As information technology (IT) departments become more sophisticated and improve their identification and response to cybersecurity breaches, many manufacturing companies (particularly at the SME scale) are becoming more susceptible to cyber attacks via their operational technology (OT).
According to the Business Advantage “The State of Industrial Cybersecurity 2017” report, 54% of companies sampled had experienced an ICS security incident within the past 12 months - and 16% of those respondents had experienced three or more security incidents.
In numerous cases the manufacturer was breeched through a third-party vendor, subcontractor or services provider. And 55% of those sampled had allowed external access directly into their industrial control networks.
Manufacturers are replacing analogue processes with digital systems that offer increased capabilities and higher efficiency. The Industrial Internet of Things has exponentially increased the number of connected OT devices and is now requiring a new level of partnership between traditional IT and OT teams to ensure productivity and security coexists.
According to Jackie Mazzocato, Sales Director at Logi-Tech, the all pervasiveness of the Internet of Things is creating new vulnerabilities across all types of organisations. “In one recent case,” she says, “a casino lost an extremely valuable database of ‘high rollers’ when the thermostat used to check the temperature of the water in the fish tank was hacked.”
Now that the manufacturing industry has become a prime target for cybercriminals it is essential for manufacturers to be aware of the three key reasons they need to take cybersecurity seriously.
An IT department is typically responsible for the systems that control, process and transport data that the business needs to make informed decisions on growing and managing the business. IT people are generally concerned with the confidentiality, integrity and availability of data (or CIA for short).
However, the priorities for OT world are very different: it’s all about availability, integrity and confidentiality of data (AIC). Maintaining production (availability) and quality (integrity) are of prime importance as a loss of production can be very costly in lost revenues, internal resource costs, loss of customers and loss of company reputation.
The cost of operational disruption is a significant incentive for manufacturing companies to up their cybersecurity game in 2019. Indeed, the US National Centre for Manufacturing Sciences estimates that each breach can cost a company anything from $1 million to $10 million.
In 2017 we witnessed one of, if not the most, devastating cyberattacks in history. It started when Russian hackers known as Sandworm hijacked the update servers of a Ukrainian accounting software company.
That server pushed out updates to thousands of computers around the world, giving Sandworm a hidden backdoor from which they released a piece of malware called NotPetya.
The headquarters of AP Moller-Maersk became one of the first victims. Within two hours, the malware had spread company wide. Employees were sent home and a maritime giant with 76 ports around the globe and 800 ships was “dead in the water”.
Maersk was not the only company impacted. Pharmaceutical giant Merck & Co’s manufacturing operations were crippled by a global cyber attack that took out its active pharmaceutical ingredient production and affected its formulation and packaging systems. The attack infiltrated Microsoft systems that were not properly patched. It took control of systems and held them for ransom. It quickly spread across affected networks. Damages topped $300 million in lost sales and other costs.
In August 2018 a variant of WannaCry impacted a number of computer systems and fabrication tools at Taiwan Semiconductor Manufacturing Co (TSMC) factories in Taiwan. TSMC is one of the largest chip manufacturers in the world and it lost a full day of production with a cost estimated around US $170 million. (And that’s without considering the impact on the company’s share price.)
The WannaCry malware also impacted Boeing and car manufacturers Nissan and Renault.
“As a manufacturer can you afford for your operations to be down at all?” asks Jackie Mazzocato. “What is the true cost to you of a similar attack? What would be the impact to your business if it had to close for weeks or months to clear up from an attack?”
IP theft and industrial espionage
The theft of data is a lucrative business for cybercriminals. That information can include trade secrets, proprietary manufacturing processes, and even bids and sales proposals. This is valuable information that can be very tempting to competitors who can then get products to market faster, cheaper, and at a lower price point.
According to the Sikich’s 2017 Manufacturing Report, the theft of intellectual property is one of the top reasons for data breaches in manufacturing.
Verizon’s “2017 Data Breach Investigations Report” found that 94% of the 620 data breaches within manufacturing were defined as espionage, and much of that was attributed to state-sponsored actors. The hackers were more interested in information than in money.
A piece of malware can be a “digital spy” used to steal plans, processes, even proposals.
The manufacturing sector is not only targeted by hackers and cyber-criminals, but also by competing countries and companies that engage in corporate espionage.
