By Alex Mosher, Senior Vice-President of Global Enablement at Armis
The business needs of Operational Technology (OT) environments are rapidly evolving where systems are increasingly connected to both enterprise networks and externally to the internet, exposing them to new and emerging cyber threats.
This means that security becomes strategically important for OT, IT, and business stakeholders in the manufacturing sector. According to a study conducted by Forrester Consulting, 66% of manufacturers have experienced a security incident related to IoT devices over the past two years.
Believe it or not, OT devices in industrial and manufacturing environments often have no built-in security, nor can you install a security agent on them.
They were designed this way by manufacturers operating on the now invalid assumption that these devices would not be installed on a network that conveys any type of threat.
The same devices are now exposed to many types of cyber threats leaving the manufacturing sector vulnerable. The fact that OT devices cannot accommodate security agents robs security managers of visibility to what the device is, what risks it harbors, and whether it is behaving outside the norm.
Not only are OT devices increasingly vulnerable to attack, but they typically are not able to accommodate a security agent that could monitor and protect the device from attack.
This design choice allows the device manufacturer to maximise economy and power efficiency, which in the past (and arguably still) have been seen as more important than security.
Alex Mosher, Senior Vice-President, Global Enablement at Armis, talks to NZ Manufacturer about the strategies involved in managing IT/ IoT/ OT device security in the manufacturing, advanced manufacturing, and smart manufacturing space. Andrew, thank you so much for your time.
What are the challenges manufacturing companies face when managing OT devices?
With automation and smart devices expanding rapidly, the smart manufacturing sector is facing new security issues and more vulnerabilities through these connected devices, which increase the attack surface for cybercriminals.
Attackers that breach OT networks can gain access to valuable operational data and intellectual property that costs organisations millions of dollars to fix, not to mention non-compliance penalties.
Once an attacker gains access, they can take full control of the equipment, stop production lines, ruin operations, endanger workers, and even put the general public at risk.
Today’s smart manufacturing technology has been amazing for the sector, but it brings with it new vulnerabilities when it comes to cybercrime.
What are the residual effects of digital transformation that happened during the pandemic?
Manufacturers needed to make rapid and drastic changes to their operations during the pandemic, and for most, this meant digital transformation.
Much of this was going to happen anyway. Still, the pandemic accelerated transformation and perhaps it was the case that some changes, which were temporary in nature, needed to be revisited and completed.
Now, companies are adapting to an unforeseen post-pandemic environment that includes the ongoing supply chain challenges and shortage of talent.
This has meant that some operational changes have stayed and the new risks that companies face have not been fully addressed. We are now at a point where we must raise awareness of these new risks.
What is required to secure OT equipment?
In today’s complex IT and OT environment a clear strategy for asset management security is required to ensure that cyber risks are detected quickly and resolved.
Any cybersecurity program designed to mitigate risks in an OT environment should have the same outcomes as a cybersecurity program designed for IT devices. Four critically important areas for risk mitigation are:
Asset Management. Maintaining a current, accurate inventory of all OT devices and their relevant characteristics throughout the device’s lifecycle.
Vulnerability Management. This is Identifying and eliminating known vulnerabilities in OT device software and firmware to reduce the likelihood and ease of exploitation and compromise.
Access Management. This is preventing the unauthorised and improper physical and logical access to, usage of, and administration of OT devices, by people, processes, and other computing devices.
And lastly, device security incident detection. This is monitoring and analysing OT device activity for signs of incidents involving device security.
Visibility across all managed and unmanaged devices and monitoring the communication between them in manufacturing environments is not something you can easily do – it requires hundreds of passive monitoring technologies working together.
What cyberattacks of this nature have taken place?
The majority of cyberattacks are ransomware. This is when a cybercriminal will take control of connected devices such as the OT equipment, bringing down the whole manufacturing process unless a demand for a ransom payment is met. Once a cybercriminal has taken control, there is very little a company can do.
What can manufacturing companies do to protect themselves?
Manufacturing companies must recognise that they are all at risk. The ‘it won’t happen to us’ mentality is still common and this is when things go badly for companies.
If you have enough scale, consider putting someone with the correct skills in charge of cybersecurity and don’t just leave it for your IT team to pick up.
Of course, there are many solutions out there for all aspects of cybersecurity, however few offer the protection of connected devices such as in the Operational Technology (OT) and smart manufacturing environments. Armis does offer this.
It is important to engage a solution that plugs the holes in your specific industry and not a generic cyber protection solution that might not cover the whole attack surface. If there is a chink in your armor, a cybercriminal will find it and will exploit it.