Factory workers working with adept robotic arm in a workshop

Cyber attacks in manufacturing - hackers know your weak spots, do you?

How proactive defence strategies can destroy cyber attacks and seal manufacturing cyber security gaps

12 May 2022

Operational technology for manufacturing is vulnerable to cyber attacks: what defences can manufacturing facilities muster to safeguard their infrastructure?

Introduction: overview of cyber attacks on manufacturing

Worker in safety work wear with yellow helmet and ear muff using laptop in factory

Lately, manufacturing cyber security seems to be one bit of bad news after another. This April, cyber security authorities sounded the alarm on the newly-discovered Pipedream malware toolkit, which targets programmable logic controllers (PLCs) manufactured by Omron and Schneider Electric. 

Fortunately, the malware has not yet been deployed—but given Pipedream’s versatility and the innumerable PLCs embedded in heavy industry machinery, billions of dollars in damage may result if it’s ever set loose. Lost data is just the tip of the iceberg; think of plant shutdowns, chemical leaks, even explosions.   

 A 2021 NTT report found that attacks on the industry had increased by 300% in the previous year; in the Asia-Pacific region (APAC), 22% of all attacks were inflicted on manufacturing targets.  A Marsh McLennan review also found that APAC organisations are 80% more likely than the global average to be the target of a cyber attack. 

IT-OT convergence: a double-edged sword

Worker frustrated and confused by WannaCry ransomware attack on desktop screen

This state of play is a far cry from pre-Industry 4.0 days, when manufacturing companies were isolated from the wider Internet and practically immune from cyber attacks. 

However, adapting to Industry 4.0 standards calls for connectivity on multiple levels, with complex, connected industrial control systems (ICS) controlling a wide variety of complicated manufacturing processes. The Industrial Internet of Things (IIoT) and autonomous robots, among other things, simply won’t work without high-bandwidth connections. 

This has blurred the lines between information technology (IT) and operational technology (OT). Where IT systems were concerned with data, OT devices controlled physical operations in a manufacturing facility, with a clear division between the two. That’s no longer true today: as the panic over Pipedream shows, OT components like PLCs are now irreversibly connected to the Internet—and thus vulnerable to exploits. 

Increasing integration of hardware and software with network connectivity has been a double-edged sword for the manufacturing industry. While Industry 4.0 has led to jumps in productivity and efficiency, it’s also highlighted how OT systems are way behind the curve in terms of cyber security.

Hackers exploiting gaps between IT and OT

engineer with laptop in a factory, working

For starters, the long life-cycle of OT systems, along with its differences in system design,  increase its vulnerability to novel attacks. OT systems are optimised to execute an industrial process repetitively without fail over millions of cycles; thus, updates are rare, with operators unlikely to implement any new patches or upgrades for fear of costly consequences on the entire OT system.

Also, OT systems’ design and network protocols are still quite different from their IT network counterparts, so any cyber security products or processes cannot be seamlessly transferred from IT to OT, or expected to work well at all.

Cyber security in two-step verification

OT also suffers from a series of inherent cyber security gaps, which criminals are gleefully seizing on to wreak havoc. 

  • Wide attack surface area. Today’s factories use a wide variety of software-managed, specialised equipment—and the ensuing complexity is difficult to keep tabs on. 51% of respondents to an MIT/Palo Alto survey reported experiencing a cyberattack originating from a digital asset they didn’t know about or didn’t manage.
  • Supply chain vulnerability. Widely-distributed, complex manufacturing lines rely on a series of connected components, and some have weaker cyber security than others. Whether it’s an unsecured server or a careless third-party supplier, these weak links are tempting targets for supply chain attacks—46% of respondents in an APAC Barracuda study cited supply chain attacks as their top application security challenge. 
  • Limited in-house security staff and know-how. In the face of increased demand for OT cyber security expertise, companies are also realising that there’s not enough talent to go around. (ISC)²’s annual Cybersecurity Workforce Study found that APAC suffered from a cyber security workforce gap of 1.42 million, the largest of any region in the world. 

The vast array of vulnerabilities through IT-OT gaps have put manufacturing facilities in the cyber security crossfire. Hackers are now eagerly raiding the manufacturing sector for valuable intellectual property, holding firms for ransomware, or simply wreaking havoc in the service of transnational cyber-warfare.

Fixing the gaps in IT-OT convergence

Engineer working at control room, Thailand

Addressing these manufacturing cyber security weak points calls for a holistic approach that uses countermeasures arranged in layers, a concept called “Defence in Depth”. A defence in depth approach aggregates a series of cyber security defences into a single flexible framework for improving cyber security for manufacturing control systems, minimising the potential weak points between IT and OT. 

The components of the defence may consist of the following:

Network and device segmentation

In this approach, the OT network is divided into zones and connections called micro-segments. Any communications between micro-segments must be constantly monitored and analysed, with an OT firewall barring access to malware or attacks. 

Any cyber attackers that get into one component of the ICS network will be isolated from other parts of the network, reducing the likelihood of their securing unhampered access to the entire network. This approach helps secure the OT network without compromising network performance. 

Endpoint protection

A common issue with older OT-based machinery is their absence of endpoint security functions, which IT systems already take for granted. Manufacturing companies should consider "add-on" measures that are compatible with those older systems, giving them the devices/endpoint protection they sorely need. 

Deceptive “honeypots”

This approach dangles a low-hanging fruit to exploits that manage to make it through conventional defence lines. The system lays out “honeypots” at different levels, creating fake “vulnerabilities” that attract attacks. 

Any threats “caught” in this manner are directed into a sandbox network isolated from the real network, where they can do no damage but can provide useful information about their operations. The “honeypot” approach is particularly valuable for “zero-day” attacks with no known defences. 

This approach was tested in a 2019 Trend Micro experiment that created a fake factory honeypot. Some of the exploits it trapped included a malicious cryptocurrency mining campaign, two ransomware attacks, and several scanners.

Security Operations Centre (SOC)

heavy automation robot arm machine in smart factory

Given the complexity of the cyber security challenge facing OT system operators, the management of a facility’s security operations should converge at a central point. Managed cyber security services like SOCs help companies conserve internal resources, and draw on the experience of a third-party service provider to make up for infrastructure and expertise that they may not be able to secure on their own. 

Conclusion: a partnership that helps seal the gaps

Companies can’t afford to ignore the opportunities in building “smart” manufacturing facilities. A McKinsey study found that ASEAN nations will experience a positive economic impact from Industry 4.0 to the tune of up to US$627 billion. The same study found that predictive maintenance alone will result in up to 40% reduction in costs and up to 50% reduction in equipment downtime by 2025. 

In the near term, the cyber security gaps between IT and OT networks can be taxing to deal with, for companies that lack sufficient resources to face the issue. 

Luckily, third-party partners like T-Systems can help make up for staffing, resource, and experience shortfalls—helping address visibility issues with evaluation services based on Common Criteria; and providing a holistic view the of threat landscape and an immediate response with their Integrated SOC for IT/OT systems (Magenta). 

Take advantage of Industry 4.0 opportunities without fear. Speak to us today to find out how T-Systems can seal the weak spots in your manufacturing cyber security. 

We look forward to your project!

An expert will answer your questions about the planning, implementation and maintenance of your digitalisation projects.

Contact us today.

Do you visit t-systems.com outside of Indonesia? Visit the local website for more information and offers for your country.