make a plan: Comparing new risk assessment data against operational needs and company goals pivots the role of an OT CISO from someone who’s always putting out fires to one who can make proactive data-driven decisions. An actionable security plan should answer the following: Which devices are at the greatest risk? Which machinery has critical software updates ready to install? What security controls are available to help assess and carry out a security plan? The right tool will paint a clearer picture of all devices and the software versions they operate. It will also let teams obtain the information they need to generate an active baseline to run against anomalous events. Cybersecurity hygiene policies that the organization must follow. In the short term, the plan should include limiting network access and reviewing credential information for every connected device. The team can only reach long-term goals once the team maps the full it has a virtual environment to understand device roles.
- Patrol the network: Threat landscapes are always in flux. A secure network today may become exposed to a new vulnerability tomorrow. Even if cybersecurity teams could shut down a full facility and conduct a thorough manual risk assessment, the validity of this review has only a short lifespan. Ongoing monitoring and the ability to run simulated attacks with the team are the only way for security decision-makers to keep pace with, and act faster than, attackers. It’s not possible to prevent all attacks, but the right approach will offer the oversight the team’s new security goals demand without the operational interruptions that organizations fear.
Global attack data shows that manufacturing, infrastructure, and supply chain operators must assume that a serious attack is imminent. The outcome of a successful vulnerability exploitation includes ransomware payments, costly downtime, and exposed data. Identifying a normal operations baseline and implementing an ongoing monitoring tool will let teams identify anomalous behavior early, signaling a breach attempt, and allowing time to stop a hacker in their tracks.
Securing industrial environments has become crucial to protecting a business's assets, reputation, and customers. However, it's essential to approach security from a business-first mindset, taking into account the business's overall goals and objectives, the potential impact of threats, and the costs and benefits of security measures. By doing so, businesses can ensure that their security roadmap supports their operations and protect them against potential cyberattacks.
Ilan Barda, co-founder and CEO, Radiflow