The imperative of cybersecurity in manufacturing
As a cybersecurity expert specialising in non-standard forensics and incident response, it's important to shed light on the pressing cybersecurity challenges facing the manufacturing sector and offer actionable strategies to mitigate these risks.
Whilst many organisations have rightly embarked on their cybersecurity journey, the maturity levels vary, and numerous gaps still remain, particularly in operational technology (OT) environments, which present unique challenges that impede the adoption of comprehensive security measures.
According to the Dragos 2023 Year in Review report, Ransomware remains the number one attack in the industrial sector and the manufacturing sector continues to be the primary target of ransomware, accounting for 71 per cent of all ransomware attacks.
That said, in the ever-evolving landscape of incident response, there are some crucial steps manufacturing organisations must take to fortify their defences.
The State of Cybersecurity in Manufacturing
The manufacturing industry is increasingly becoming a prime target for cybercriminals and categorise the incidents we respond to into three main groups.
The first group consists of commodity ransomware attacks. Manufacturing organisations are particularly vulnerable due to their less mature cybersecurity practices and often flat network structures. These attacks can bring production to a standstill, wreaking havoc on organisations that operate on razor-thin margins. The disruption caused by ransomware can be catastrophic, leading to significant financial losses and operational downtime.
The second group involves insider threats. While some insider attacks are malicious and can be significantly damaging, most are unintentional, stemming from employees attempting to bypass security controls to perform their duties more efficiently. These actions, such as connecting unauthorised devices to the network, can inadvertently create vulnerabilities that cybercriminals exploit.
The third group includes advanced, state-sponsored attacks aimed at industrial espionage or potential future sabotage. These well-resourced assaults seek to steal intellectual property or disrupt critical infrastructure, posing severe risks to national security and economic stability.
Why Manufacturing Is a Target
The manufacturing sector's susceptibility to cyberattacks can be attributed to several factors. Globally, manufacturing operations often operate with a minimal cybersecurity budget and rely on outdated legacy systems with insufficient cybersecurity measures. Additionally, the industry's global nature means that critical facilities are sometimes located in regions with limited resources for cybersecurity, increasing their vulnerability.
Addressing these challenges requires a multi-faceted approach. Here are some fundamental strategies that manufacturing organisations can implement to enhance their cybersecurity posture:
- Understand Your Environment: Begin with a comprehensive inventory of your assets and network topology. This fundamental step is often overlooked but is crucial for identifying vulnerabilities and potential attack vectors. It is extremely challenging and costly for my team to identify the source of an incident or prevent a future one without reliable knowledge of the systems and topologies in play.
- Network Segmentation: Implementing robust network segmentation can significantly slow down attackers and limit their lateral movement within your network. This approach also helps contain any breaches and minimise their impact.
- Remote Access Controls: Strengthen remote access policies by employing multi-factor authentication, logging connection activity, and limiting the number of remote access points. This reduces the risk of unauthorised access to critical systems. My team often finds many more remote access methods into manufacturing networks than IT personnel are aware of due to vendor and "shadow IT" installations.
- Incident Response Planning: Develop and regularly update your incident response plan. Conduct tabletop exercises and simulations to ensure your team is prepared to respond swiftly and effectively to cyber incidents. Remember that any type of major cybersecurity incident is a crisis, and they often occur at inopportune times and in less-than-ideal scenarios. Following good, practiced documentation across the response lifecycle is essential.
- Leverage Third-Party Expertise: While some organisations may have the resources to handle cybersecurity in-house, others might benefit from engaging specialised consultants. These experts can provide valuable insights and help implement best practices tailored to the unique needs of the manufacturing sector.
- Vulnerability Management: It is often impractical and inefficient to immediately patch or update every legacy and operational device in manufacturing networks. However, a strong understanding of where vulnerabilities exist can allow for better defences, architecture, and monitoring of the impacted devices. Perimeter device vulnerability, conversely, is often an intrusion vector and the source of many incidents my team responds to.
Emerging Technologies and Future Trends
Emerging technologies offer promising solutions to bolster cybersecurity in manufacturing. Advanced monitoring tools, better secured vendor technologies and enhanced threat detection systems are becoming more accessible. However, integrating these technologies requires careful planning and collaboration with original equipment manufacturers to avoid disrupting production and voiding warranties.
In fact, several manufacturing organisations have successfully implemented cybersecurity measures, significantly improving their resilience against cyber threats. Effective network segmentation and remote access controls have been particularly impactful, allowing organisations to contain breaches and respond more effectively.
Proactive Measures and Continuous Improvements
The future of cybersecurity in manufacturing hinges on proactive measures and continuous improvement.
As cyber threats become more sophisticated, manufacturing organisations must prioritise cybersecurity investments and stay vigilant. By adopting a strategic approach that encompasses understanding the environment, network segmentation, remote access controls, and incident response planning, manufacturers can better protect themselves from attacks.
For those seeking a more detailed guide, Dragos recommends the white paper "Five Critical Controls for Industrial Cybersecurity" by the SANS Institute. It provides practical steps that, if implemented, can significantly reduce the risk of cyber incidents in industrial environments. By focusing on these basics, manufacturers can reduce the likelihood of severe incidents and mitigate the impact of any breaches that occur.
In an increasingly interconnected world, the importance of robust cybersecurity in manufacturing cannot be overstated. By taking these proactive steps, manufacturers can better safeguard their operations, protect intellectual property, and ensure the continuity of their business in the face of what will be an ever-evolving cyber threat landscape.