All the latest news from the industry weekly compiled by the editorial team for you free of charge.
This eMail is already registered.
An unexpected error occured.
Please accept our Terms of Use.
Registration successful.

CYBERSECURITY IN MANUFACTURING SECTOR Cybersecurity to safeguard operating technology

Dec 29, 2022

The fourth industrial revolution heralds an era of tremendous potential for innovation and growth. It also brings new risks and challenges, this might be most evident in today’s manufacturing cyber landscape. This section explores how cybersecurity has been prioritised by manufacturers, with a focus on OT cybersecurity to safeguard operating technology assets, systems, and processes from cyber attack and comply with strict regulatory requirements. - Somnath Banerjee, CISO, WhizHack Technologies

Manufacturing has long been a foundational part of the global economy and a leader in technological innovation. In a world dominated by a focus on the fourth industrial revolution, and what has been called Industry 4.0, manufacturers have increasingly adopted robotics, Artificial Intelligence, Machine Learning, and advanced analytics.

Adoption of new technologies

In an effort to increase productivity in their operations, many manufacturing companies became some of the earliest adopters of technology. Paperless trends among other industries, manufacturers using technology to store employee records, credit accounts, transaction information, banking account transactions, and even trade secrets. Industry 4.0 is revolutionising the way companies manufacture, improve, and distribute their products. As manufacturers strive to keep pace with adopting new technologies that come with the next phase of the industrial revolution, it has resulted in manufacturers digitising their environments.

However, while this has its benefits, such as increased automation, process improvements, and new levels of efficiency,it is also exposing critical Operational Technology (OT) to security vulnerabilities and presenting new windows of opportunity for cybercriminals. Since last year, there has been an 88% increase in OT vulnerabilities, which are used to attack critical infrastructure and expose vital systems to potentially devastating breaches. More specifically, 89% of electricity, oil & gas, and manufacturing firms have experienced cyber attacks impacting production and energy supply over the past 12 months. With OT systems supporting high-level control systems & other essential industrial equipment, attacks on these vital assets can inflict severe economic damage and even endanger public health and safety.

Manufacturers are aware of the threat, and the cybersecurity of their networks is being prioritised in response. In fact, cybersecurity is an urgent priority for 63% of manufacturers, with almost half (43%) investing in security, firewalls, and antivirus precautions. However, one of the biggest challenges is that not all OT assets can be easily patched or run anti-virus and other endpoint protection agents. Industrial control systems in OT environments often use legacy or outdated equipment and software that no longer receives security updates. Scanning the systems may disrupt operations, and applying patches requires taking these systems offline for maintenance, which is not only expensive but disruptive to critical operations.

OT security challenges

OT systems are burdened with a long list of cybersecurity concerns, including:

  • Equipment with decades-long lifecycles

  • An inability to patch systems due to stability concerns

  • And a lack of basic cybersecurity features such as user authentication or encryption

OT cybersecurity has traditionally been its own discipline. OT cybersecurity can be defined as: “The practises and technologies used to protect people, assets and information involved in the monitoring and/or control of physical devices, processes, and events, particularly in production and operations.” Over the years, as IT has been incorporated into OT systems, the approaches to cyber protection have also merged, but the primary goals of the two disciplines remain distinct. The weakest spot for OT attacks might not be the networks. Organisations are struggling with the complexities and the lack of protocols and entrusting standardisation. Almost every ICS/SCADA vendor is aware of how the risks permeate the OT environments and how crucial it is to protect the networks. On the other end, the ongoing digital transformation efforts will expose decades-old legacy systems to malware attacks. The structural problems are worsened by the lack of (OT specific) cybersecurity controls in these environments, which allows hackers to take advantage.

OT security solutions

Manufacturers should be focusing on creating a specific OT cybersecurity plan, integrating OT and IT cybersecurity efforts as much as possible, and looking to bundle OT cybersecurity more fully into broader enterprise risk management strategies. Business considerations are driving a wholesale revolution in manufacturing technology deployment, and OT cybersecurity strategy needs to be viewed as a foundational core competency within manufacturing organisations.

Recently, Indian companies have developed OT security solutions that can be scaled up and applied to on-premises assets, including specialised infrastructure such as fuel sensor networks in oil refineries. New deception technologies can first disrupt attackers’ attempts to probe the network and then feed false information to them. This is quickly becoming imperative for organisations that have begun introducing digitisation, AI, and cloud-based infrastructure. The most effective unified security systems encompass all OT and IT elements, including IoT, industrial IoT, mobile, and wireless devices.

