Article by Leon Poggioli, ANZ Regional Director at Claroty
In the last decade, digital transformation has completely changed the way many of Australia’s industries operate, with the manufacturing sector being no exception. Advancements such as automation and the integration of IoT devices and other cyber-physical systems throughout production, packaging, and other essential operations have revolutionised the manufacturing process.
While these advancements have brought exceptional benefits, they have also led to a significant increase in cybersecurity risks. Whether it’s ransomware infections halting assembly lines, rogue insiders remotely altering settings to compromise production or other types of attacks that exploit security weaknesses in cyber-physical systems (CPS), the rate of cyber-attacks has continued to increase as the industry becomes more and more connected.
The ultimate goal of a manufacturing cybersecurity strategy is to protect the CPS on which production availability, integrity, and safety rely. To achieve this, manufacturers must look beyond traditional IT security tools, which are often inadequate at protecting complex environments with a mix of legacy operational technology and modern IT.
The key challenges in manufacturing cybersecurity
- The prevalence of legacy systems
Much of the technology that manufacturers rely on today is decades old. It was never designed to be connected to the internet, nor withstand any form of cyber-attack – as this simply wasn’t a risk when it was introduced. As a result, patching security vulnerabilities in this technology is a complex and time-consuming task, which often requires operational downtime. And, because manufacturers’ profits have always been tied to uptime, many companies don’t bother patching at all.
After all, downtime hinders productivity, and productivity underpins profitability. As a result, even some of the most successful manufacturers in the world are operating with unpatched legacy systems laden with vulnerabilities that threat actors have their eyes on.
- The use of proprietary protocols
Legacy OT assets and even modern types of CPS typically use proprietary protocols, which are incompatible with traditional IT security tools. Many of these tools also consume far more resources than CPS can handle – and for many manufacturers, it’s not worth the risk of disrupting the critical yet delicate physical processes they support.
These compatibility issues also extend to standard inventory and asset management solutions, which is largely why simply discovering — much less protecting — their CPS assets is a key cybersecurity challenge for manufacturers across sectors.
- The need for remote access
In order to give internal and third-party personnel access to maintain the CPS in their OT environments, most manufacturers rely on remote access tools. The most common choices include traditional IT solutions like VPNs and jump servers, but these solutions were never designed for complex OT environments and don’t account for their unique security and operational requirements.
Therefore, these solutions are inherently risky to use in a manufacturing environment and can give attackers an easy way into the network.
- The proliferation of ransomware
Ransomware attacks have risen drastically in the last few years, plaguing the manufacturing sector with costly cleanups. Given most manufacturers are part of a wider supply chain, an attack on one company can have a ripple effect on all the other manufacturers, distributors, retailers, and even consumers further down the chain.
And the costs aren’t simply financial – manufacturers suffer data and intellectual property loss, reputational damage and regulatory compliance issues, and even potentially public safety issues.
Three principles for stronger cybersecurity
To overcome these key challenges and ensure protection against existing and emerging cybersecurity threats, all manufacturers should adhere to the following three key principles that are purpose-built for securing CPS:
- Gain total visibility of your OT environment
Having a comprehensive inventory of all assets in a cyber-physical system is a prerequisite to protecting them from threats. Creating such an inventory is one of the biggest challenges for manufacturers when assets might be distributed across OT, IT, IoT and building management systems.
Fortunately, tools are available that automate the process of asset discovery and identification and the creation and maintenance of a comprehensive and up-to-date inventory.
- Integrate IT and OT security tools
While OT and IT may be different and at times incompatible worlds, this does not mean securing each is a completely separate process requiring duplication of security tools and techniques. Products are available that enable existing IT security tools to reach into and manage the security of OT and cyber-physical systems.
They enable manufacturers to gain visibility into both environments and manage security across them in an integrated manner.
- Govern IT and OT security as one
OT implementations in manufacturing plants often have cybersecurity and governance features inferior to those typically found in IT systems because they were built without any intention of being connected to the internet and designed with functionality and reliability as the top priorities.
In some cases, such features are completely absent. However, extending IT security tools to embrace OT enables these shortcomings to be overcome and IT and OT to be managed and secured consistently and together.
All these functions can be delivered with a security platform specifically tailored for CPS protection, which won’t leave any gaps across your network. In the face of increasing cyber threats to manufacturers, CPS protection platforms are becoming vital to ensuring manufacturers maintain their roles in the global economy, creating jobs and advancing technology, providing for the needs of industry and society, and more.