The manufacturing sector continues to be the target of cybersecurity threats and attacks – seeking to exploit vulnerabilities in Industrial Control Systems, supply chains, and more.

Cyber Attack Trends are Rising in Manufacturing

The manufacturing vertical is very well represented on most hack reports this year regarding both incidents and breaches. The trend line has continued upwards in both sophistication and frequency of malware threats against manufacturing organizations. Industrial Control Systems (HMI, SCADA, & PLC) have long been a target given their vulnerable security posture and general level of protection.

According to the Verizon 2020 Data Breach Investigations Report, web application attacks took the number-two place this year and were dominated using stolen credentials to compromise a variety of web apps used in manufacturing enterprises.

Sometimes these credentials are obtained via malicious links served up in successful phishing attacks, sometimes they are obtained via desktop sharing, and sometimes it is unclear how the victim is infected.
The related increase in attacks against web-based email (O365, Gmail, etc.) have increased this credential availability for attackers to leverage.

Another growing trend in the manufacturing space is misuse by legitimate insiders; in some cases, this is accidental and other times they’re using privileged access to do something imprudent, without intent.

Sensitive Business Assets at Risk

Targeting the manufacturing sector for economic and espionage activity is on the rise.

In manufacturing environments where valuable intellectual property is common, there continues to be a threat from Asian state espionage actors who typically scour the internet looking for open systems to invade. The goals are clearly the transfer of wealth to domestic businesses, and the US Federal government confirms this continues to be a significant trend and will likely persist into the future.

Ransomware is now a very viable standalone threat campaign for manufacturing given the richness of data within the environment and the importance of it working and being highly available. We are able to track the increased interest in this area by watching the rising number of malware attacks against manufacturing environments and the rising volume of research and released vulnerability findings in the industrial controls technology space and the manufacturing related “Internet of Things” product set.

Further, nation states continue to attack supply chain and trusted third parties of manufacturing organizations as they have proven to be highly integrated and have needed access while offering, in some cases, fewer security controls.

Getting Strategy Right

Our proprietary CISO Insights strategy and roadmap development methodology creates an exceptional focus on the business and links the value-creating activities of the organization to the security priorities developed and deployed to maximize risk reduction impact and cost optimization.

The alignment of the business-critical assets at the investment level brings hyper-focus to risk and investment trade-off choices that need to be evaluated. Manufacturing environments typically have major cyber risks like many verticals, but less common to all verticals include the following.

Advanced Digital Transformation

While this is an overused concept, nowhere is this more real than in the manufacturing space given the changes that are happening in manufacturing plants, the big data lakes, and the third-party partners. Legacy technology is common in traditional manufacturing, and while innovation and more digital technologies are common in healthcare, biotech, robotics, and general technology to name a few, consumer goods, heavy equipment, transportation, chemical handling, and infrastructure are all examples where legacy technology is commonly present.

In all these verticals, new digital technology introduction, system integration, advanced analytics, and data sharing are common goals for business evolution. Building a cybersecurity program that is paced to keep up with and be prepared for the capabilities, tools, and strategy for a digitized technology environment requires and enhanced development plans.

When looking across the spectrum of an entire organization, the manufacturing space may be one set of technologies employed, but they are part of an entire ecosystem.

In digital transformation, the goals of both enhancing technology and mining business rich data are equally important. Good security plans consider the implications of several key elements.

Technology Enhancement Plan

As digital connections increase between patient data sources, ERP systems, and big data lakes, the architecture, system integration, data protection, access control, and system integrity must have a defined strategy to ensure the new patient, medical systems, and the network get the appropriate protection.

Data Extraction and Movement Needs

In digital transformation, much of the created value is in the data extracted and analyzed in the organization's big data engine. The movement of data to the lake and the creation of data governance and stewardship is critical to maintaining the value for the company.

