Cybersecurity in manufacturing can be difficult because Operations Technology (OT) environments and systems have requirements that differ greatly from IT environments. The high availability requirements of OT environments mean that traditional approaches to managing cybersecurity risk, through frequent updates and taking down impacted systems for remediation, are unworkable. Additionally, OT environments often include specialized hardware and protocols that require specialized knowledge to secure.
Major Cybersecurity Threats for Manufactures
Manufacturers with OT environments operate in a different environment than other businesses. The high availability of OT systems means that operations and security teams must work within tight windows for system updates and upgrades. Additionally, all software and hardware installed on the system must integrate and interoperate well with systems critical to maintaining operations.
As a result, OT environments are often composed of systems containing legacy hardware and running end-of-life operating systems and software. These differences between IT and OT environments result in unique cybersecurity threats for manufacturers operating OT environments.
The Air Gap is Eroding
Traditionally, OT systems were protected by an “air gap” that physically isolated them from Internet-connected systems. While this was not a perfect security solution, as demonstrated by the Stuxnet malware, it dramatically decreased OT systems and manufactures to cybersecurity threats and enabled them to continue operating despite the fact that they often included unpatched, end-of-life systems.
As part of initiatives designed to increase the efficiency and productivity of OT environments, they are increasingly being connected to IT networks, eroding the air gap. While this enables organizations to centralize monitoring and management of these systems, it exposes them to attackers that take advantage of the connectivity between IT and OT networks.
As a result, OT systems require the same level of cybersecurity protection as IT environments. This includes deploying network segmentation and firewall solutions that are capable of monitoring traffic entering and moving throughout the OT environment and blocking attacks before they threaten vulnerable OT systems.
While deploying robust antivirus solutions on OT endpoints may be the best option for securing them against infection, the limitations of these systems can often make this infeasible. By performing deep packet inspection of all north-south and east-west connections and limiting connectivity between employee workstations and OT systems, a manufacturer can limit cybersecurity threats of malware to OT systems.
IoT Security is Notoriously Bad
As part of the push for increased efficiency and productivity, manufacturers are increasingly deploying Internet of Things (IoT) systems in their OT environments. These IoT devices can closely monitor the operation of OT systems and take action or raise alerts if something goes wrong.
While IoT systems make operations more efficient, they often create new security risks while doing so. IoT devices have notoriously bad security, including the use of weak default passwords, support for insecure protocols such as Telnet, and software containing unpatched vulnerabilities.
These IoT devices can be used as an entry point into a manufacturer’s OT environment and as a platform to monitor OT operations. Alternatively, cybercriminals who gain access to and control over these devices can use them actively as part of attacks by generating faked readings from the devices or using them to spread malware to OT systems.
Addressing the threats associated with IoT devices requires designing security into these systems from the start. IoT devices should have default passwords changed as soon as possible and any unnecessary services disabled if possible. At the network level, IoT devices should be firewalled from the public Internet and have filtering in place that blocks access to these devices from outside the enterprise network and/or from IP addresses not explicitly allowed to access them. By putting these defenses in place, a manufacturer can dramatically increase their cybersecurity and minimize threats associated with deploying IoT devices in their OT environments.
Watch Out for Old Attacks
OT environments are commonly composed of legacy systems that cannot be taken down for regular updates. In the past, these systems were also placed behind air gaps that limited their exposure to external threats.
As a result, manufactures usually have OT systems that lack the patches and security updates required to protect them against cyberattacks that are “obsolete” in IT environments. Cybercriminals often take advantage of this by using legacy malware to attack these systems rather than investing in new or more recent malicious code.
This use of existing, older malware for attacks against OT environments impacts how to approach cybersecurity in manufacturing. OT systems often have limited excess computational power and memory space available, prompting the use of optimization wherever possible. However, attempting to optimize by eliminating signatures of “legacy” threats could leave an OT network blind to the threats that it is most likely to encounter.
Monitor for Third-Party Risk
Many organizations provide external organizations with access to their internal networks. In fact, 94% of organizations grant third parties access to their internal networks. With the growth of Manufacturing as a Service (MaaS), manufacturers are potentially opening up IT and OT infrastructure to a variety of external organizations.
When manufacturers provide external organizations with access to their OT networks, they introduce new cybersecurity risks as well. Cybercriminals are increasingly targeting organizations solely to use their access to partners’ environments to perform attacks.
By offering MaaS, manufacturers open themselves up to this type of cybersecurity attack. Limiting partner access to IT and OT environments is essential to protecting them against this third-party risk.
Securing OT Environments
Manufacturers, and other organizations operating OT systems, face cybersecurity threats that are very different from those targeting IT environments. In IT, security teams have the ability to make rapid updates and risk system downtime, which enables them to more rapidly respond to new types of malware and cybersecurity incidents.
Within OT, a manufactures potential impact of a cybersecurity attack is much greater, and OT systems have a much larger potential attack surface than IT systems. As IT and OT networks converge, manufacturers will be forced to implement new cyber defenses on their systems and deploy network-level security solutions capable of identifying and blocking malware attempting to enter an OT network or spread between infected systems.