Operational technology for manufacturing is vulnerable to cyber attacks: what defences can manufacturing facilities muster to safeguard their infrastructure?
Lately, manufacturing cyber security seems to be one bit of bad news after another. This April, cyber security authorities sounded the alarm on the newly-discovered Pipedream malware toolkit, which targets programmable logic controllers (PLCs) manufactured by Omron and Schneider Electric.
Fortunately, the malware has not yet been deployed—but given Pipedream’s versatility and the innumerable PLCs embedded in heavy industry machinery, billions of dollars in damage may result if it’s ever set loose. Lost data is just the tip of the iceberg; think of plant shutdowns, chemical leaks, even explosions.
A 2021 NTT report found that attacks on the industry had increased by 300% in the previous year; in the Asia-Pacific region (APAC), 22% of all attacks were inflicted on manufacturing targets. A Marsh McLennan review also found that APAC organisations are 80% more likely than the global average to be the target of a cyber attack.
This state of play is a far cry from pre-Industry 4.0 days, when manufacturing companies were isolated from the wider Internet and practically immune from cyber attacks.
However, adapting to Industry 4.0 standards calls for connectivity on multiple levels, with complex, connected industrial control systems (ICS) controlling a wide variety of complicated manufacturing processes. The Industrial Internet of Things (IIoT) and autonomous robots, among other things, simply won’t work without high-bandwidth connections.
This has blurred the lines between information technology (IT) and operational technology (OT). Where IT systems were concerned with data, OT devices controlled physical operations in a manufacturing facility, with a clear division between the two. That’s no longer true today: as the panic over Pipedream shows, OT components like PLCs are now irreversibly connected to the Internet—and thus vulnerable to exploits.
Increasing integration of hardware and software with network connectivity has been a double-edged sword for the manufacturing industry. While Industry 4.0 has led to jumps in productivity and efficiency, it’s also highlighted how OT systems are way behind the curve in terms of cyber security.
For starters, the long life-cycle of OT systems, along with its differences in system design, increase its vulnerability to novel attacks. OT systems are optimised to execute an industrial process repetitively without fail over millions of cycles; thus, updates are rare, with operators unlikely to implement any new patches or upgrades for fear of costly consequences on the entire OT system.
Also, OT systems’ design and network protocols are still quite different from their IT network counterparts, so any cyber security products or processes cannot be seamlessly transferred from IT to OT, or expected to work well at all.
OT also suffers from a series of inherent cyber security gaps, which criminals are gleefully seizing on to wreak havoc.
Limited in-house security staff and know-how. In the face of increased demand for OT cyber security expertise, companies are also realising that there’s not enough talent to go around. (ISC)²’s annual Cybersecurity Workforce Study found that APAC suffered from a cyber security workforce gap of 1.42 million, the largest of any region in the world.
Addressing these manufacturing cyber security weak points calls for a holistic approach that uses countermeasures arranged in layers, a concept called “Defence in Depth”. A defence in depth approach aggregates a series of cyber security defences into a single flexible framework for improving cyber security for manufacturing control systems, minimising the potential weak points between IT and OT.
The components of the defence may consist of the following:
In this approach, the OT network is divided into zones and connections called micro-segments. Any communications between micro-segments must be constantly monitored and analysed, with an OT firewall barring access to malware or attacks.
Any cyber attackers that get into one component of the ICS network will be isolated from other parts of the network, reducing the likelihood of their securing unhampered access to the entire network. This approach helps secure the OT network without compromising network performance.
A common issue with older OT-based machinery is their absence of endpoint security functions, which IT systems already take for granted. Manufacturing companies should consider "add-on" measures that are compatible with those older systems, giving them the devices/endpoint protection they sorely need.
Given the complexity of the cyber security challenge facing OT system operators, the management of a facility’s security operations should converge at a central point. Cyber security advisers like T-Systems offer a Security Operations Centre (SOC), a command centre for cyber security operations where security experts can monitor threats in real time, and intervene instantly.
Managed cyber security services like SOCs help companies conserve internal resources, and draw on the experience of a third-party service provider to make up for infrastructure and expertise that they may not be able to secure on their own.