096
SOFTWARE
Manufacturing under COVID-19: Overcoming challenges in a crisis The COVID-19 crisis has presented significant difficulties for the manufacturing industry. To overcome these issues, manufacturers must embrace Industry 4.0. By Eddie Stefanescu. The challenges posed by the COVID-19 pandemic are numerous. The requirement for social distancing has led to a surge in remote working. With supply chains disrupted, the demand for some products has shrunk, making it difficult to keep up with demand. Moreover, we’ve seen many production facilities be rapidly repurposed, such as distilleries that switched to making hand sanitiser, and car manufacturers that pivoted to making ventilators. In order to rise to these challenges, manufacturers have to adopt the modern technologies of Industry 4.0, such as automation and robotics, large-scale monitoring systems that provide real-time information about production processes, and flexible systems that can be quickly adapted to produce modified or different products. A prerequisite for Industry 4.0, and for an effective response to COVID-19, is for manufacturers to have tightly integrated operational technology (OT) and information technology (IT). At a foundational level, tight OT/IT integration enables better business planning and management. It enables production systems to be more responsive to business priorities and customer requirements, and to be more effectively managed remotely. However, there are many barriers to effectively integrating OT and IT systems. First and foremost is the considerable challenge of ensuring robust and manageable security. OT networks run on proprietary protocols and typically use a lot of legacy equipment, which is incompatible with and inaccessible by the traditional IT security tools used in IT enterprise environments. As a result, IT security tools are unable to gather the necessary data from OT networks that is essential for risk calculation and mitigation. Previously, OT networks have remained largely isolated from corporate IT networks – meaning they have also been isolated from the internet and the global community of hackers and cyber-criminals that it harbours. When OT and IT networks are suddenly integrated, the whole network becomes vulnerable and exposed to these threats. As OT systems often control or monitor real-time processes, manufacturers can’t afford to have any system outages. The consequences of such an outage could
AMT AUG/SEP 2020
be catastrophic, such as in the case of a power plant. However, you cannot protect what you cannot see. Therefore, it is recommended that manufacturers have security tools that provide them with deep visibility into their networks, in order to identify all connected devices and network processes.
How can manufacturers overcome these challenges? There is no single solution to these challenges, but an essential first step is network segmentation: by allowing only necessary connections to the network, manufacturers can reduce the risk of unsuspecting devices being used as attack routes. There have been numerous instances where vulnerable – and in some cases trivial – devices have given access to a company’s ‘crown jewels.’ Take, for example, the casino that was hacked through the smart thermometer in its lobby aquarium, giving the attackers access to its database of ‘high-roller’ customers. A comprehensive approach that addresses all the potential weaknesses in the security of integrated IT/OT networks is required to overcome these challenges and ensure robust security. In particular, there are two important considerations to ensure robust OT network security: 1. Security professionals should aim to have a complete inventory of connected assets and the communication paths between them. Fortunately, there are numerous OT-specific security tools readily available in the market that enable manufacturers to easily monitor all activity between their equipment.
2. It is crucial to define normal network operation – by monitoring the network and understanding how all devices interact with each other, any suspicious activities can be detected and shut down before an attack occurs. Security tools can assist manufacturers by monitoring all assets and communications on their networks, establishing a baseline of normal behaviour, and detecting any anomalies. Factoring in the world’s increasingly remote workforce – a trend which has been consolidated by COVID-19 – investing in security tools that can support secure remote access to the network is highly recommended. By tracking and auditing all remote accesses, security tools can prevent any unauthorised access from bad actors. The pandemic will eventually pass; however many of the changes it has imposed are likely to endure. The COVID-19 crisis has created a strong incentive for manufacturers to accelerate OT/IT integration and their take-up of Industry 4.0, but in order to do this as securely as possible, manufacturers need to deploy security tools that thoroughly protect their networks. Eddie Stefanescu is Regional Vice-President, Business – Asia Pacific & Japan at Claroty. www.claroty.com
