Manufacturers face threats such as ransomware, IoT exploits, supply chain attacks and DDoS. To mitigate these threats, manufacturers should implement segmentation and privileged access management. |
- Threats That Affect The Manufacturing Sector
From a cybersecurity point of view, 2021 has been a turbulent year in the U.S. manufacturing sector. Besides dealing with the pandemic and related supply chain woes, malicious actors are showing a talent for more powerful and sophisticated cyberattacks. And they’re aiming those talents at U.S. manufacturers. Written for all levels of IT decision-makers, this report:
- Profiles different cyberthreats and solutions that play a role in manufacturing production.
- Provides current, cybersecurity-related regulatory trends.
- Summarises the value of cyberthreat-related damage to manufacturing operations.
Table of Contents
Current Cyberthreats to Manufacturing Operations
In 2022, cybersecurity analysts report a continued progression of more powerful and damaging cyberattacks. Earlier predictions of more sophisticated multi-stage events that compromise process data integrity have already occurred. Now, analysts predict greater damage to production systems and attempts to disable or remove process protection and safety systems within ICS networks.
Manufacturing Cybersecurity Trends
By May 2021, attacks on the manufacturing sector had increased by 300% in the previous year. Once the eighth-most attacked sector, manufacturing moved to the unenviable top spot last year. What makes manufacturers a prime target for cyberattacks, and why now? Analysts cite:
- Large, complex interconnected operations, which present malicious actors with an enticing attack surface. The merger of IT and OT and the move to “connected everything” provided countless opportunities for attackers to exploit system weaknesses.
- A shortage of security specialists, which makes it difficult to keep pace with changing tactics.
- Large networks of aging machines and legacy IT.
- A culture not attuned to a network security consciousness, coupled to the belief that manufacturers didn’t have much to offer cyberattackers.
A 2021 Gartner report describing OT cybersecurity provides these trends:
By 2025, 75 percent of OT security solutions will be delivered via multifunction platforms interoperable with IT security solutions.
The OT security market continues to change rapidly. The traditional OT security market emphasised products focused on legacy industrial platforms and operations-only networks and firewalls. As OT -IT systems merge, and newly designed cybersecurity-related products are deployed, OT-related management, governance, infrastructure, and security capabilities will change, too.
But why manufacturing systems? What makes them especially juicy targets to malicious actors?
Why Production Systems are Vulnerable—and Why It Matters
There’s a reason industrial control systems (ICS) are becoming prime targets for cyberattacks. They are painfully vulnerable to attack. ICS vulnerabilities occur when:
- Malicious software and actors can move between IT and OT systems.
- Default configurations of ICS devices are easy to hack.
- ICS protocols are not built for security.
- Employees who operate ICS lack security awareness, the understanding of how operator habits and practices contribute to attacks.
However, what really matters to manufacturers is the effects that cyberthreats have on the business.
Business Impacts
These vulnerabilities leave a long list of business impacts on manufacturing organisations. Some damages might be difficult to recover from; others can kill a business outright. These damages include:
Financial losses: valuable customer or business information extorted with ransomware or stolen and sold on the Dark Web or other markets.
Loss of competitiveness: Patents, technological innovations, and process information stolen and sold to competitors or directly on the Dark Web.
Business disruptions: value of productivity and downtime (lost revenue), damage to company reputations and relationships with partners and suppliers, and damage to other companies. And there’s always the matter of shareholder displeasure.
These unpleasant effects of cyberattacks take many forms, some unique to the manufacturing sector.
2022 Cyberthreat Lineup: Biggest Challenges to Manufacturers
In 2021, the most frequent cyberattacks against manufacturers included familiar exploits, which in manufacturing environments can take on a new twist.
Targeted Ransomware
In this exploit, attackers use different tactics to extort victims into paying a ransom for their information assets, which cybercrooks encrypt until they are paid. Today’s attack professionals use second-generation, remotely operated ransomware. They dig deeply into target company networks and encrypt the most valuable machines they can find. Then, they demand high-price ransoms to release the entire network.
Targeted ransomware tactics use ICS-centered exploits, which include:
- Indirect ICS attacks: In this attack, a sophisticated threat actor embeds a remote access trojan (RAT) in a software update of a vendor’s management server software. Threat actors take control of the management server and use the management system to install ransomware on all managed ICS components throughout a targeted enterprise.
- IIoT ransomware: An attacker compromises the IT system of a poorly-defended IIoT cloud services vendor, whose cloud-connected ICS are essential to continuous operation of a given class of industrial process. After gaining control of the vendor’s firmware update process, thousands of control system IIoT devices and systems in the target (customer) infrastructure are disabled and no longer respond to firmware update attempts. Hundreds of production sites can be shut down, and incident response teams are overwhelmed—until payment is made.
