Securing manufacturing operations: Why zero trust at the PLC level is critical
The manufacturing floor is complex, with many moving parts, both metaphorically and literally. Multiple teams work together to keep operations running smoothly, from engineers working the factory floor to external contractors conducting maintenance. This interconnected landscape can make it difficult to maintain control and visibility into who is accessing what and when. Now it is more important than ever to implement zero-trust principles, especially at the programmable logic controller (PLC) level.
PLCs sit at the heart of most factory floors, directly commanding machinery’s physical processes. Unauthorized changes, entries, or actions made to PLC programs create significant risk of operational disruptions, safety incidents, or even release of hazardous materials.
See also: Cybersecurity: ‘Largest obstacle to adoption of smart manufacturing technologies’
Additionally, with the rise of digitization initiatives within Industry 4.0, manufacturers are adding more networked devices and implementing greater connectivity between IT and OT systems. The expanded “attack surface” provides more opportunities for both insiders and external threat actors to manipulate control systems. For example, in 2022, IBM reported manufacturing companies are the most targeted sector in the OT industry, by a whopping 41%.
Yet many factories still operate with outdated security models based on implicit trust. PLC programming software is installed on engineering workstations with broad, shared access credentials. External vendors routinely gain admin privileges for maintenance and troubleshooting. Under these conditions, visibility is severely limited into who changes what, when, and why.
The core concept is zero trust, which means users and devices should not be trusted by default, even if they are connected to permitted networks or if the users have already been authenticated on other parts of the network.
Implementing zero-trust practices at the PLC level means:
- Requiring authentication of all engineers and third-party vendors before authorizing any PLC program changes.
- Enforcing least privilege policies so users only access the specific PLCs required for their roles.
- Logging and auditing all PLC program activity for security and compliance purposes.
- Preventing unauthorized changes to PLC programs in real-time.
- Protecting PLC integrity both while connected to networks and offline.
- Accelerating investigations with detailed logs of all PLC control system activities.
- Avoiding impacting engineer productivity or process workflows.
Zero-trust PLC solutions provide industrial sites with a foundational layer of cyber resilience to detect and prevent the rising threats targeting operational technology.
Mitigating and managing third-party risk
Many manufacturers’ security infrastructures leverage AI tools and machine learning to find anomalies. However, one of the most challenging risks to mitigate is insider activities—even if they are “outside” contractors or vendors—who may abuse entrusted access, whether intentionally or unintentionally. As they are “trusted” insiders, none of their activities are considered anomalies.
A single unsecured device or worker account is all it takes for an insider threat to materialize, whether through intentional malicious actions or accidental mistakes. Insider attackers often already understand where valuable information resides and know what normal authorized activities look like. This makes their unauthorized actions difficult to detect. Preventing wider access or disruption is key. Under traditional industrial security models, operators function with a wide latitude and little oversight once granted access.
See also: Clorox cyberattack to cost up to $593 million
This is especially applicable to third-party risks such as contractors. Teams of contractors may descend onto plant floors for weeks at a time for major maintenance or construction projects, which is particularly common with PLCs.
Without device-level protection, manufacturers are left blind to what changes may have been made. Zero-trust at the PLC level enables contractors to seamlessly perform required tasks through clearly defined permissions while restricting access to sensitive control systems.
Implementation of zero-trust policies at the device level closes the gap by requiring continuous verification of identity, authorization, and context before permitting any control system changes. Multi-factor authentication prevents stolen credentials misuse. Granular access policies limit users to specific PLCs and functions based on assigned roles.
Identity credentials can be issued to grant access only to designated PLCs for certain functions like troubleshooting. All actions are logged in detail for auditing against the terms of the contract. Attempts to operate outside of permitted parameters are automatically blocked.
With real-time monitoring, preventative controls, and greater oversight of third-party engagements in place, manufacturers can mitigate threats from both inadvertent mistakes and malicious actions by employees or external teams. This saves production loss and assures that external vendors will not introduce unexpected risks to plant operations.
Achieving holistic control system protection
While implementing cybersecurity solutions on the network level is a labor-intensive process and may interfere with production, implementing zero-trust on the device level can be done quickly, with almost no disruption.
As manufacturers weigh investments in new security tools, zero-trust PLC protection must be prioritized based on the criticality of potential impacts. Once zero-trust PLC is implemented, the floor control systems are fully secure, allowing the manufacturer to implement security across the rest of the production networks.
The operational integrity of the plant floor ultimately depends on the integrity of its underlying PLCs. By adopting a zero-trust approach, industrial sites can securely embrace the benefits of connectivity and digitalization without increasing their attack surface, continuing secure production without disruption.