Cyber Threats to Physical Systems are Increasing in Sophistication and Volume
The recent growth in cyber-attacks against operational technology (OT) systems is unprecedented.
The manufacturing sector is one of the largest, most diverse, and rapidly changing segments of the global economy. And it is a top target for cyber adversaries. Robotics, automation, machinery, Internet of Things (IoT), Industrial Internet of Things (IIoT), smart devices — it’s time to secure manufacturing from threats, hackers, and risks.
The 2022 IBM X-Force Threat Intelligence Index reported an unprecedented 2,000% year-over-year increase in incidents targeting OT environments, like critical infrastructure manufacturing. Attackers are taking advantage of the larger attack surface of these systems and, unfortunately, are not finding them difficult to penetrate. Typical attacks include brute-force password attacks against legacy OT hardware and software, as well as targeted attacks against known vulnerabilities in legacy equipment.
While that extraordinary growth in attacks might astonish even close industry watchers, it should shock no one that attacks are on the rise. Juniper Research has forecast that globally there will be 83 billion connected IoT devices by 2024, and 70% of these will be in the industrial sector.
This level of connectedness completely changes the relationship between IT and OT. And unfortunately, many new connected devices are built with just enough processing power and bandwidth to create vulnerabilities but not enough headroom either to support a firmware update if a vulnerability is discovered or to support an agent to provide protection in the event of an attack. This, of course, necessitates the need for a comprehensive OT protection strategy that reassesses the level of connectivity to and interdependency with traditionally OT assets.
“For the first time in five years, manufacturing outpaced finance and insurance in the number of cyberattacks levied against these industries, extending global supply chain woes. Manufacturers have a low tolerance for downtime, and ransomware actors are capitalizing on operational stressors exacerbated by the pandemic.”
IBM X-Force Threat Intelligence Index 2022
Cyberattacks Against Manufacturers
According to a report by the cyber insurance company Allianz, cyberattacks against critical infrastructure are more likely to target ICS than attempt to steal data. A survey of critical infrastructure suppliers showed that 54% reported attempts to control systems, and 40% had experienced attempts to shut down systems. While manufacturers are particularly vulnerable to attacks designed to cause extended operational downtime, they are also highly sensitive to the loss of trade secrets and customer data. This is true across the board but particularly for manufacturers working in the Defence Industrial Base (DIB) sector.
Unfortunately, business changes made in response to the COVID-19 virus have likely contributed to the increase in attacks during 2021 and into 2022. Remote workers are particularly vulnerable to phishing attacks, which can become a vector for ransomware attacks. Ransomware typically locks down data until a ransom is paid, but for a manufacturer, that is the equivalent of locking down the production line. Manufacturers have been particularly hard hit by ransomware, seeing the steepest increase of any industry.
Special OT Security Challenges
Manufacturers suffer from having to maintain highly dispersed and heterogeneous infrastructure and supply chains. Embracing Industry 4.0 technologies makes it even more difficult for organizations to create and maintain accurate real-time inventories of their OT/IoT devices and systems. But this is a minimum requirement for developing a baseline cybersecurity strategy for OT and IT systems: manufacturers must be able to monitor their network state in real-time and understand device behaviour. The ability to detect anomalous activity in near real-time is key to preventing operational disruptions, whether from maintenance issues or cyberattacks.
Another difficulty is that basic threat intelligence information is often lacking on attacks targeting OT and IIoT infrastructure. Cybersecurity teams need to be able to detect, analyse, and react to indicators of compromise (IOCs) and anomalous behaviour in their network. The broad deployment of IIoT devices provides numerous beachheads for attackers who can then quickly move laterally through a network. Network segmentation is, therefore, a critical component of OT cybersecurity strategies.
You may also like: Oil & Gas Facilities Face Increased Threat Of Cyber Attacks
Legacy Challenges
Legacy OT systems are burdened with a long list of cybersecurity concerns, including:
- Equipment with decades-long life cycles,
- An inability to patch systems due to stability concerns,
- And a lack of basic cybersecurity features such as user authentication or encryption.
Historically, OT security personnel could at least credibly claim that such systems were “air-gapped” to ensure isolation from the rest of the world. However, complete isolation, if it ever existed, has become impossible today. No manufacturing organization can embrace an Industry 4.0 strategy without addressing the severe cybersecurity risks that attend it. This strategy requires a recognition of the almost complete integration of IT with OT in modern Industry 4.0 deployments.
OT cybersecurity has traditionally been its own discipline. Analyst firm Gartner defines OT cybersecurity as: “The practices and technologies used to protect people, assets and information involved in the monitoring and/or control of physical devices, processes and events, particularly in production and operations.” Over the years, as IT has been incorporated into OT systems, the approaches to cyber protection have also merged, but the primary goals of the two disciplines remain distinct.
IT and OT cybersecurity differ in fundamental ways but not only because the systems often require different security controls. The real distinction is that IT and OT security practitioners have different goals for “securing” their assets and different definitions of “secure.” This is hardly surprising given that IT is chiefly concerned with digital assets and OT is chiefly concerned with physical assets.
How Should Manufacturers Respond?
The good news for critical manufacturers is that there is a large and growing set of resources designed to improve cybersecurity in this sector. Manufacturers globally should expect more cybersecurity oversight as Industry 4.0 technologies increasingly become commonplace and expand traditional attack surfaces.
It is critical that manufacturers remain engaged with public and private organizations within their territories of operation that are driving cybersecurity regulation and determining best practices in the sector.
Manufacturers should be focusing on creating a specific OT cybersecurity plan, be integrating OT and IT cybersecurity efforts as much as possible, and looking to bundle OT cybersecurity more fully into broader enterprise risk management strategies. Business considerations are driving a wholesale revolution in manufacturing technology deployment, and OT cybersecurity strategy needs to be viewed as a foundational core competency within manufacturing organizations.
Mature Your Security Profile and Manage Cyber Operational Risks
activereach, in partnership with Mission Secure, can help you maintain real-time visibility and protection to make sure every machine on your network is locked down against cyber threats. Along with protecting against OT cybersecurity threats, our industry experts help manufacturing clients address regulatory compliance — including the ISO/IEC 27001 requirements.
Speak to activereach today on 0845 625 9025 to discuss how you can guard your facility against revenue loss by limiting production distractions and better protecting your ICS network. Or Contact Us to arrange a Manufacturing OT Cyber Readiness Review.
This article is based on a Mission Secure blog series originally published April 10, 2021, and updated June 22, 2021.