A defence and communications electronics manufacturer paid $500,000 as ransom after a cyberattack left it reeling and still recovering a month and a half later.
Cybersecurity in manufacturing may not be discussed as much as cybersecurity in banking or healthcare, but that doesn’t mean the sector is at low risk of cyberattacks – the opposite may be true as many attacks are aimed at manufacturing units for different reasons:
- Industrial Espionage – 86% of cyberattacks against manufacturing are acts of cyber espionage. This sector has a lot of intellectual property and proprietary information which makes it an attractive target for cybercriminals who can sell that information to competitors and counterfeiters
- Sabotage – Some cyberattacks are carried out only to damage production facilities
- Ransom Demands – Manufacturing firms are targeted by ransomware attacks as modern methods like Just-In-Time manufacturing make any interruption of production activity very disruptive, which may make manufacturing firms willing to pay the ransom and resume production quickly
- Customer Information – Manufacturing units are businesses with customer data, and they can be attacked for that data which may be valuable in the black market
- Nation State Attacks – Countries vie to inflict damage on each other through fighting cyber wars. Instead of bombing factories as they did in the past, they can now try to shut them down by launching cyberattacks on their manufacturing controls systems
Creating A Cybersafe Production Plant
The process of producing anything involves multiple functions, such as procurement, transportation, warehousing, research and development, inventory management, and many others. These functions are increasingly digitally integrated with the core manufacturing process to have a single, seamless production entity that inches closer to the goal of a completely automated dark factory.
Such an integrated entity is highly vulnerable unless effectively cybersecured, because a cyberattacker can enter the IT network through, say, the CRM system that is updated by agents in the field, and then move through the network until machinery controls are breached and instructions that will create unsafe products can be uploaded to the manufacturing equipment. This is obviously not a welcome prospect for any production facility.
This blog began by discussing a cyberattack on a defence contractor. Let us take a closer look at what happened there:
- A domain admin clicked on a malicious link while logged in, triggering the attack
- All computers were on the same, unsegmented domain, which allowed the malware to spread throughout the company to every office. Even on-site backups were not spared
- 150 computers were running Windows XP, which stopped receiving regular security updates 6 years ago
This isn’t meant to criticise a particular company, as this scenario is common to many manufacturing units – and in many other sectors as well. We are using this incident to point out that the depth and breadth of cybersecurity weaknesses become obvious after a cyberattack. But it doesn’t have to be that way.
Cybersecurity in a manufacturing firm is like a machine in itself: it will take different parts working together; and maintenance, overhauls, and upgrades will be required. Let us now examine such a cybersecurity mechanism:
- Treat Cybersafety Like Physical Safety – Manufacturing firms place great emphasis on physical safety with good reason – because they deal with dangerous equipment and substances. This awareness should extend to cybersafety as well. Planning, training, supervision, reminders, and penalties are required to fight cyberthreats. Just like physical safety, cybersafety has to be Job 1 for it to be effective
- Remember that Corporate IT can be the gateway to Manufacturing IT – A finance executive opening an infected email attachment may be all that is required for a welding robot to malfunction when both manufacturing and corporate systems are on the same network. The company’s IT infrastructure and cybersecurity should be designed with digital walls between functions to prevent a attackers from moving between departments once they get past the IT perimeter. Some IT assets may even need to be air gapped for maximum protection, though such systems may still suffer cyberattacks in some situations
- Apply the What, Why, Who, How Test – Reducing the number of people (and devices) that can access any data reduces the chances of it leaking. Verify What data needs to be accessed, Why access is required, Who needs to access it, and How they intend to access it (do they really need to access the data on their phone?). Restrict all these to what is absolutely necessary to minimise the plant’s attack surface
- Identify and Secure Confidential Information – Information that is confidential is an appealing target for cyberattackers and may need extra security such as encryption, storage and use within a highly secure environment, and restrictions on who can access the information and the duration of the access. It is important to identify which information needs to be secured. A secret design or manufacturing technique is an obvious example, but even transportation schedules can be confidential information if there is a risk of a valuable shipment being stolen
- Conduct Penetration Tests – Cybersecurity experts pen test your facility by simulating a cyberattack to see how far, how easily, and where it travels in your organisation. This can then be used to tweak, overhaul, or even completely rethink your approach to cybersecurity depending on their findings. Pen testing’s importance increases as automation and integration levels increase
- Replace Old Systems – As the defence contractor example revealed, older systems may work perfectly well but they significantly increase the possibility and potency of a cyberattack if they no longer receive security updates. Replacing older systems, or upgrading those parts that have stopped receiving updates, increases the facility’s safety quotient
- Choose IT Vendors who Provide Timely Updates – When finalising components of your IT infrastructure, give greater weight to vendors who are known for providing regular and extended security updates and patches for their products. This should be followed even for seemingly insignificant devices such as a connected water level monitor. Any connected device can be vulnerable and the longer they receive updates, the longer their useful life in a digitally integrated manufacturing environment. Cybersecurity is often a race between the cybercriminal and the victim where the crook tries to attack before the update is applied and the victim tries to update before an attack is launched once an exploit is discovered. Therefore, ensure that updates are installed as soon as they become available
- Take and Test Backups – Data that is backed up can be restored in the event of a cyberattack. Backup frequently and store the data both onsite and offsite to combine quick access and greater protection. Test the backups occasionally to verify how quickly data can be restored, and if the backup covers all the data required to resume operations
- Endpoint Security – Effective endpoint security can identify even unknown malware by noticing unusual behaviour, securing devices and protecting the organisation from cyberthreats. These can go beyond the typical antivirus and firewall, and include other features such as restricting what applications (or even versions of applications) can be installed and which websites can be accessed
K7 Security provides enterprise endpoint security that is enhanced with Artificial Intelligence to provide maximum protection against cybercriminals. We have worked with international manufacturers and plants that are part of sophisticated supply chains to protect them against a very wide array of cyberattacks. Contact Us to learn more about how we enable cybersafe production.