Cybersecurity in Manufacturing: Rising Risks & Countermeasures
| By: Emmet Cole, A3 Contributing Editor
As manufacturers of all sizes step up their automation and digitalization strategies, hackers are increasing their attacks on the sector. From phishing attacks and ransomware through internal breaches and equipment sabotage, manufacturing companies face multiplying, myriad threats.
With many factories today being multi-tenant and production processes often spanning multiple geographies, it becomes necessary to exchange data, including design IP, between various countries and regions.
IBM Security’s annual X-Force Threat Intelligence Index ranks the industries that receive the most cyberattacks each year1. In 2019, manufacturing was the eighth most attacked industry in 2019. Since then, it’s been storming up the list – and, in 2022 for the first time, manufacturing was identified as the world’s most attacked industry, overtaking traditionally popular targets for cyberattacks, including the financial, insurance, and healthcare sectors. IBM Security found that ransomware actors have been exploiting several infection vectors: vulnerability exploitation (47% of the total), phishing (40%), removable media (7%), brute force (3%), and stolen credentials (3%).
Such attacks can be very disruptive to manufacturing facilities, says Daniel Bibireata, VP of Engineering, at Landing AI, a Palo Alto, California-based company that provides AI-powered cloud and edge software solutions for industrial applications.
“An attacker could gain access to a facility and install malware - malicious software intended, for example, to steal data or destroy computer systems. Some attackers may install ransomware, a type of malware that prevents users from accessing their systems until a ransom is paid. And for systems managed from the cloud, the cybersecurity concerns extend to the cloud infrastructure as well,” explains Bibireata.
Once an attacker has gained access to the IT infrastructure, the concern is always that they could move further to attack the operational technology (OT) infrastructure, says Bibireata, citing the April 2022 Alert posted by several US government agencies warning of potential attacks targeting industrial control systems, including programmable logical controllers commonly deployed in manufacturing facilities.
As attacks have grown, so have the countermeasures. Companies are deploying advanced cybersecurity technologies and strategies designed to secure company IP, support digitalization and automation efforts, and prevent bad actors from gaining access to critical systems.
New manufacturing, new risks
It’s an exciting time for the manufacturing sector as companies integrate “amazing new technologies,” says Leah Dodson, Cybersecurity Specialist at NextLink Labs. But it is also a time of extra risk.
NextLink Labs, based in Canonsburg, Penn., specializes in helping organizations assess their cybersecurity program maturity and build an implementation plan based on specific goals and requirements.
“There’s so much potential to revolutionize manufacturing processes, improve safety, enhance production speed and capabilities, but the downside is the ever-expanding attack surface these connected processes bring,” says Dodson.
One of the biggest issues with automation adoption among manufacturers is a “set it and forget it” mindset when it comes to cybersecurity, says Dodson - a mentality that leads to organizations neglecting to maintain visibility after deployment.
“Losing visibility in this way can lead to a host of problems. So, when putting together an automation adoption plan it’s vital to consider how to handle environment visibility, monitoring, safety checks, and secure access throughout the process,” explains Dodson.
Alongside increasing connectivity, IIoT and automation adoption, manufacturers are implementing virtualization strategies and extending the perimeter of their factories through a combination of IT (information technology) and OT to the cloud – all of which creates a “paradigm shift” in terms of the level of security required, says Piyush Modi, Chief Strategist – Industrial sector at NVIDIA.
“A breach in an IT system in a digital only world has one set of implications but when those breaches extend to controlling the physical world, such as through hacking automation for example, it can potentially be pretty disastrous,” says Modi. “Additionally, industrial automation often involves very high velocity, very high throughput mission critical production systems so even a short amount of downtime means significant losses that can be measured in millions and billions of dollars.”
Moreover, the manufacturing world is quickly evolving to a point where everything will be designed and simulated, leading to an interweaving of the digital and physical worlds.
“Data will be the replica of the physical world, but in order to accomplish this extension of the capabilities of your physical systems to these digital workflows, cybersecurity is going to be extremely important,” adds Modi.
In recent years, manufacturers have become more aware of the need for cybersecurity initiatives, driven by the rise in cybercrime. In 2021, the Colonial Pipeline ransomware attack provided a “wake-up call for many organizations,”says NextLink Labs’ Dodson. As a result of that attack, an oil pipeline in the Southeastern United States was shut down for six days and a multimillion-dollar ransom was paid to hackers in bitcoin.
“Leaders across all industries are taking note of cybersecurity. Unfortunately, we also tend to see that manufacturers don’t always know where to start with their program, and they have concerns about balancing security with safety and functionality. Sometimes these concerns can lead to an organization holding off on addressing cybersecurity issues until an incident occurs and forces their hand,” explains Dodson.
This is not to say that manufacturers are totally unprepared. Many of the manufacturing companies that Landing AI’s Bibireata has worked with have advanced cybersecurity defense mechanisms in place.
“This includes endpoint security solutions to detect malware threats on each computer system and firewalls to protect the IT infrastructure from internet threats and monitor for suspicious network communication activity,” says Bibireata. “In addition to this, to protect their digital assets in the cloud, manufacturing customers require comprehensive information security, typically assessed through compliance standards, such as the SOC 2 standard.”
In general, manufacturers are not fully cognizant of all the potential cybersecurity risks facing their businesses, says NVIDIA’s Modi, but they are becoming much more aware of the topic as manufacturing evolves and digitalization becomes more commonplace.
“Manufacturers need to work hand in hand with their IT team to make this evolution seamless. A lot of the time the physical world is divided from the IT world and those silos need to be breached,” explains Modi.
There is no one size fits all solution for manufacturers, says NextLink Labs’ Dodson, so cybersecurity strategies must be tailored to each organization. “As manufacturing integrates more network connected devices, the attack surface grows in a way that traditional manufacturing never had to deal with. So effective cybersecurity becomes a holistic, organizational responsibility that requires proper training and awareness, not just among the IT or security teams but across the entire organization.”
In effect, each organization should start with an internal assessment of their own assets and corresponding risk matrix to determine how best to allocate cybersecurity resources and capabilities.
“It's vital to build a strong cybersecurity foundation from the beginning to support your growth, protect your people and your assets, and empower your technological advancement,” Dodson concludes.
Smart & Secure Infrastructure
New hardware is being designed with cybersecurity in mind, explains Modi, enabling zero trust security from cloud to data center to the edge. As IBM defines it, “zero trust security practices always verifying aims to wrap security around every user, device and connection for every single transaction. Applying a zero trust framework can also help defenders gain insights across their security business. They can enforce security policies consistently and detect and respond to threats faster and in a precise way”.
Meanwhile, there are AI application frameworks also available, which provide scalable data ingest, pre-trained AI models, and policy control functions, allowing cybersecurity developers to detect and remediate security threats.
“Don’t slow down your manufacturing transformation because of cybersecurity gaps. The tools and solutions you need are available today,” says NVIDIA’s Modi. “And don’t assume that that implementing cybersecurity always slows everything down, increases workloads, and requires extra infrastructure. Smart infrastructure at the networking and compute level is available that seamlessly provides end to end cybersecurity.”
Stay Safe! Learn how to protect your facility first-hand from the experts at the AI & Smart Automation Conference, September 29, 2022 in Columbus, OH.
1Read more about cybersecurity breaches in the automation space here.