Next phase of OT security

The next phase of OT security will be adopting stable cloud infrastructures for storing Big Data from both a manufacturer and its customers. By combining these in a data lake, companies will be able to apply Machine Learning algorithms to gain additional insights and recommendations.

Traditionally, security was not as critical a consideration because a manufacturer’s OT network was designed to be isolated, running less-known industrial protocols and custom oftware. Those systems had limited exposure, whereas, today, OT environments have converged and are often no longer airgapped from IT networks, meaning that the lack of security measures poses a critical risk. Unfortunately, this connectivity has not gone unnoticed by threat actors. ICS and OT-specific malware such as Indus Troyer, Triton and In controller are evidence of the increasingly sophisticated capabilities that attackers have begun to deploy in attacking ICS and OT facilities, resulting in many serious incidents.

Insecure by design

Furthermore, recent research has revealed 56 new vulnerabilities in 10 operational technology (OT) vendors’ products that demonstrate significant insecure-by-design practices. Of the sectors observed, manufacturing is at the top (26%), with almost a third of affected devices still in use. Alongside this, the research has found affected products to be prevalent in industries such as oil & gas, chemical, nuclear, power generation & distribution, water treatment & distribution, mining, and building automation.

Most OT devices are insecure by design, with vulnerabilities stemming from unauthenticated protocols, insecure firmware updates, and unsafe native functionality. For instance, 38% of the vulnerabilities discovered allowed for credential compromise, and 21% gave attackers a way to introduce poisoned firmware into the environment. In addition, 14% of the flaws stemmed from native functionality — such as logic downloads, firmware updates, and memory read/write operations — that gave attackers a way to execute malicious code remotely on OT systems.

In fact, one of the biggest issues facing OT security is not so much the presence of unintentional vulnerabilities, as it is the persistent absence of basic security controls. These devices often lack the critical controls needed to authenticate users and actions, encrypt data, and verify whether firmware updates and software are signed and verified. When these mechanisms are present, they are often weak and easily hacked or seriously undermined by other issues, like the presence of hard-coded and plaintext credentials on the device.

The research also found that many insecure-by-design devices have security certifications, which often results in a false sense of security, & can lead to significantly complicated risk management efforts. The testing requirements of these certifications are sometimes limited to functional verification of features rather than stress testing of defensive capability; so as long as the feature is present, it is assumed that it is secure. Another issue is a general lack of common vulnerabilities and exposure (CVE) reporting for industrial control systems. Issues considered the result of insecurity by design have not always been assigned CVEs, so they often remain less visible and actionable than they ought to be. Vulnerabilities in supply chain components also do not have a great track record of being reported by affected manufacturers.

OT attacks can be minimised by having the below solutions

  1. Endpoint management software

    Manufacturing companies use many types of devices that are connected through the IoT/IIoT. In order to prevent the threat of hackers, endpoint devices such as laptops, smart phones, tablets, bar code readers, and more should only be allowed to access your network after it has been proven that they comply with the network’s security criteria.

  2. Policies, procedures, training, and testing

    Identifying the strengths and weaknesses in the systems and cross-checking between departments, functions, and personnel can help to ensure process flows are up-to-date. Combining this with a properly designed and enforced system of operational and financial controls can help defend the resources. It is also crucial that the employees understand the policies and procedures and are trained to know what to look for when it comes to IT/OT security.

  3. Network segmentation

    Manufacturing companies can reduce their risk of a full-fledged intrusion by dividing their network into zones and conduits. Not only does this improve the security, but it also improves the ability to monitor and control what is happening in company’s network.

  4. Layered security models

    Having multiple layers of security in place is a step towards securing your manufacturing company from outside intruders. If these security measures are performing correctly, hackers will have many obstacles to jump through, making detection and remediation easier. Uses triple layer engines containing industry standard mature signature technology with highly optimised Machine Language (ML) and Deep Learning (DL) based models working in conjunction to detect network-based attacks on data captured by multiple agents.

Image Gallery

  • Insecure by design practices

    Insecure by design practices

  • Somnath Banerjee
CISO
WhizHack Technologies

    Somnath Banerjee

    CISO

    WhizHack Technologies

Companies related to this article
Related articles