Blog / 8 min read
The rise in connectivity and subsequent reliance on digital systems has contributed to manufacturing industries becoming more desirable targets for cyber threat actors. Specifically, such actors have been increasingly exploiting the interconnected nature of modern manufacturing ecosystems by carrying out cyber attacks against the supply chain. Manufacturers rely heavily on a complex network of suppliers, vendors, partners, and services providers to obtain the resources needed for their operations. If this interconnected supply chain is targeted by cyber attacks, it can lead — and, in recent years, already has led — to a wide range of negative consequences.
Supply chain cyber attacks refer to the compromise of cybersecurity vulnerabilities within an organization’s supply chain network to steal sensitive data, gain unauthorized access, or worse disrupt operations. Supply chain cyber attacks can have rippling effects on the interconnected web of suppliers, vendors, contractors, and partners that an organization relies on to deliver goods and services.
Consequences of such attacks include delays in production processes, which can impact an organization's ability to meet customer demands and fulfill orders. This form of cyber attack can also cause manufacturers to face financial losses, reputational damage, or legal and regulatory consequences regarding data protection, cybersecurity, and privacy. In the worst case scenario, a cyber attack on the supply chain can lead to safety issues including tampering with product design or functionality, contaminated or substandard components, disruption to essential services such as power, water, transportation, and communication, or public safety threats in sectors such as defense or emergency services.
Cybersecurity threats to the supply chain should not be taken lightly, and unfortunately have wreaked havoc globally in recent years. Below, we will discuss some of the major examples of supply chain disruptions and how they have impacted society.
According to PWC’s 2020 Global CEO Study, the number of cyberattacks on manufacturers spiked by more than 300%, accounting for 22% of attacks across all sectors. This rise in manufacturing cyber attacks has been triggered by various factors including the normalization of remote and hybrid working environments, the prevalence of legacy devices and systems, and the escalating availability of ransomware-as-a-service offerings among cyber threat actors, to name a few. These factors have led to detrimental attacks on the manufacturing supply chain, including the following incidents:
The world's largest meat distributor, JBS Foods, was compromised by an "organized cybersecurity attack" which — via ransomware — affected their U.S. and Australian supply chain operations. The incident rippled through the meat industry, causing some plants to shut down, workers to be sent home, and livestock to be sent back to farmers after being transported for slaughter.
The JBS Foods ransomware attack highlighted how cyber threat actors are gaining access to the supply chain and emphasized the need for solutions, prevention strategies, and cyber awareness in this domain. Without the proper OT cybersecurity strategy in place, manufacturers will be more likely to suffer from supply chain attacks much like the high-profile incidents we have seen recently.
The NotPetya ransomware attack took place in 2017, and is still widely regarded as the most damaging cyber attack in history. Although this supply chain attack was intended to target Ukrainian organizations in an effort by Russian military intelligence to cripple Ukrainian critical infrastructure, the self-propagating nature of the ransomware it employed caused it to rapidly spread far beyond such targets.
Indeed, the large multinational firms impacted were numerous, including the shipping company Maersk, which had its entire operations come to a halt and created chaos at ports around the globe. Additionally, the pharmaceutical giant Merck was hit hard by the attack, halting manufacturing, research, and sales — leaving them unable to supply vaccines to the Center for Disease Control and Prevention (CDC). There were also several other large corporations who had their servers down and therefore were left unable to carry out essential services. The downstream disruptions to customers following the attack were also servere, and a conservative estimate implied a $7.3 billion total loss. The incident brought the magnitude of supply chain vulnerabilities to the forefront and highlighted the dire need for critical infrastructure cybersecurity sector-wide.
Recent events have fueled a greater focus on software bills of materials (SBOMs) and their role in assessing risks posed by software vulnerabilities embedded in manufacturers’ supply chains. At its core, an SBOM is a comprehensive inventory of the components and dependencies comprising a software application or system. Since this list of ingredients includes any open-source, third-party, and other components in which the presence of software vulnerabilities would otherwise be exceedingly tough to identify, SBOMs can provide invaluable visibility into supply chain risks.
