Operational technology for manufacturing is vulnerable to cyber attacks: what defences can manufacturing facilities muster to safeguard their infrastructure?
Lately, manufacturing cyber security seems to be one bit of bad news after another. This April, cyber security authorities sounded the alarm on the newly-discovered Pipedream malware toolkit, which targets programmable logic controllers (PLCs) manufactured by Omron and Schneider Electric.
Fortunately, the malware has not yet been deployed—but given Pipedream’s versatility and the innumerable PLCs embedded in heavy industry machinery, billions of dollars in damage may result if it’s ever set loose. Lost data is just the tip of the iceberg; think of plant shutdowns, chemical leaks, even explosions.
A 2021 NTT report found that attacks on the industry had increased by 300% in the previous year; in the Asia-Pacific region (APAC), 22% of all attacks were inflicted on manufacturing targets. A Marsh McLennan review also found that APAC organisations are 80% more likely than the global average to be the target of a cyber attack.
This state of play is a far cry from pre-Industry 4.0 days, when manufacturing companies were isolated from the wider Internet and practically immune from cyber attacks.
However, adapting to Industry 4.0 standards calls for connectivity on multiple levels, with complex, connected industrial control systems (ICS) controlling a wide variety of complicated manufacturing processes. The Industrial Internet of Things (IIoT) and autonomous robots, among other things, simply won’t work without high-bandwidth connections.
This has blurred the lines between information technology (IT) and operational technology (OT). Where IT systems were concerned with data, OT devices controlled physical operations in a manufacturing facility, with a clear division between the two. That’s no longer true today: as the panic over Pipedream shows, OT components like PLCs are now irreversibly connected to the Internet—and thus vulnerable to exploits.
Increasing integration of hardware and software with network connectivity has been a double-edged sword for the manufacturing industry. While Industry 4.0 has led to jumps in productivity and efficiency, it’s also highlighted how OT systems are way behind the curve in terms of cyber security.
For starters, the long life-cycle of OT systems, along with its differences in system design, increase its vulnerability to novel attacks. OT systems are optimised to execute an industrial process repetitively without fail over millions of cycles; thus, updates are rare, with operators unlikely to implement any new patches or upgrades for fear of costly consequences on the entire OT system.
Also, OT systems’ design and network protocols are still quite different from their IT network counterparts, so any cyber security products or processes cannot be seamlessly transferred from IT to OT, or expected to work well at all.
OT also suffers from a series of inherent cyber security gaps, which criminals are gleefully seizing on to wreak havoc.
Limited in-house security staff and know-how. In the face of increased demand for OT cyber security expertise, companies are also realising that there’s not enough talent to go around. (ISC)²’s annual Cybersecurity Workforce Study found that APAC suffered from a cyber security workforce gap of 1.42 million, the largest of any region in the world.
The vast array of vulnerabilities through IT-OT gaps have put manufacturing facilities in the cyber security crossfire. Hackers are now eagerly raiding the manufacturing sector for valuable intellectual property, holding firms for ransomware, or simply wreaking havoc in the service of transnational cyber-warfare.
Addressing these manufacturing cyber security weak points calls for a holistic approach that uses countermeasures arranged in layers, a concept called “Defence in Depth”. A defence in depth approach aggregates a series of cyber security defences into a single flexible framework for improving cyber security for manufacturing control systems, minimising the potential weak points between IT and OT.
The components of the defence may consist of the following:
In this approach, the OT network is divided into zones and connections called micro-segments. Any communications between micro-segments must be constantly monitored and analysed, with an OT firewall barring access to malware or attacks.
Any cyber attackers that get into one component of the ICS network will be isolated from other parts of the network, reducing the likelihood of their securing unhampered access to the entire network. This approach helps secure the OT network without compromising network performance.
A common issue with older OT-based machinery is their absence of endpoint security functions, which IT systems already take for granted. Manufacturing companies should consider "add-on" measures that are compatible with those older systems, giving them the devices/endpoint protection they sorely need.
This approach dangles a low-hanging fruit to exploits that manage to make it through conventional defence lines. The system lays out “honeypots” at different levels, creating fake “vulnerabilities” that attract attacks.
Any threats “caught” in this manner are directed into a sandbox network isolated from the real network, where they can do no damage but can provide useful information about their operations. The “honeypot” approach is particularly valuable for “zero-day” attacks with no known defences.
This approach was tested in a 2019 Trend Micro experiment that created a fake factory honeypot. Some of the exploits it trapped included a malicious cryptocurrency mining campaign, two ransomware attacks, and several scanners.
Given the complexity of the cyber security challenge facing OT system operators, the management of a facility’s security operations should converge at a central point. Managed cyber security services like SOCs help companies conserve internal resources, and draw on the experience of a third-party service provider to make up for infrastructure and expertise that they may not be able to secure on their own.
Companies can’t afford to ignore the opportunities in building “smart” manufacturing facilities. A McKinsey study found that ASEAN nations will experience a positive economic impact from Industry 4.0 to the tune of up to US$627 billion. The same study found that predictive maintenance alone will result in up to 40% reduction in costs and up to 50% reduction in equipment downtime by 2025.
In the near term, the cyber security gaps between IT and OT networks can be taxing to deal with, for companies that lack sufficient resources to face the issue.
Luckily, third-party partners like T-Systems can help make up for staffing, resource, and experience shortfalls—helping address visibility issues with evaluation services based on Common Criteria; and providing a holistic view the of threat landscape and an immediate response with their Integrated SOC for IT/OT systems (Magenta).
Take advantage of Industry 4.0 opportunities without fear. Speak to us today to find out how T-Systems can seal the weak spots in your manufacturing cyber security.
