The Threat Landscape of Manufacturing

An Overview of Cyber Threats to Manufacturing

Manufacturing is a widespread industry with a lot of components. Mass production, purchasing, selling, and the information and data management necessary to oversee it all largely make up the inner workings of the day-to-day in manufacturing. All manufacturers today are facing cybersecurity issues, including communication security, internet security, protecting customer information and managing sensitive information such as trade secrets and credit card or financial data through production and control systems. It’s a heavy burden to bear.

Further, manufacturing is becoming a highly advanced vertical, thanks to the Industrial Internet of Things (IIoT), the use of big data, and an increasing dependence on automation, as reported by Engineering.com. Interconnected systems and data are now running production, the supply chain, and factories overall, thus cybersecurity is a serious anxiety.

Not to mention, in the manufacturing industry, being able to produce and market products hinges upon adhering to the rules of industry and government compliance requirements. A large number of information security regulatory stipulations exist within manufacturing that have to be carefully balanced with industry-related threats and risk management.

Current Threat Environment of Manufacturing

• Manufacturing was the #2 most targeted industry for cyberattacks in 2015, according to BDO.

• More than 90% of manufacturers report cybersecurity concerns, which is 44% greater than 2013.

• 91% of manufacturers say that maintenance, implementation of new information systems, and operational infrastructure risk as main concerns.

Manufacturing’s Biggest Risks

Manufacturing Business Technology noted that a major cybersecurity issue for manufacturing in particular is indiscriminate Internetworking. Essentially, in order to benefit from the IIoT and IT/OT integration, connecting networks that operate disparate trust levels is necessary. However, while firewalls and encryption are helpful tools for IT networks, they’re not adequate for OT networks. Here’s why: any kind of message transmitted has the potential to be an attack, and the impacts of an attack on a manufacturing network often involve human lives. For example, if a malicious actor manages to successfully tamper with a unit that impacts the quality and contents of food, mass amounts of people could get sick.

Besides indiscriminate networking overall, Deloitte listed the following as the primary cyber threats to manufacturing:

• Internal threats
• Advanced malware
• Phishing

There’s no question that the negative business impacts to a manufacturer can be large-scale, depending on the nature of the attack. While the attack surface of manufacturing is widespread and the multitude of operational technology components makes cybersecurity difficult to manage at present, there are things organizations can do to improve their security posture.

Changing the Status Quo for Appropriate Security Measures

The IIoT will continue to grow and develop, and Internetworking will remain a necessity given the proliferation of automation. However, there are cybersecurity considerations for manufacturing security teams that can reduce the chances of attack and implement improved mitigation strategies:

• Control movement of messages and data throughout networks (particularly where disparate trust levels are involved).
• Consider the use of “inbound gateways” in instances in which data must traverse back into protected networks. This will offer considerably better protection than firewalls alone.
• Do not prioritize vulnerabilities over actual attacks. Eliminating vulnerabilities through patching software is an important cybersecurity hygiene measure, however, there are a higher number of vulnerabilities in manufacturing networks than software bugs.
• Understand the attack methods malicious actors are using in order to implement proper defenses.

There are many components to a solid cybersecurity strategy for any given manufacturer, and its details depend on the makeup of the organization itself. While the IIoT is only one part of manufacturing technology, it’s an important part. Securely connecting the plant floor to the home office, so to speak, is necessary in order to protect your line, products, employees, and reputation.

Digital certificates are a reliable solution for enhancing the cybersecurity of your IoT system. Securing your IoT system can help you succeed in eliminating IoT endpoints, whether sensors or devices, as a viable attack surface for a malicious actor. Digital certificates continue to be a cost-effective and efficient method to authenticate, secure and validate diverse endpoints and data in IoT systems for manufacturers. Manufacturing organizations are continuing to recognize the cost savings and flexibility associated with establishing their own PKI.

If your business has questions about your security strategy or would like to evaluate solutions for securing your IoT system, CSS welcomes you to reach out to our Manufacturing Cybersecurity experts.