By Kausik ‘KD’ Dasgupta, CTO FactoryEye North America
“Safety first” has been the motto of countless manufacturing-plant managers for decades. Of course, there’s a good reason for this. Manufacturing factory floors can be dangerous places, and if people aren’t careful, they can be seriously injured.
However, “safety first” has traditionally been relegated only to human safety. While this is still the number one priority, manufacturers must also realize that threats to physical safety aren’t the only challenge. As digital transformation sweeps across industry, manufacturers must take cybersecurity into their safety considerations as well.
Manufacturers are prime targets for cyber-attacks
In May 2021, hackers infiltrated Colonial Pipeline, forcing the company to shut off the flow of gasoline in an effort to control the effects of the attack. The company had to pay the hackers, DarkSide, $4.4 million, and the attack caused fuel shortages across 17 states in the Southeast US. And it all started with one compromised password for a VPN that didn’t require two-factor authentication.
Just a month after the Colonial Pipeline attack, the largest beef supplier in the world, JBS, was hacked. The company had to shut down plants across the world and pay $11 million to end the attack.
These are not isolated incidents. Rather, they point to a growing trend of hackers targeting manufacturers. In fact, according to a recent study by IBM, manufacturing is the most targeted industry for ransomware attacks.
Why on-premises software solutions are the wrong reaction to cyber-attacks
Stories and statistics like these have struck fear in many manufacturers. Many people worry that storing their data in the cloud is less secure than keeping it on-premises, similar to how some people believe that hiding their valuables in a safe at home is safer than storing them in a bank. However, just as banks invest heavily in security measures like cameras, guards and alarms, cloud providers invest in advanced security protocols to protect their customers’ data. Moving to the cloud is like storing your valuables in a bank vault—it may not be physically close, but it's much more secure and less vulnerable to theft or damage.
Security-by-design becomes the default
Security-by-design is an approach to software development that incorporates security into the foundation of a service or software product’s design. Too often, cybersecurity is an afterthought. A manufacturer starts a modernization project, carries it out, and then realizes that they need a cybersecurity plan. This is the wrong order. Instead, cybersecurity should be a primary concern, and manufacturers should evaluate how a technology vendor addresses security in their solution when making technology investments.
Some things to look for when evaluating a manufacturing technology investment include:
· Role-based access and authentication for employees using any IT or OT system
· Limiting communication to the workspace so that people outside your organization cannot access systems remotely
· Built-in threat detection and response, such as Microsoft Azure’s Sentinel
Furthermore, the provider should have a plan in place to protect from attacks during the transition. If the transition takes too long, this decreases data availability and can lead to greater vulnerability. Therefore, it’s key to partner with a company that can implement new technologies quickly, decreasing the window of time when data is unavailable and the company is more vulnerable to attack.
Unify IT and OT security
One of the greatest vulnerabilities for cybersecurity in manufacturing today is OT security. When OT systems are infiltrated, operations often grind to a halt.
In the past, cybersecurity was primarily an IT concern, as operational technologies were only accessible from the plant floor. However, as manufacturers seek to become data-driven organizations, they require greater communication between business systems (IT) and plant floor systems (OT). With this communication and connectivity comes a need to rethink OT security. Currently, many manufacturers are leaving OT systems vulnerable to attack. The 2020 IBM X-Force Threat Intelligence Index reported an unprecedented 2,000% year-over-year increase in incidents targeting OT environments, such as critical infrastructure manufacturing.
The way forward involves unifying IT and OT security. If it requires two-factor authorization and directory authentication to access an IT device, not just anyone should be able to stroll onto the factory floor and access OT devices. When designing a cybersecurity plan, or when working with an outside agency to do so, manufacturers should make sure IT and OT personnel have a voice at the table.
Cybersecurity with a small technology staff
Designing a cybersecurity plan that factors in the nuances of IT and OT can sound out of reach for many manufacturers. And the truth is, for many, it might be. Most mid-size manufacturers have very small IT teams, and they’re already stretched thin. However, by transitioning to the cloud, manufacturers can tap into the massive cybersecurity teams of their cloud provider, whether Microsoft, Amazon, Google, or an alternative. Remember, just as trusting a bank with your money enables you to take advantage of their security expertise, so too does moving to the cloud let you gain the cybersecurity expertise of some of the world’s largest companies.
Safer, smarter manufacturing
Cyber-attacks show no signs of slowing down, and as manufacturing continues its high-tech evolution, hackers will look for ways to exploit the industry through attacks. However, the industry is far from helpless. Even manufacturers with little in-house cybersecurity expertise can fight back by following industry best practices and adopting modern cloud-based architecture. Together, manufacturers and their technology partners can ensure a safer, smarter future for manufacturing.