In fact, as a result of many of the supply chain attacks listed above, amongst others, SBOMs are also becoming an increasingly prominent focal point of the cybersecurity regulatory and policy landscapes. In the U.S., President Biden issued a Cybersecuirty Executive Order on improving the Nation’s cybersecurity. Among the recommendations outlined was a requirement for SBOMs, which is intended to ensure the safety and integrity of software applications used by the federal government. By providing full transparency, SBOMs give organizations better control of their internal systems — allowing you to proactively reduce supply chain risks and mitigate attacks. With the maintenance of SBOMs and by implementing the following principles for securing CPS, your organization will be one step closer to achieving resilience throughout your entire environment.
Mitigating cyber attacks to the supply chain requires a proactive and comprehensive approach that involves collaboration between manufacturers, their suppliers and distributors, and all other upstream and downstream partner organizations. It also requires a cyber-physical systems (CPS) security vendor who can help these organizations implement the right security measures to protect their critical assets. Organizations can get started on their journey to achieving cyber and operational resilience of their supply chains by adhering to the following key principles:
A comprehensive inventory of all OT, IoT, IIoT, and BMS assets — and all other CPS — that underpin your manufacturing environment is the foundation of effective supply chain cybersecurity. However, gaining this visibility is one of the most fundamentally important yet challenging tasks facing security and risk leaders today. This is largely because CPS assets in manufacturing environments typically use proprietary protocols that are incompatible with, and therefore invisible to, generalized security tools.
These environments also typically encompass a diverse mix of new and legacy devices that communicate and operate in different ways, making it even more difficult to answer the question of what devices are in the environment. Further complicating matters is the fact that there is no one-size-fits all path to asset discovery. Every manufacturing environment is unique, and most contain complexities that render certain asset discovery methods ineffective. This is why Claroty offers multiple, highly flexible discovery methods that can be mixed and matched to deliver full visibility in the manner best suited to your organizations distinct needs.
Like we mentioned, most CPS use proprietary protocols and legacy systems that are simply incompatible with traditional IT solutions — but that doesn’t mean they have no place in OT. Rather than expanding your already-extensive tech stack, Claroty integrates with them. By integrating your tech stack with a purpose-built OT security solution, manufacturing organizations can safely uncover risk blindspots without endangering operations. This strategy will help manufacturers take control of their risk environment and create further visibility across traditionally siloed teams and help protect the supply chain.
Similarly, Claroty’s new vulnerability and risk management (VRM) capabilities allow organizations to upload their existing SBOMs, view relevant SBOMs from their peers, and be a basis for future SBOM workflow capabilities. As recent regulatory developments have made it clear that transparency into SBOMs is key to understanding potential risks due to embedded vulnerabilities from vendors’ supply chains, Claroty understands the need for organizations to integrate their existing workflows and further contextualize their risk posture.
Unlike their IT counterparts, most OT environments in the manufacturing sector lack essential cybersecurity controls and consistent governance. That’s because the legacy systems in many manufacturing environments were built with a focus on functionality and operational reliability, rather than security, as these systems were not initially intended to be connected to the internet. Claroty eliminates this gap by extending your IT controls to OT — unifying your security governance to protect the supply chain and driving all use cases on your journey to cyber and operational resilience.
As we’ve seen, there is a crucial need for manufacturing organizations to mitigate supply chain risks as operations become more interconnected and threat actors become more brazen in their attacks. With the potential to ripple far beyond the immediate target — and affect organizations, economies, and even public safety — the impact of supply chain disruptions can be profound. Manufacturing organizations must recognize these far-reaching implications and understand that their cybersecurity posture is only as strong as the weakest link in their supply chain. By implementing the above three principles for securing OT, and by partnering with a purpose-built CPS security solution, like Claroty, manufacturing organizations can navigate the evolving threat landscape and protect themselves against the potentially devastating consequences of supply chain cyber attacks.