Blog / 6 min read
Manufacturing is a broad sector that encompasses the automotive, aerospace and defense, chemical, food and beverage, pharmaceutical, and medical device industries, among many others. These enterprises bring a plethora of benefits to society including contribution to economic growth, technological advancement, job creation, and the provision of essential goods and services. However, in recent years, manufacturers have been plagued by cyber attacks that exploit weaknesses inherent to the increasing (and otherwise-beneficial) interconnectivity of the information technology (IT) and operational technology (OT) environments that underpin their operations. In order to continue embracing this type of connectivity without worsening their exposure to cyber risks, manufacturers require a comprehensive cybersecurity strategy.
Key insights and considerations for implementing such a strategy are as follows.
Technological advancements such as automation and the integration of IoT devices and other cyber-physical systems (CPS) throughout processing, production, packaging, and other essential operations are revolutionizing manufacturing. With these advancements, the sector is now more connected than ever before — which is also why manufacturing cybersecurity is now more important than ever before. The ultimate goal of a manufacturing cybersecurity strategy is to protect the CPS on which production availability, integrity, and safety rely.
Achieving that goal requires manufacturers to embrace an approach that extends beyond traditional IT security solutions and principles. As ransomware infections continue to halt assembly lines, rogue insiders remotely alter configurations to compromise production, and other types of attacks that exploit security weaknesses in CPS persist, manufacturers must adopt security principles that are purpose-buit for CPS. Before we jump into what they are, we first need to examine the cybersecurity challenges that those principles will address.
Many of the OT assets that manufacturers rely on today were implemented decades ago — long before internet connectivity was standard in OT environments. No connectivity meant that these assets initially had no exposure to cyber risks and no need for cybersecurity controls. And, because manufacturers’ profits have always been tied to uptime, software patches for many of those decades-old assets have since been applied very infrequently, if ever. After all, patching requires downtime, downtime hinders productivity, and productivity underpins profits. As such, it remains commonplace for even the most successful manufacturers’ OT environments to comprise unsecured assets with unpatched legacy systems laden with vulnerabilities that cyber threat actors have already demonstrated their ability and desire to weaponize.
Both legacy OT assets and other, modern types of CPS typically use proprietary protocols that are incompatible with traditional IT security tools. Many such tools also consume far more resources and/or generate far more traffic than would enable them to be deployed on most CPS without the risk of disrupting the critical-yet-delicate physical processes they support. These compatibility issues also extend to standard inventory and asset management solutions, which is largely why simply discovering — much less protecting — the CPS comprising
their OT environment is a key cybersecurity challenge for manufacturers across sectors.
Most manufacturers rely on remote access to enable internal and third-party personnel to maintain the CPS in their OT environments. Traditional IT solutions like VPNs and jump servers are most commonly used for this — but unfortunately, such solutions tend to he highly risky and inefficient because they don’t account for the unique security and operational needs of OT. According to Galina Antova, co-founder of Claroty, “A top threat vector for targeted attacks on OT systems is individuals who have access directly through OT networks…Traditionally, OT engineers in many cases have shared admin access since they might need access to the process immediately. That practice is that much more challenging at a time when many of them are logging into OT environments remotely.” As manufacturers continue to depend on OT remote access, they must recognize that adversaries will likely continue seeking to exploit the threat vectors that common solutions for it often create.
In recent years, ransomware incidents have plagued the manufacturing sector with attacks halting assembly lines and exploiting weaknesses in the CPS in which the availability, integrity, and safety of automotive manufacturing rely on. Since most manufacturers are part of complex supply chains, a ransomware attack on one company within the supply chain can have a ripple effect — impacting other manufacturers, distributors, retailers, and even consumers downstream. Aside from data and intellectual property loss, reputational damage, and regulatory compliance issues, ransomware attacks can also have safety implications. If an attack affects an industrial control system (ICS) or safety-critical process within the OT environment, it may impact employee safety and cause physical harm.
In order to address the above challenges posed to manufacturers’ OT environments and ensure your organization is protected from new and emerging cyber threats, it is important to adhere to the following three key principles that are purpose-built for securing CPS:
A comprehensive inventory of all OT, IoT, IIoT, and BMS assets — and all other CPS — that underpin your OT environment across each manufacturing plant is the foundation of effective industrial cybersecurity. However, gaining this visibility is one of the most important yet challenging tasks facing security and risk leaders today. This is why Claroty offers multiple, highly flexible discovery methods that can be mixed and matched to deliver full visibility in the manner best suited to your organizations distinct needs.
While we discussed above that most CPS are simply incompatible with traditional IT solutions — that doesn’t mean that such solutions have no place in OT. Rather than expanding your already-extensive tech stack, Claroty integrates with it, enabling you to safely uncover risk blindspots without endangering operations. This strategy will help manufacturers to take control of your risk environment and create further visibility across traditionally siloed teams by simply extending existing tools and workflows from IT to OT.
Unlike their IT counterparts, most OT environments in the manufacturing sector lack essential cybersecurity controls and consistent governance. Again, that’s because the legacy systems in many OT environments were built with a focus on functionality and operational reliability, rather than security, as these systems were not initially intended to be connected to the internet. Claroty eliminates this gap by extending your IT controls to OT — unifying your security governance and driving all use cases on your journey to cyber and operational resilience.
Manufacturing industries are the heart of the global economy, playing an integral role in job creation, technological advancement, infrastructure development, international trade, and more. As the industrial internet of things (IIoT), automation, and advanced analytics continue to pave the way for smarter, more efficient production processes, we have seen the benefits digital transformation can provide. However, the integration of digital technologies has also led to an expanded attack surface for threat actors, and caused more challenges for manufacturing organizations to contend with. In response, it is vital for organizations to understand these threats, implement cybersecurity best practices, and utilize a CPS protection platform — like Claroty — to build a robust cybersecurity posture and to support all use cases across their security journey.