Let’s face it, the past few years have presented many challenges for manufacturing. On top of these challenges, many organizations have accelerated their digital journey to support remote workers and stay ahead of the competition. One of the largest challenges manufacturers face today are threats of cybersecurity, mainly to industrial networks. With new technologies, increased numbers of attack vectors and sophisticated exploitations, attackers gain leverage to cripple businesses and disrupt supply chains.
In a recent article published by Claroty, Team82 and Rockwell Automation disclosed some details about two vulnerabilities in Rockwell programmable logic controllers and engineering workstation software. Additionally, The IBM X-Force report released in 2022 reveals that manufacturing is now the most targeted industry for cyber-attacks even surpassing the financial and insurance sectors.
The report also highlights the record high number of vulnerabilities disclosed in 2021, with vulnerabilities in Industrial Control Systems rising by 50% year-over-year, suggesting that the vulnerability management challenge has yet to reach its peak. Unfortunately there is no such thing as an impenetrable network however there are many things that organizations can be doing right now to better protect themselves from current and future threats. See below for a list of recommendations focused on enhancing cybersecurity on OT or manufacturing networks both in the short term and long term.
- Patch automation and networking infrastructure.
- Since patching OT components often requires downtime, these components rarely receive regular software and firmware updates. 47% of attacks on manufacturing networks are accomplished through known vulnerabilities on PLC and network equipment that had not been patched yet.
- Implement or verify frequent server backups and ensure that they are protected and functional at all times.
- Review and update the OT asset inventory and network diagrams to make sure all OT systems, including software and firmware, are well-documented. Categorize the importance and the risk for each asset.
- Implement OT specific continuous threat detection and secure remote access for all remote access needs both internally and externally.
- Follow and review CISA Alerts, Advisories and Reports for current security issues and topics as well as information on how to better protect your environment. Make sure to subscribe to Alerts at the bottom. https://www.cisa.gov/uscert/ics
- Physically and logically segment the network in to three security zones – IT, OT, and iDMZ
- Maintain an automation and network infrastructure patching schedule
- Document and practice an IT and OT incident response plan, which includes key IT security and OT personnel. It should also include OT vendor contacts, safety, tabletop cyberattack exercises, and verification that backups are protected and functional
- Invest in OT security-awareness training, including cybersecurity topics such as social engineering and OT malware.
- Establish a trusted relationship with a third party security vendor and create a continuous improvement plan. The third party provider should help evaluate the current security state of your environment and help with guidance for continuous improvement.