Securing the Smart Factory
Attributed to: Alex Nehmy, Field Chief Security Officer, Critical Industries, Japan & Asia Pacific, Palo Alto Networks
The incredibly competitive manufacturing industry has evolved from labour-intensive manual processes to progressively more intelligent systems driven by the computing power of the digital revolution.
Even more so with the supply chain shifts resulting from the ongoing trade wars, particularly within the digital technology manufacturing sector. The Chip War is an example of how tensions between the US and China are escalating, as both countries compete for dominance in chip manufacturing and technological innovation.
This reorganisation of the supply chain has also resulted in Asian countries such as Thailand, India, and Vietnam stepping into the race as specialised manufacturers.
This competitive nature is driving the adoption of digital, highly automated systems, which reduce labour costs and significantly increase production efficiency. Through this digital transformation, we’re seeing the wider implementation of digital twins – a digital model of the material manufacturing environment – to achieve highly automated manufacturing processes.
In a Smart Factory, the digital twin receives data on the physical manufacturing process from IoT sensors. The digital twin is often cloud-based and uses machine learning to make sense of the IoT data, making decisions that change the manufacturing processes as needed to improve efficiency further and minimise issues.
Security Vulnerabilities Plaguing Smart Factories
While digital twins and other connected components of the cyber-physical system of a smart factory provide efficiency, they are not immune to security risks, and instead widen the attack surface of an already highly-targeted sector.
IoT devices are often shipped in an inherently insecure state, and patching them is difficult due to availability constraints and the sheer diversity of the devices with many different manufacturers and patches.
Unmonitored and unsecured IoT devices are among the top 3 cybersecurity challenges faced by ASEAN organisations, according to Palo Alto Networks’ 2023 State of Cybersecurity ASEAN study. At the same time, cloud computing extends the attack surface from the manufacturing floor to the cloud service provider and exposes industrial operations to cloud vulnerabilities.
Digital manufacturers also have an increasingly complex supply chain. In addition, third parties are often critical in providing remote support for digital manufacturing equipment. With 40% ASEAN organisations with OT systems having a direct connection to third-party infrastructure or Enterprise IT networks, this becomes another cause for concern. Attackers now have another entry point to exploit, as these third parties usually have a different level of cyber security controls than large manufacturers.
Smart factories also contain a lot of intellectual property. The specific manufacturing process may be the key market differentiator between two competing organisations. Intellectual property theft can have a material impact on the long-term profitability of an organisation.
Considering the manufacturing sector’s historically sluggish investment in cyber security and subsequent attention from threat actors, a new approach is required to secure the smart factory.
Managing the Cyber Security Risks of a Smart Factory
Security must be built into every technical and architectural decision, right from factory inception and planning, through to its operational life cycle. The following steps can help manage the cyber security risk of a smart factory:
Zero Trust – a strategic approach to cyber security that focuses on removing implicit trust and always verifying each and every request for data or system access, treating every user, application and system equally. For a smart factory, the key is identifying the protected surface that is most critical to the organisation and having central inspection points where continuous inspection and validation can be performed.
Accountability – A Chief Information Security Officer (CISO) must be responsible and accountable for ensuring cyber controls are implemented appropriately to meet these objectives. Accountability for cyber security is essential in managing the cyber security risk.
Risk-Based Approach – Use a risk-based approach to identify the key risks posed to the smart factory, such as interruption of the factory management system, corruption of the manufacturing equipment or loss of intellectual property.
Strong cyber security controls should be enforced to minimise the likelihood and consequence of each risk. This approach ensures limited cyber security resources are channelled to address the cyber threats that pose the greatest risk to the business.
Architecture – Modern manufacturers must build cyber security into their smart factory from the ground up, starting with a secure architecture that incorporates the principles of Zero Trust and a platform approach (also known as Cybersecurity Mesh Architecture), which will ensure greater efficacy, a lower cost and a more effective ROI.
Segregation – Segregation is a key control in reducing the likelihood of a threat actor moving laterally from a compromised IoT device and into critical manufacturing control systems. It also provides a mechanism to channel data through inspection points to monitor for signs of a security incident, perform continuous trust validation, and enforce least privilege.
Monitoring – Modern digital organisations must assume they will be breached and strive to detect incidents immediately. In line with the Zero Trust strategic approach, it is essential to perform continuous security inspection of data, especially as it traverses to and from the protected surface.
Incident Response – CISOs know it is a matter of when a breach will occur, not if. Therefore, it is essential to plan for a breach and be sufficiently trained to respond efficiently and effectively to minimise the impact of the breach and ensure the timely restoration of the business’s most critical systems and processes, such as manufacturing equipment and control systems.
Resilience – Systems must be designed not only to withstand a cyberattack but also to recover and resume operations in the quickest possible time. Resilience is the key to ensuring manufacturing systems have maximum uptime and production capacity, as well as the ability to achieve timely recovery and resumption of production.
Security Awareness and Culture – Security is everyone’s responsibility, and well-trained employees can provide a frontline defence against cyber attacks by identifying phishing emails and reporting suspicious activity, which may indicate a cyber incident.
Smart Factories are built to be digital-first, and with the extensive use of IoT, cloud systems and data integration, they are a significant departure from a traditional manufacturing environment. Cyber security has therefore never been more important in ensuring the continued quality and productivity of a smart factory.
However, digital systems must also be secure systems, and cyber security will be the foundation that smart factories are built upon.