Ransomware is the most frequent threat to manufacturers but not the only one.
IIoT device attacks
As in other aspects of manufacturing IT, greater process efficiency achieved via IIoT devices also introduces greater cybersecurity risk to business and production systems.
The IIoT manufacturing environment can create threats ranging from leaking information that’s essential to how a product is manufactured to damage to industrial control systems. IIoT devices enable data breaches and device spoofing exploits on the IT side of manufacturing businesses. However, there are OT-side, IIoT-related cyberthreats, too. These include:
Device hijacking: In which a malicious actor takes control of an IIoT endpoint device or sensor, often without the owner being aware of a security risk.
Device theft: This exploit becomes a concern when physical IIoT devices in the field store important operations information, such as system behavior and regulation data.
Device spoofing: A variant of a man-in-the-middle exploit. In these attacks, malicious actors place themselves between the IIoT endpoint device and the centralised network or cloud, pretending to be the device. This situation is potentially damaging, especially if the traffic coming from an IIoT endpoint device is used to change production information or control a product in the field.
Server access attacks
Long familiar to e-commerce businesses worldwide, denial of service and other server access exploits have expanded their reach to manufacturing venues everywhere. In a distributed denial of service (DDoS) attack, target servers are overwhelmed with fake connection requests, forcing them offline. DDoS exploits enable attackers to penetrate deeply into the target infrastructure—manufacturing production systems.
Recent research indicates that the biggest DDoS risks to manufacturing ops came from production line failure during production and disrupted communications between OT control systems and IIoT devices.
Supply chain attacks
Supply chain attacks target an organisation’s less-secure vendors or supply chain partners to get access to valuable or sensitive information. But these attacks can also disrupt internal control and production systems of target manufacturers.
In these exploits, attackers use a poorly defended vendor to gain access to the target business. With access assured, malicious actors can roam IT and OT systems at will.
What cyberthreat scenarios tell us
Corporations connected OT systems into the traditional enterprise IT infrastructure to achieve operational processes that run more efficiently and cost-effectively. Greater IT-OT connectivity offers the promise cloud-based services that enable these benefits. But greater connectivity also exposes facility attack surfaces to increasingly sophisticated, powerful cyberattacks.
You can protect your company from cybercrime with a proactive approach that focuses on prevention. Going through cyberthreat descriptions and reading their prevention measures enable us to identify the assets, skills, and practices that help to reduce the risk of cyberattacks.
Cybersecurity Regulation in the Manufacturing Sector
Cyberattacks continue to pound manufacturing IT and OT systems with increasing power, variety, and sophistication. Given higher cybersecurity risk and supply chain-related pressure, manufacturers have plenty to worry about.
With concern growing for safety and operations continuity of utilities and other industrial activities, industry-leading industrial organisations have been working together to address security challenges.
Fifty companies and organisations have come together to form the ISA Global Cybersecurity Alliance. Part of the International Society of Automation (ISA), members hope to speed up and expand use of ISA/IEC 62443. These industry standards were created to provide technical specifications and procedures that guide businesses to protect their organisations via cybersecurity.
However, problems remain: A 2021 Security Magazine article highlights five limiting factors to implementing standards-based cybersecurity. These include:
Evolving IIoT technology: Continued advances in IIoT technology provide an ever-increasing attack surface for cyberattacks. This rapid evolution of technology makes it increasingly difficult to write standards that keep up with technical changes.
Need for a broader focus: Regulatory efforts tend to focus primarily on IT and IoT devices, to the neglect of challenges posed by the IIoT environment. There’s a chance that in the pursuit of correcting device-level problems, regulators will miss big-picture issues.
Legacy systems: In difficult-to-maintain legacy systems, IIoT technologies have unique traits, which present significant economic and technical challenges to securing IIoT infrastructures. And for many devices, managing end-point security is a growing problem.
Multi-vendor projects: More and more IT and OT implementations require multi-vendor projects. Multiple vendors, however, often introduce security risks and challenges to many products.
Gaps in cybersecurity skills: As engineers and security specialists age and retire, they leave gaps in the security workforce. The result: it’s increasingly difficult for companies to maintain consistent security practices, especially without standardised certifications.
Although cybersecurity regulations are wildly inconsistent, there is progress to report.
Cybersecurity Solutions: Capabilities and Prevention
When it’s time to buy or update cybersecurity software, tools, or practices, it’s time to consider capabilities that help your IT or security team reduce cybersecurity risk. Here are some considerations when it’s time to secure your information and manufacturing operations.
Global Internet Environment
The Industrial Internet of Things (IIoT) is the global web of 14 billion internet-connected devices and sensors, many of which operate on manufacturing shop floors. In the past 20 years, corporations connected OT systems into the traditional enterprise IT infrastructure. This merger enables computer-controlled manufacturing to deliver workflows that run more safely and quickly at lower costs than were previously possible.
