Manufacturers today face a very real risk—cyberattacks. With more and more targeted cyberattacks being launched at the manufacturing world, how can manufacturers secure themselves? Dive into six key operational technology (OT) and information technology (IT) cybersecurity challenges manufacturers must resolve to build a foundation of resilience.
Today’s risky cybersecurity landscape for manufacturers
Industry 4.0 has created new cybersecurity challenges for manufacturers due to the increased integration of IT and OT. Today’s cyberattacks exploit weaknesses in complex manufacturing ecosystems. More internet-connected industrial automation devices have left the industrial Internet of Things (IoT) open to the same cyber-risk landscape that traditional IoT has faced.
In addition, supply chains are broader and longer these days, and suppliers and other partners have greater access to a manufacturer’s systems. A shortage of cybersecurity skills and resources—especially for monitoring suppliers and subcontractors—has increased organizations’ vulnerability. And governance of security processes with specified roles for IT and OT to work together has not kept pace.
Against this backdrop, most manufacturers have underestimated the very real risk of cyberattacks and their need to reevaluate and reshape cybersecurity. Establishing strategies for prevention, detection, response, and recovery from compromises is now more critical than ever. The following are six approaches that can be adopted to overcome the challenges manufacturers face.
Six challenges manufacturers must address to be secure
- Alignment among business, OT, and IT
Roles and responsibilities for OT cybersecurity are rarely understood across stakeholders. Security is often an afterthought with no consistent, defined strategy.
To meet this challenge, cybersecurity services should be documented, and roles and responsibilities among IT and OT team members should be assigned down to the site level. A training and awareness program specific to OT cybersecurity should also be conducted.
Manufacturers should consider a consistent OT cybersecurity risk assessment framework that takes into account safety, quality, and business operations along with a consistent control framework with documented policies and standards. Finally, metrics such as key risk indicators and key performance indicators should be defined to measure the effectiveness of the OT cybersecurity program. - Improved OT asset visibility
Since technology asset details for OT environments are often manually collected, inventories of assets tend to be inconsistent, and their accompanying cybersecurity risks receive limited consideration.
More efficient and effective maintenance of asset inventories leads to better understanding, which produces more focused risk assessments. Enhanced understanding of technology communications can be leveraged when completing network segmentation efforts and other projects. Continuous monitoring is enabled by logs from automated visibility solutions. - Enhanced network segmentation
Many manufacturing networks are flat, and business and OT assets tend to be intertwined. What segmentation there is exists through virtual local area networks that do not provide an adequate level of cybersecurity protection.
Initial efforts should focus on limiting connectivity by securely separating IT from OT with physical firewalls. Direct internet connectivity to OT networks should also be minimized and tightly controlled. Windows Active Directory structures are recommended for segmentation efforts in OT environments. - Improved access management
In many manufacturing companies, access across locations is inconsistently managed, and administrator access is pervasively assigned for operational ease. Third parties often have more extensive access than is required.
To better manage access, administrator permission should be granted to a small number of users and systems, or generic accounts should be tightly controlled. A consistent, secure remote access solution should be developed along with security evaluations if other access solutions are required.
The new access management program should include employee and third-party access. Periodic reviews of access granted should be performed, and tight controls should be developed for removable media and roaming engineering laptops. - Centralized cybersecurity monitoring
Many manufacturers cannot identify a cybersecurity event that is occurring unless it physically affects an OT process. When an event does occur, often there is confusion around who should complete the research needed and begin working on the response.
Manufacturers that can establish a security operations center (SOC) for centralized monitoring focused on identifying indicators of compromise and vulnerabilities are better positioned to respond to an attack. As part of the SOC, key individuals should be identified with contact information so it’s clear who needs to be informed when an event occurs. SOC analysts will become the quarterbacks directing the research and response efforts.
Having the ability to identify necessary changes to assets—as well as hunting threats and modeling the impact of cybersecurity risk scenarios—can create business value. - Enhanced response and recovery capabilities
Manufacturers don’t always consider cybersecurity threats, and even if cybersecurity response plans are documented, they often aren’t tested.
Playbooks should be created that provide direction when the team has to respond—and site-level personnel should have clearly defined roles as well. In addition, consistent processes are needed for site-level backups.
Once incident-response plans have been created, they should be tested, and the lessons learned from testing exercises should be integrated into the plans and controls. The ultimate goal is faster detection when an event is occurring.
Manufacturers have an obligation to ensure a safe operating environment for personnel and a duty to protect their assets by making appropriate investments in OT cybersecurity. The six approaches to improved manufacturing cybersecurity outlined here can not only help detection, response, and recovery from cyber compromises; they can also help secure a foundation for resilience, which is key to long-term operational success.
Authors:
Jason Hunt
Senior Manager | Deloitte Risk & Financial Advisory
Cyber & Strategic Risk
Energy, Resources & Industrials
|
Ramsey Hajj
Principal | Deloitte Risk & Financial Advisory
Cyber & Strategic Risk
Energy, Resources & Industrials
|
Michael W. Sakmar
Vice President | Professional Services
Dragos, Inc.
|