The manufacturing sector is renowned for its adoption of cutting-edge technology, continuously delivering new innovations to automate previously manual processes with tools such as smart sensors and robotics. These innovations are driven by bringing operational technology (OT) online and interconnecting IIoT devices, thus converging previously separate IT and OT environments.
OT is powering today’s economy by enabling mission-critical operations on the manufacturing floor, from the formulation of life-saving pharmaceuticals and medical devices to building the next generation of self-driving vehicles. This new era of converged IT and OT environments has yielded impressive results both in terms of efficiency and cost savings, but it is not without risk. Unfortunately, the criticality of OT attracts cyber-criminals, as seen in attacks such as the EKANS ransomware earlier this year. EKANS was designed to target industrial-control systems, especially those used in large-scale manufacturing facilities.
Cyber-criminals are relentless, as shown in a recent study commissioned by Tenable, which found that 65% of organizations experienced a business-impacting cyber-attack within the past 12 months that involved OT assets. To combat this, there are four key factors organizations must consider to help ensure smart and safe manufacturing.
Recognizing OT cyber-risk as business risk
An initial step to quantify cyber-risk is to conduct risk assessments. This includes gaining a thorough understanding of the business impacts that can occur due to a cyber-attack. Cyber-attacks do not occur in vacuums—there are almost always ripple effects. In OT environments, this can manifest throughout the supply chain. For instance, a flawed vehicle could exit the factory floor or an ineffective or dangerous pharmaceutical could leave the production line due to a compromised controller directing a manufacturing tool to perform unauthorized actions. Periodic risk assessments are critical for security teams to reduce downtime and mitigate the potential impact of threats.
Core components of a sound risk assessment include full situational awareness of the manufacturing environment, security-event detection and required improvements. This means reviewing all types of alerts, existing vulnerabilities and vulnerable configurations that may affect overall risk, and driving a thorough analysis of network behavior, asset inventory and risk posture. Once teams complete a risk assessment, results should be communicated to business leaders and other executives in terms of potential monetary and business impacts, should an attack occur. This can help ensure buy-in for any necessary cybersecurity investments, or policy changes to improve security posture.
Know what your operations need
When addressing cyber-risk, recognize that it is not a one-size-fits-all approach. Security teams must understand the environments they operate in to understand the type of security they need. They should look at the number of devices (especially the ones they haven't touched for years), understand the current cyber-health and interconnectivity of their devices, and note whether they often work with third-party partners that have access to their network. Because many OT devices are internet accessible, and devices are increasingly interconnected through IIoT, the worlds of IT and OT are now intertwined.
Today’s attackers can traverse from IT to OT, meaning there are a multitude of potential attack vectors. For example, if a third party unwittingly brings a laptop with malware and connects to OT, it can compromise business operations. For organizations leveraging IT devices in OT neworks, it is critical that devices in both environments are kept secure.
Practice cyber-maintenance
Just as organizations practice regular operational-health monitoring to ensure a long lifespan for devices, cybersecurity should be treated as a pillar of device cyber-health. Solely having an incident-response plan is insufficient. If an attack occurs, an OT asset may break or cause damage to machinery, which can be more costly and cause increased downstream effects than ongoing cyber maintenance. A compromised device not only requires replacement or a fix, but also impacts the production of all of the goods while the asset was compromised. This can directly affect revenue. For this reason, security teams should regularly assess the cyber-health of OT devices to reduce the chances of compromise. This can include quarterly check-ins to benchmark frequency of network-vulnerability assessments and patching against industry peers. Additionally, maintaining optimal cyber-health can involve leveraging a combination of passive monitoring of network activity alongside active querying to ensure devices are operating to standards.
Keep control to prevent attacks
Many organizations leverage cybersecurity solutions to keep visibility, security and control over devices and operations. Merely looking at a network only gives visibility of the propagation of the attack, while device-level visibility enables security teams to see any changes stemming from a potential attack as they happen. It’s important to ensure security teams can attain continuous asset tracking, real-time threat intelligence, detection and mitigation capabilities and recommendations. This level of visibility and control allows teams to jump into action swiftly, should an attack occur and threaten operations.
Manufacturing environments are the backbone of the nation’s economy. Threats to business continuity in the systems that power these mission-critical operations can have widespread fallout, both internally and externally. With the above tactics, security teams can take the appropriate steps to assess security posture, understand and communicate potential business impacts, and actively reduce cyber-risk.
Michael Rothschild is senior director of OT solutions at Tenable