Monday, Oct 26, 2020
BY: Dan Hoban - Vice President, Client Success
In this time of Industry 4.0, smart factories, cloud and Internet of Things (IoT), manufacturers’ traditional approach to operational technology (OT) security – air gapping – doesn’t work. In fact, in many cases, separating IT and OT isn’t good for overall business protection.
Connected OT devices, which often don’t have built-in security controls, are low-hanging fruit for threat actors. They can exploit vulnerabilities, get in and disrupt production lines, steal intellectual property and/or go through OT to get to the IT network. For example, one route to sensitive data is through OT devices that aren’t patched, run on unsupported hardware and link to other parts of the network. In this situation, threat actors can get in and move laterally. Another example is an intruder that exploits a vulnerability to move from the factory floor to the website through an infected laptop.
Security controls commonly used for IT networks are not widely adopted by OT. According to one study, while 90 percent of manufacturers surveyed report capabilities to detect cyber events, very few companies today have extended monitoring into their OT environments, and fewer than half of manufacturers surveyed have performed cybersecurity assessments within the past six months.
Consider the success rate of attackers – 4 in 10 manufacturers indicated their operations were affected by a cyber incident in the past 12 months. Without modern “detect, respond, protect and prevent” security controls guarding OT, manufacturers are at risk. Nuspire research indicates top manufacturing threats include ransomware, directory traversals, web scanners, cross-site scripting and remote code execution attempts.
Adopt Effective IT and OT Security Controls
Fortunately, these threats can be detected and stopped. We recommend three fundamental cybersecurity controls for both IT and OT:
- Around-the-clock monitoring. Real-time visibility reveals what is happening on networks and devices so steps can be taken to remediate intruders already inside and block would-be intruders.
- Network segmentation. This tactic is designed to separate the network traffic of different departments or groups, limiting lateral movement of intruders and restricting the flow of sensitive information. Also consider adding secure device management to protect gateways and wide-area networks.
- Remote access management. With so many people working from home, remote access should be controlled with identity and access management (IAM), privileged access management (PAM) and multi-factor authentication. Also consider endpoint detection and response capabilities.
Updating OT security does more than protect the production floor and the IT network. Since the start of the pandemic, business priorities have changed. The top post-COVID 19 enterprise priority is resilient business operations whereas pre-COVID 19 it was digital trust programs. We believe business resilience depends on cyber resilience. And cyber resilience is all about anticipating intrusions, being prepared and knowing what to do before, during and after a breach.
If you want to learn more about the top manufacturing threats and how to prevent them, read our white paper. To have a conversation about eliminating exploitable device and network vulnerabilities, contact us.
 Deloitte, Cybersecurity for Smart Factories, 2020.
 IDC, COVID-19 Impact on IT Spending Survey, May 2020.