Cybersecurity in the age of smart manufacturing

Leon Poggioli shares what manufacturers should include in their cybersecurity program, laying out five core principles of operational technology cybersecurity. 

Manufacturing is consistently one of the top critical infrastructure sectors targeted by cyber criminals. Many hacking groups believe that manufacturers are more willing to meet ransom demands than other organisations, given that any degree of operational downtime could cost them millions in lost production value. In a recent Claroty research report, the manufacturing industry was found to have the highest number of devices with known-exploited vulnerabilities (over 96,000), and over two-thirds (68 per cent) of these were linked to ransomware groups.

This increase in cyber risk can be attributed to the convergence of operational technology (OT) and information technology (IT). Make no mistake: this convergence has opened new doors for Australian manufacturers, and all critical infrastructure organisations alike. It’s brought immense benefits in terms of efficiency and productivity, and the data-driven insights it provides has assisted manufacturers to make better business decisions.

However, this process is not without its risks. Manufacturers that previously relied on air gaps to keep their critical processes and control-driven systems offline now face a new reality: Exposure to cyberattacks. Bringing all this equipment online for the first time exposes manufacturers to outside threats, which often include nation-state cybercriminals whose tactics are constantly evolving.

These new cybersecurity challenges require a more strategic and proactive cybersecurity approach that encompasses both OT and IT, which can be a challenge in itself. In the next five years, KPMG expects to see a 15 percent year-on-year increase in cyber attacks targeting Australian critical infrastructure, meaning all Australian manufacturers will have to keep cybersecurity top of mind.

What should be included in your cybersecurity program? 

In addition to all the usual IT security protocols, manufacturers must ensure their cybersecurity program covers all of their OT devices. Operational technology cybersecurity focuses on protecting the hardware and software that monitor and control physical industrial processes, including Industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, Programmable logic controllers (PLCs), Distributed control systems (DCS) and more.

These systems differ from IT in that they interact directly with the outside world, and manage critical infrastructure that can lead to severe consequences if suddenly brought offline. Depending on the severity of the attack, these consequences can include everything from physically damaged equipment to compromised public safety. 

With that in mind, here are five core principles to use when securing an OT environment. 

The five core principles of OT cybersecurity 

Visibility and Asset Inventory: If you can’t see it, you can’t protect it. That’s why getting a comprehensive inventory of all connected assets is so important. This includes everything from how they’re configured to which other devices or systems they communicate with. Continuously monitoring these assets is essential to detecting anomalies or specific threats they may be facing. 

Network Segmentation: Attackers often only need one entry point within your network to access the rest of it. A best practice to limit this is network segmentation, which isolates areas that may be most vulnerable. Doing this via risk prioritisation is often the best method. 

Threat Detection: Oftentimes, IT-specific cybersecurity measures aren’t designed with OT networks in mind. Be sure you have a specialised OT threat detection solution to identify network anomalies, abnormal behaviour, and potential indicators of compromise (IOCs). Also ensure that your solution has real-time monitoring and alerting capabilities.

Remote Access Risks: With so many remote workforces around the world, remote access to OT systems is now an essential part of an OT cybersecurity strategy. Securing an OT environment with a remote access solution that includes encrypted tunnels, multi-factor authentication (MFA), and strict access controls is paramount to staying protected. 

Exposure Management: Identifying and addressing known security weaknesses is crucial in an OT environment. The most logical place to start this is by prioritising the riskiest devices that need mitigation and remediation. From there, correlate your asset inventory with the common vulnerabilities and exposures (CVE) system. Beyond that, though, it’s also important to keep patches current for hardware and firmware, and to regularly assess vulnerabilities and uncover any threats that might not be easy to spot.

A holistic approach to OT cybersecurity

As organisations strengthen their security posture, threat actors are continuously finding new ways around it. There’s a wide range of threats to be aware of these days, whether it’s nation-state groups looking to disrupt operations via espionage or sabotage, or ransomware groups simply looking for a payout.

Therefore, securing manufacturing environments requires a holistic and layered approach. It's not just about implementing security tools. It's about establishing a strong security culture, implementing robust processes, and continuously monitoring and adapting to the evolving threat landscape.

Leon Poggioli is Regional Vice President ANZ at cybersecurity firm Claroty, the cyber-physical systems (CPS) protection company.  In his role, Leon is committed to protecting Australian organisations against cyber attacks, particularly the critical infrastructure that keeps our nation running. He is a seasoned industry expert, having held senior roles in global cyber companies including Palo Alto Networks and Log Rhythm. Leon also runs the YouTube channel @XIoTCyber, where he talks about different cyber-physical security topics in easily consumable, bite-sized thought leadership pieces.