Skills and Capabilities Needed to Meet New and Future Operational States

Once the digital transformation is complete, often new security team capabilities are required to protect the organization, which interacts technologically differently than it did before. If the company has developed an online digital marketing capability or begun deploying mobile apps to reach their customers and consumers, defending these takes new skills other than internal data network. Evolving the cybersecurity program to ensure it has the skills needed to deliver today and tomorrow will increase the organization’s ability to be competitive and protect its valued assets.

Internet of Things Risk (IoT)

While no single innovation in technology can generally be representative of significantly increased risk on its own, the IoT trend has, in a few short years, created a massive impact on the attack surface of most businesses and homes. IoT devices generally are internet addressable devices, whether plant robotic systems, logistics GPS tracking systems, AI-driven autonomous delivery vehicles, or many other systems that are interconnected in new ways to the company network and other parties which creates real risk.

Manufacturing 4.0

“Factory of the future” or Manufacturing 4.0 involves the digitization of factory manufacturing lines, product movement, counting, warehousing, and other loading activities.

Creating the product in this new way is not a turnkey operation. Manufacturing plants are a patch quilt of legacy and new digital systems that when stitched together create huge targets for hackers and espionage actors. Not only are factories popular because of what they do, but they are also targets because of their type of systems: modern data systems connected to old Industrial Control Systems like SCADA and PLC make an attractive target to hackers because they were built with specific security defenses common in today’s technology.

Manufacturing plants and systems need a specialized security approach and should form a critical component of the overall cybersecurity strategy.

Supply Chain of the Future

A company’s supply chain is one of its most important business assets. In this global business arena, companies rely on vendors from global to glocal, but they must all be properly vetted from a security perspective to ensure your business can keep running and their business can keep supplying you with what you need.

The vendor security program is one of the foundational programs in your security arsenal to ensure you have done your security due diligence before signing supplier contracts, when you negotiating leverage is optimal.

Big Data

Linking enterprise manufacturing and supply chain systems together to harness the power of the data which can unlock business agility and uncover past inefficiencies is table stakes now for competitive manufacturing firms.

This generally means the introduction of new and powerful data-sharing applications and third-party relationships and the need for significant data and access governance to meet security and privacy goals.

Big data environments mean new tools, faster data collection and integration, and increased value in data analysis output. Securing this environment is not business as usual for cybersecurity and requires enhanced tools and methods.

Typical High Maturity Security Programs for Manufacturing Businesses

Ransomware Defense

At the end of the day, manufacturing lines need to be running to make the organization money, and ransomware attacks against manufacturing environments are on the rise due to a combination of old or unprotected systems and the high financial cost of downtime making them a great extortion target.

One of the most prudent program expenditures an organization can invest in today is a robust ransomware defense program, including the technology, procedures, and preventative systems to keep the threat out. With that said, there is a developing range of obfuscation technologies that can drastically reduce the risk to traditionally high-cost remediation environments.

Security Architecture

Defining an architecture that both enables increased data flow intensity and delivers enhanced security needs is the role of manufacturing security architecture. Manufacturing can be challenging because the data network team and industrial control engineers do not always see eye to eye or have the same skills. Applying sound security architecture skills, assessments, and design principles is still possible and will deliver the greatest overall value to the organization as the manufacturing environment evolves and faces increased security threats.

Innovation in Protection

Asset Management

One common challenge in manufacturing environments can be an inability to provide an exact inventory of all hardware and software at work in the factories. This inability can lead to missed patches and upgrades or reduced qualitative data in risk assessments, so some risks are left unaccounted for. One solution is to get a hyper-accurate view of your assets and their traffic flow. Tools are available that can provide you with this information while being delicate to ICS systems sensitivities, providing the optimal hardware and software inventory available.

Zero Trust Technology

Another exciting development is the intersection between Zero Trust, Micro-Segmentation, and Software-Defined Networking in protecting IT and ICS assets from hackers and malware. New tools and protocols exist that can literally make your IT assets invisible to hackers and malware. This reduces the need for urgent security and maintenance investment while delivering advanced security results.