Manufacturing organizations are in the middle of a major transformation thanks to the digitization of their operational technology (OT). This transformation is so compelling with its smoother processes, cost and energy savings, increased sustainability, and improved logistics that it’s often referred to as the fourth industrial revolution, or Industry 4.0.
Unfortunately, the promises of digital transformation in manufacturing have come with one very big risk: cybersecurity. With digital advancements in AI, IoT and automation becoming increasingly critical to manufacturing success, organizations face growing threats from bad actors who wreak digital havoc via ransomware, theft of sensitive data, disruption of critical national and international infrastructure and more.
The fact is that manufacturing is now one of the most targeted industries for cyberattacks, according to a 2021 Security Intelligence Report.
Fortunately, any Industry 4.0 initiative a number of strategies at its disposal, including the following five, that allow manufacturers to greatly mitigate the risk of cybersecurity threats.
1. Plan for device connectivity
IT/OT integration requires connecting things that were not initially designed to connect to the internet. Unlike the traditional OT architectural approach of isolation and segregation, Industry 4.0 seeks to hyper-connect devices for telemetry, analytics, prediction and optimization. One result: The need to deal with unwanted device connectivity.
Physically isolating specific devices from the network via air gapping and instituting clear procedural controls have a role but shouldn’t be exclusively relied upon. People find ways around most obstacles they think are stopping them from carrying out their jobs efficiently. Today’s manufacturers must also realistically assess their capability to implement OT connectivity safely and adopt a Zero Trust approach. The premise behind Zero Trust is to not trust anything either inside or outside the network without first identifying and classifying all users and devices seeking access.
From an OT network perspective where things often run openly with default connections, it’s important to understand that Zero Trust is a philosophy, not a technology. It cannot be implemented overnight. Therefore, it’s critical to include Zero Trust by design when considering an overall digital transformation strategy and before implementing architectural changes to support IT/OT convergence.
2. Achieve OT asset visibility and management
OT asset discovery, a fundamental prerequisite for compliance with cybersecurity frameworks, is a challenge for most industrial organizations. The sheer number of devices connected to or able to connect to the OT network makes inventory management extremely difficult, especially when considering auxiliary connections such as ERP, CRM, remote access, and business continuity systems. As the saying goes, “You can’t manage what you can’t see.”
Traditionally, passive detection was considered the only safe way to account for devices in OT environments. Active detection was considered risky because it could cause devices to malfunction. Today, however, modern scanning methods use actual ICS protocols to collect detailed information from assets. The process is much more accurate and risk is greatly reduced, as the active component sends legitimate protocol requests to the devices rather than relying on network scanning. Because of these improvements, most organizations today should initially focus on passive detection and then consider using active scanning to discover how many devices can connect into a supposedly air-gapped system.
3. Integrate IT and OT security management for visibility and control
Overcoming the cultural divide between IT and OT is often harder than it sounds. OT often sees IT as a threat vector with the potential to seriously disrupt production, and both OT and IT can see the security team as a brake on productivity. Moreover, digital transformation isn’t an all-or-nothing process. Chances are a manufacturing organization will have implemented small-scale projects developed in-house. The originators of these projects can feel highly protective of their work and resent plans that don’t incorporate what they’ve achieved.
The best approach for combining IT and OT operations–and overcome integration challenges–is a combination of a centralized single executive leader, usually the CISO, to navigate the cultural divide between IT and OT coupled with on-site plant management and maintenance. This allows the organization to adopt appropriate security-related policies and tools and apply an overarching security policy while recognizing the individuality of OT systems on a site-by-site basis. Additionally, integrating all alerts into a single dashboard, such as a corporate security information and event management (SIEM) one, will support cost-effective and holistic security threat management.
4. Provide secure remote access to the OT environment
Secure remote access underpins many Industry 4.0 initiatives. However, remote monitoring and diagnostics of operations and assets, remote product servicing, and a remote workforce all rely on connectivity. Lack of insight and control surrounding connectivity leaves the door open to a multitude of cybersecurity risks.
Because banning connectivity isn’t an option, organizations must first ensure employees understand risks and are able to do the right thing when remote access is required. In addition, the security team should manage remote connectivity centrally. All remote connections should be authenticated, actively monitored, and logged following Zero Trust principles. Scanning should be implemented for external and internet-visible remote connectivity platforms and anomalous traffic, and security teams must stay vigilant for configuration drift towards back-door access via regular penetration testing and visual audits of the OT control infrastructure.
5. Protect against supply chain risks
Supply chain cyber risk is real. The nature of many OT-controlled facilities is that, by design, they’re supported by a plethora of third parties, expanding risk beyond the borders of the organization. Tighter digital integration between suppliers also increases risk, as there’s simply no buffer if things go wrong. Equally, the nature of specialized control and monitoring equipment can make skills hard to build and retain, creating more reliance on an organization’s suppliers.
Supply chain cyber risk must be considered an extension of a broader supply chain risk management strategy. To implement protections in an organization, an organization should form a cross-organization committee to lead the initiative and design and to develop supply chain policies and procedures. It also must identify all assets deployed in an OT environment and get all suppliers and vendors across the supply chain to do the same. A framework of regular supplier assessments and reviews further strengthens security for everyone.
The threat is real
The lack of coordination between IT and OT negatively impacts every measure of performance and resiliency. Poor coordination increases energy costs, causes unscheduled asset downtime or outages, increases health and safety incidents, and increases the number of attacks targeted at OT or ICS.
To combat these very real cyber threats, Industry 4.0 initiatives must actively pursue an appropriate combination of technology, people, and process–all supported by an organizational structure that both converges and diverges as necessary. Only then will manufacturers reap the substantial benefits that come from digitalization.