3 minute read
Operational technology security in the age of smart manufacturing.
from AMT FEB/MAR 2023
by AMTIL
The business needs of Operational Technology (OT) environments are rapidly evolving where systems are increasingly connected to both enterprise networks and externally to the internet, exposing them to new and emerging cyber threats. This means that security becomes strategically important for OT, IT, and business stakeholders in the manufacturing sector. According to a study conducted by Forrester Consulting, 66% of manufacturers have experienced a security incident related to IoT devices over the past two years.
Believe it or not, OT devices in industrial and manufacturing environments often have no built-in security, nor can you install a security agent on them. They were designed this way by manufacturers operating on the now invalid assumption that these devices would not be installed on a network that conveys any type of threat.
The same devices are now exposed to many types of cyber threats leaving the manufacturing sector vulnerable. The fact that OT devices cannot accommodate security agents robs security managers of visibility to what the device is, what risks it harbours, and whether it is behaving outside the norm.
What are the challenges manufacturing companies face when managing OT devices in today’s smart manufacturing climate?
With automation and smart devices expanding rapidly, the smart manufacturing sector is facing new security issues and more vulnerabilities through these connected devices, which increase the attack surface for cybercriminals.
Attackers that breach OT networks can gain access to valuable operational data and intellectual property that costs organisations millions of dollars to fix, not to mention non-compliance penalties.
Once an attacker gains access, they can take full control of the equipment, stop production lines, ruin operations, endanger workers, and even put the general public at risk. Today’s smart manufacturing technology has been amazing for the sector, but it brings with it new vulnerabilities when it comes to cybercrime.
Residual effects of the huge digital transformation
Manufacturers needed to make rapid and drastic changes to their operations during the pandemic, and for most, this meant digital transformation. Now, companies are adapting to an unforeseen post-pandemic environment that includes the ongoing supply chain challenges and shortage of talent. This has meant that some operational changes have stayed and the new risks that companies face have not been fully addressed.
Keeping safe from cyber threats
In today's complex IT and OT environment a clear strategy for asset management security is required to ensure that cyber risks are detected quickly and resolved. Any cybersecurity program designed to mitigate risks in an OT environment should have the same outcomes as a cybersecurity program designed for IT devices. Four critically important areas for risk mitigation are:
Asset Management. Maintaining a current, accurate inventory of all OT devices and their relevant characteristics throughout the device’s lifecycle.
Vulnerability Management. This is Identifying and eliminating known vulnerabilities in OT device software and firmware to reduce the likelihood and ease of exploitation and compromise.
Access Management. This is preventing the unauthorised and improper physical and logical access to, usage of, and administration of OT devices, by people, processes, and other computing devices. And lastly, device security incident detection. This is monitoring and analysing OT device activity for signs of incidents involving device security.
Visibility across all managed and unmanaged devices and monitoring the communication between them in manufacturing environments is not something you can easily do - it requires hundreds of passive monitoring technologies working together.
What are the Australian Government’s guidelines for cybersecurity of this nature?
The Australian government and manufacturing industry bodies have guidelines and standards but unfortunately, due to the speed at which cybercriminals move and the constant improvements in the technology they use, these guidelines are often out of date.
Making things worse is the fact that the Australian government has very weak breach disclosure laws. This means that organisations do not always report when and how a cyber breach has occurred, and so the Australian Government has very low awareness of the real scale of the problem. What can Australian manufacturing companies do to protect themselves?
First, Australian manufacturing companies must recognise that they are all at risk. The ‘it won’t happen to us’ mentality is still common and this is when things go badly for companies.
Of course, there are many solutions out there for all aspects of cybersecurity, however few offer the protection of connected devices such as in the Operational Technology (OT) and smart manufacturing environments. Armis does offer this.
It is important to engage a solution that plugs the holes in your specific industry and not a generic cyber protection solution that might not cover the whole attack surface. armis.com
