A pandemic may seem like an unprecedented risk but it has a lot in common with a much more likely threat: a cyber-attack. Like a pandemic, a serious cyber-attack has the capacity to significantly disrupt, if not entirely stop, a company’s operations across the globe, hitting downstream processes and deliveries to customers. By Pankaj Thareja and Matthew Pilgrim.
Manufacturing businesses are critical to the economy yet are increasingly being targeted by cyber-attackers. Physical damage to equipment and facilities is perhaps the most significant and growing threat manufacturers face from cyber-intrusions. Hackers could take control of machinery and force unsafe conditions like overspeeding, or they could disable the safety systems designed to detect and intervene in these situations.
It’s vital that Australian manufacturers get on the front foot with this growing threat. Many manufacturers are becoming technologically sophisticated, implementing more robotics, automation and Industrial Internet of Things (IIoT) , and thereby increasing their attack surface. This is only set to increase as the Federal Government pushes ahead with plans to grow our advanced manufacturing industry.
The irony is that within this super-connected IIoT environment, ageing industrial control systems (ICS) control and monitor industrial processes, increasing the vulnerability of operations . ICS, found in operational technology (OT) environments, have historically been separated from an organisation’s main IT systems but are now becoming more integrated. This can create new attack vectors.
Furthermore, with a production line under constant operation, upgrading control systems is not straightforward, often involving significant cost and business disruption. It’s not easy to go in and just patch these systems without proper planning, and fixing vulnerabilities may not always be feasible. Also, patches for legacy systems may no longer be available, leaving equipment at risk.
OT’s longevity also means it can end up unsupported by manufacturers, making it more susceptible to cyber vulnerabilities. Hackers understand this – they will target the weakest link.
Manufacturers can manage cyber risk in a number of ways:
Network segmentation is critical. Network segmentation is about building a wall around the crown jewels of your operations, and your weakest links – vulnerable, ageing, operational technology. Appropriate segmentation improves an organisation’s security posture and helps harden the controls network.
FM Global recommends the use of firewalls, data diodes and routers for greater control of data flows, as these can act as a layer of protection between your business systems and your ICS. Where possible, set up ‘demilitarised zones’ (DMZ) between the ICS and business IT networks, and direct all communication to and from the ICS through the DMZ to avoid exposures. Employ network monitoring and logging of activities on the ICS network to detect unauthorised activities.
Even in well-segmented networks you need to be vigilant about back doors inadvertently created in your system. For example, equipment manufacturers and vendors often remotely extract data from machinery to monitor and optimise it.
Make access management a priority
It’s critical to understand how people and devices connect to your system – including how you allow third parties to connect. Consider how operators access control systems and what your password management practices are – including how often they are updated, how simple they are, and if multiple people share the same usernames and passwords to access important systems.
Think about what would happen if someone inserted a rogue USB into one of your computers – whether a malicious actor, or an employee wanting to play music. It’s critical to create and enforce strict policies around connecting external devices.
As remote capabilities and increased interconnection between systems become more prevalent, it’s important that organisations keep security front of mind and strike a suitable balance with business enablement. Put time limits on remote connections, revoke remote access for those who are no longer working within the organisation , and apply strict controls like multi-factor authentication for remote network connections.
Configuration management
Configuration management is the next step to a higher security posture, ensuring no changes are introduced into your environment that could weaken security. After all, anything that can be configured to protect an environment can also be misconfigured, introducing new vulnerabilities.
Appropriate configuration management involves having an ICS oversight team assisting to analyse, validate, and approve all changes to your critical digital environment to reduce vulnerabilities due to misconfiguration or improvised security. This approval process should include all the relevant people – production, maintenance and/or IT – needed to assess the impact of the change on the plant’s security.
Old school vulnerabilities
Physical security is yet another critical component of your cyber strategy and one of the most common deficiencies in the manufacturing sector. While the most insidious threat from a cyber-attacker is usually one who will never set foot in your property, creating easy physical access points where a malicious actor could compromise your equipment will lessen the impact of any hardening measures carried out with regard to your network. Consider what security the business has in place at a property’s perimeter, including requiring swipe cards to enter locations where equipment is located, and locking cabinets where critical equipment are kept.
Ready for recovery
No matter how much preparation is undertaken, there’s still a possibility of succumbing to an attack. A key part of your defense strategy should be planning for the worst-case scenario. Recovery can be prolonged and losses exaggerated when people are unprepared. The key is to understand your recovery objectives before things start falling apart, and to build programs to ensure you can maintain or restore operations within those parameters. Among other things, this requires having secure, up-to-date back-ups of all of those server files and PLC codes.
Employees must be clear on what to do in the event of an incident. This includes documented plans on how to detect an attack is happening, how to safely mitigate the damage and spread of malicious software, and how to restore operations as quickly as possible.
Resilience is a choice – and cyber risk must be treated like any other risk. Just as a facility could burn down or hit by a cyclone, it could be hit by a cyber-attack and the result could be just as damaging, or worse. Amid a rapidly evolving cyber threat landscape, prevention, mitigation and recovery planning will help manufacturers decrease the likelihood of serious business interruption and losses.
Pankaj Thareja is a Cybersecurity Consultant at FM Global. Matthew Pilgrim is Field Engineer – Manufacturing at FM Global.