Most entrances into manufacturing companies’ systems begin with a well-crafted spear-phishing email to an employee. When the recipient clicks on a malicious link or attachment, malware is installed on the computer system to give the hacker access.
Social engineering, a ploy to trick people into giving up personal information, is another common method of attack. Together, social engineering and malware-based cyber attacks made up 73 per cent of last year's data breaches in the manufacturing sector.
IP theft and corporate espionage can damage both a business and an economy, resulting in lost revenue and lost jobs. The manufacturing sector needs to raise its cybersecurity game in 2019 to prevent these cyber attacks.
The growing resource gap
Both the cybersecurity profession and the manufacturing industry are currently suffering from a lack of skilled workers. The 2017 Global Information Security Workforce report revealed that two-thirds of its 20,000 respondents said they lacked the number of cybersecurity professionals they needed to address today’s cyber threat climate.
There is a similar skills gap affecting the manufacturing industry. Manufacturers are having difficulty filling open positions due to a lack of qualified and skilled applicants. Computer skills, problem solving skills, technical training and mathematics skills are among the top skills lacking in job applicants.
However, the convergence of IT and OT has led to another skills gap. IT security professionals do not have a full understanding of OT systems. And OT engineers have not historically focused on cybersecurity.
As IT security staff are charged with securing both the corporate office and the manufacturing floor, they need an understanding of how OT systems operate, what can negatively impact them, and how to keep the production line operational and secure.
OT engineers, focused on keeping their production lines running, need to understand the impact that a breach can have on both uptime and revenues, and work with IT to make sure their production environments are secure.
The creation and adoption of formal training programmes are critical, both in IT and OT, as well as cross-training both teams to ensure a tight-knit and highly functional group.
Implementing the tools necessary to maximise the limited resources that you have is also critical. Implementing cybersecurity tools that deliver real protection while maintaining the availability and integrity of the production environment is key, minimising the impact on resources with your security solution.
So how do you raise your cybersecurity game?
Manufacturing companies must be able to prevent operational disruption, avoid the theft of company IP, and be given the appropriate tools to efficiently deliver security enterprise-wide.
The traditional endpoint protection solutions that are used in an IT back office environment are highly ineffective on the OT plant floor as they require frequent updates/patching and often reboots. What’s more, they consume system processing power, and have poor zero-day threat prevention in either environment.
These solutions require heavy system resources, constant updating, and they cannot work in a self-contained or controlled environment. As a result, they simply cannot stop zero-day attacks – regardless of what their marketing tells you.
Installing security products or patching vulnerabilities in legacy operating systems requires taking systems offline, disrupting production and reducing revenues – which makes this a non-starter in any OT environment. Yet the threat introduced by these unpatched systems puts the entire company at risk.
As threats continue to expand beyond traditional IT networks, you need visibility into all OT and IT assets so that you can deploy threat prevention where it’s needed. Increased visibility of connected devices and the intelligence of the device security posture will help you manage security risk and keep your production lines running.
The only way to address these challenges is to take a different approach. You need a solution that provides complete prevention from file and file-less attacks, known and unknown threats, that does not jeopardise system performance or the production line.
“The good news for OT is that there is a new generation of product can give you complete control over what can and cannot run in your OT environment, eliminating the need for emergency updates against zero-day threats and letting you get off the patching merry-go-round and patch at your own, planned pace while reducing risk to your corporate data and reducing load on your taxed resources” says Jackie Mazzocato.
The solution you choose needs to deliver attack prevention on OT systems without having to take the systems or applications out of production, without downtime, without threat of corruption, ensuring continuous operation.
So what are the key product requirements for securing OT? According to Jackie Mazzocato you need:
• A product that protects against file-less or file-based attacks, known and unknown threats in memory, at run-time when applications are most vulnerable.
• A solution that has a lightweight protection sensor that runs in the Windows kernel.
• A tool that requires no signature updates, behavioural/AI algorithms, or external connections.
• Protection against zero-day attacks without the need for emergency patching.
• Provides deep forensics for incident response, and
• Centralised operational control through a single console that gives you complete visibility into operating systems and related applications across your OT and IT environment.
Jackie Mazzocato concludes: “Any manufacturer that needs to understand how to protect their environment should talk with Logi-Tech.”
08 8152 4000