IIoT devices are important because they support automated operations. Smart factory OT includes PLCs, IIoT devices, distributed control systems, and embedded systems. Collectively, these systems can multiply a factory’s efficiency—and the risk of potential cyber threats.
Here are the profiles of cyberthreats that left their mark on manufacturing operations in 2021.
Confronting Ransomware Exploits
So far, there’s no silver bullet cure-all solution to ransomware. Theat’s because the biggest weakness in the ransomware process is the human element. Often, employees expose the system to attack by clicking on a phishing exploit or failing to secure web applications or IIoT devices that connect to the ICS. Multi-layer defense. The solutions that experts propose focus on prevention. Because ransomware attacks often begin with phishing, preventive email security measures should be a focal point of any digital security campaign. Consider:
- Building a strong phishing exploit defense by using standard email security, data backup, and rapid user response best practices.
- Using a machine-learning platform to track user behavior and identify potential threats. With these two strategies operating simultaneously, you should block most phishing emails before they bring disaster to your company.
Then, to prevent attacks that use application-layer exploits, consider using:
- Privileged access management (PAM) measures to protect access to your applications.
- Network segmentation measures to prevent malicious actors from moving laterally throughout your network.
- Automated processes to accelerate your defense response.
- Ransomware might be the exploit used most often by attackers, but it’s not the only one.
Confronting IIoT Device Exploits
In OT operations, IIoT security solutions require initial planning steps, which include:
- Performing a cybersecurity maturity assessment: A cybersecurity assessment model provides a path forward and helps organisations to better understand where they are along the security development path. Although the Cybersecurity Capability Maturity Model (C2M2) and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) are recommended, others are available, too.
- Prioritising actions based on the risk profile: Identify risks by using CSRF Analysis (Cybersecurity Risk Framework) and prioritise them according to your organisation’s business goals.
- Buying devices with built-in security: The phenomenal growth of IIoT device adoption caught device manufacturers and regulators by surprise—it’s hard for standards writers to keep up with relevant capabilities in current IIoT device requirements. However, a long list of capabilities are included in any discussion of built-in security capabilities. These include multi-defense layers, automated security patching, a unique hardware identity, and many other capabilities. (You can find a complete list and discussion here.)
Confronting Supply Chain Attacks
The role that vendors play in manufacturing OT security is more important than ever. That’s because all supply chain attacks with theft or a mistake in human judgment. Malicious actors can get hold of a manufacturers access information the old-fashioned way—by stealing it. Or a manufacturer can unwittingly give the information to the vendor, who uses the information unethically to divert damaging commands to an OT system.
As in other threats, the best solution to supply chain attacks is prevention. So, manufacturers should choose and work with vendors carefully and keep these suggestions in mind:
- Choose vendors carefully: The information that manufacturers share with industry partners or providers can be a system vulnerability.
- Be careful with the financial and operational information you share with collaborators: Provide sensitive information on a strict need-to-know basis data being used to access private networks and steal information. And block or limit access to accounts that store patents, intellectual property, or information with financial value.
- Know who your collaborators are: Consider background checks to determine their trustworthiness and history of dealing with customers and clients.
Confronting Server Access Exploits
Denial of service and other server access exploits are examples of attack technologies evolving into even more powerful tools. DDoS attack tactics have been around since 2000, but they’re changing. Recently, hackers have been amplifying standard access denial capabilities, enabling attackers to turn small queries into large, powerful resource-hogging exploits.
There are two parts to effective DDoS solutions: Apply multi-layer security solutions and carefully monitor all industrial control system activities. The good news is effective defenses against DDoS attacks are available. Because the best way to fight a DDoS attack is to prevent it, consider these resources in plans for future security improvements:
- Using scrubbing services.
- Increasing available bandwidth during attacks
- Using a content delivery network (CDN).
- Having an established, detailed response plan to stop attacks and mitigate their consequences.
These are the changes to consider when manufacturers build, update, and strengthen the OT side of their cybersecurity readiness.
Conclusions
When you update your security infrastructure’s capabilities, remember that upgrading IT alone won’t deliver the protection you’re looking for. Manufacturing environments include many processes that enable and support manufacturing functions. So, expand your security outlook:
- Update your security-related practices and management methods by developing a security maturity model.
- Assess the possible effects of IIoT limiting factors in your OT operations described earlier in this article.
- Identify the time and other resources needed to protect your organisation from target ransomware, IIoT device, supply chain, and DDoS attacks.
- Prioritise internal OT security improvements by using your organisation’s business goals.
- Compare cybersecurity vendors carefully based on alignment with your specific requirements.