Create a free Industrial Equipment News account to continue

Emerging Tech Poses New Threats

Five strategies for managing and getting in front of the most prevalent and emerging cyber threats.

Sharon Lindstrom
Feb 29, 2024
Hacking Alarm

A recent global survey by Protiviti and N.C. State University’s ERM Initiative focused on the top risks of boards of directors and senior executives. It ranked cybersecurity as the third highest risk in 2024 for manufacturing organizations – and it's projected to be their second highest risk looking out 10 years. This should not be surprising given the growing number of bad actors seeing manufacturing organizations as opportunities, due to factors such as:

  • The inherent insecure nature of older manufacturing technology.
  • Historically less investment in operational technology (OT) vs. IT security.
  • An increase in the connectivity of manufacturing networks to the outside world (including the deployment of IoT devices).
  • Insufficient collaboration and coordination between enterprise IT/security teams and plant personnel.
  • A lack of visibility into what is connected to and communicating with the shop floor.
  • The rapid evolution of new technology supporting both the business and operations.
  • And of course, the growing talent gap in cybersecurity resources across all organizations. 

Recent breach examples such as Clorox (2023), Kronos (2022), and Maersk (2017) highlight the potential reputational and financial impacts that can occur from a ransomware attack or other cybersecurity incident. U.S.-based companies have an added degree of difficulty in determining the materiality of cybersecurity-related incidents in meeting SEC disclosure requirements. 

Given these challenges, manufacturing leaders must be more proactive in identifying and managing cyber-related risk. Below are five recommended strategies for managing and getting in front of the most prevalent and emerging cyber threats to the manufacturing industry:

1. Increase Network Visibility 

Having a strong asset management function and “source of truth” device/system/application inventory is a challenge for many organizations. In the manufacturing environment specifically, it is not uncommon to hear cybersecurity leaders say, “I don’t know what all could be plugged in out there.” While certain business IT concepts translate to the OT environment to identify risks, tools and processes to gain visibility to OT specific risks will be different. 

Consider implementation of an asset discovery and threat detection solution designed for OT networks, where device discovery and enumeration is conducted passively. Leverage the results from the discovery solution to identify and document the systems that are critical to site operations and prioritize those devices in your security monitoring strategy. Additionally, organizations may consider standing up a test network reflective of the production environment, to enable safe methods to evaluate patches and identify potential vulnerabilities. 

2. Enhance Network Segmentation

Restricting the flow of network traffic between the corporate IT and manufacturing (OT) networks can serve as the first line of defense against potential cyber-attacks. Companies should conduct analysis to understand what systems or applications they need to communicate between these two unique environments and restrict/limit all other traffic where possible. 

A cyber-attack could originate in either IT or OT and then proliferate and migrate into the other, so it is important to implement bi-directional restrictions where possible, while ensuring that sufficient planning and coordination is taking place to ensure that the configuration of security enhancements do not impede or disrupt operations. 

3. Train and Educate All Users 

If the foundational elements of an organizational cybersecurity program (people, process, technology) can be illustrated as a stool with three supporting legs, then the “people” pillar is widely considered to be the weakest link that can cause the entire program to be structurally unsound. 

It is critical to design a security awareness and training program for corporate/business users that emphasizes the most relevant threats and how to identify and report them (e.g., phishing emails). However, it is equally important to ensure shop floor personnel are educated on OT-specific risks and indicators of compromise. The training program should also include specific guidance for how to appropriately escalate a potential cyber incident impacting operations. 

4. Define a Unique Governance Structure for OT

As distinct risks are present in IT and OT environments, there is also a need to manage them in a unique way. Certain elements of a corporate security policy may be leveraged for an OT environment, such as policies, procedures, standards, and guidelines. But other elements must be different for an OT environment, so a separate governance structure for OT (i.e., resources with dedicated responsibility to secure manufacturing networks/devices), tools and technology should be defined. 

5. Implement Security by Design 

Of course, security design should be in the forefront of any discussion for a business implementing new systems or applications – and OT environments are no exception, especially considering that manufacturing environments are becoming increasingly more connected. 

Invite the organization’s cybersecurity function into the conversation early and often and build security into the design and requirements of manufacturing solutions. Embedding security controls and practices upon deployment reduces the level of exposure and the amount of time that a vulnerability, such as insecure design or missing security update, could be identified and exploited. 

It is clear that cyber risk is here to stay for manufacturing organizations, especially evidenced by the number of incidents and ransomware attacks increasing in recent years in this sector, but these foundational steps can help mitigate the risk to a lower priority on boards and management’s radar.

Latest in Advanced Mfg
Security Breach Podcast
Sponsored
Security Breach Podcast
April 19, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Manufacturing Infrastructure Cyber
Avoiding Shutdowns from Ransomware Attacks
April 24, 2024
Related Stories
Flirtn
Advanced Mfg
On Demand: Acoustic Imaging for Manufacturing – Capturing Cost Savings Through Sound
I Stock 1425766526
Advanced Mfg
Purdue's New Interdisciplinary Labs Bolster U.S. Manufacturing
When selecting an RTU, performance, reliability and the right manufacturer are important factors for success.
Advanced Mfg
Factors to Consider When Selecting & Implementing an RTU
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Advanced Mfg
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
April 19, 2024
Ep90
Safety
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Industrial Cyber
Advanced Mfg
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Advanced Mfg
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
Rrmif
Advanced Mfg
RTX Breaks Ground on $115M Expansion of Alabama Missile Integration Facility
The expansion will also bring an estimated 185 new jobs to the area.
April 24, 2024
Electro
Advanced Mfg
Elevating Processes to Match Material Advancements
Pulsed electrochemical machining could be the key to unlocking new and innovative material benefits.
April 22, 2024
Cybersecurity In A Bubble
Advanced Mfg
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Advanced Mfg
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Advanced Mfg
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
People Cyber Metamorworks
Advanced Mfg
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024
Soc
Advanced Mfg
Everyone's Responsibility: Building a Cybersecurity-Centric Culture
Cybersecurity leaders must go beyond checking a box and get creative to actually change behavior.
April 3, 2024
Ep87tn
Video
Security Breach: Hackers Learn How to Attack You, From You
It's not always about the ransom, data theft or denial of service.
April 3, 2024
istock.com
Advanced Mfg
Data Woes Stifling Manufacturing, Adding to Cyber Challenges
A new report uncovers the complex issues surrounding the use and defense of Industry 4.0.
March 28, 2024
Jeff Thumb
Software
Security Breach: The Largest Attack Surface - People
How we're failing to properly support and train our most important cybersecurity asset.
March 28, 2024