Shifts in the manufacturing industry around the technology advancements from Industry 4.0 and Industrial Internet of Things (IIOT) have driven a lot of publicity around the need for network security. As previously isolated networks are now becoming connected to the internet, corporate systems, and smart technology, a whole slew of possible threats floods an administrator’s inbox asking for instructions on what to do, and they don’t know how to respond.
Today’s manufacturers need to focus on identifying the biggest threats to their network and knowing the immediate changes they can make to mitigate the most important risks to their manufacturing network. Based on datapoints from Nuspire’s Security Analytics Team, here are the top three risks manufacturers face, and solutions to quickly mitigate these threats.
After analyzing data from Nuspire’s Manufacturing customers around the globe, remote access has been determined to be the biggest risk to tackle first. Over 30% of the malware discovered attempting to access manufacturer’s networks had the ability to establish remote access between the manufacturer’s network and threat actors across the globe. Because systems on the plant floor are often antiquated, unpatched, or unsupported, these systems are ripe for exploitation and data exfiltration. Many of these systems reached its end of life or was unsupported long before current command and control, spyware, or other data exfiltration malware was developed. Without taking immediate measures to secure and monitor remote access there is no doubt that there will be an exploit to the network.
What to do
The first step in catching remote access threats is to segment the manufacturing network. Unwanted remote access is hard to find when blended in with a slew of needed remote connections. C&C connections can be easily masked when blended in with legitimate VPN access, cloud applications, and filesharing. The manufacturing plant floor traditionally has few remote connections needed, which are usually well known and documented. By segmenting the IT, OT, and guest networks it is much easier to identify suspicious traffic. Next generation firewall, SIEM solutions, and security operations centers can quickly accommodate those needs. Companies with staffing, budget, or resource challenges may find the best fit with a managed security services provider.
Intellectual Property Theft
As manufacturing systems converge, collaboration and automation become much easier. Integration of PLM, MES, and plant floor systems provides a bevy of benefits for manufactures, such as just-in-time supply chain management, agile manufacturing production, and materials resource planning. However, this consolidation results in a larger threat-- intellectual property theft. Threat actors no longer need to look in multiple places for designs, recipes and product information. Simple tools such as keystroke capture malware can easily root out where this data is kept, and how to access it. Nearly 1/3 of all threats Nuspire has stopped on manufacturing networks had the ability to record keyboard input, and generally had a mechanism to leverage remote access functionality to exfiltrate that data.
What to do
Since many of these threats rely on users to lead them to sensitive data, end points need to be secured. Next Generation AV, anti-malware, and endpoint protection platforms are designed to find and stop malware placed on machines to gather sensitive information. This technology can be extended to servers, HMIs and other OT endpoints. Deploying an endpoint protection platform, combined with endpoint detection and response (EDR) services is the fastest and best way to stop intellectual property theft.
OT networks were traditionally isolated to accommodate plant floor reliability. The adage of “if it ain’t broke, don’t fix it” rang true for manufacturing admins for decades. Admins would purposely forgo security patches, firmware, and OS updates for fear that changes to the system would break working production systems. With industry 4.0 and the connectivity of plant floor devices all that changed. The strategy of sacrificing upgrades and patches in the name of network availability is backfiring in spectacular fashion. These unpatched and antiquated systems are now ripe of exploitation, which not only threats IP, but also network availability. Nuspire has discovered that 1 in 20 networks have malware on machines prior to implementing new security controls. This malware takes up to 60% of the network’s resources. This is a severe threat to network availability and plant floor production. Compounding this problem is the fact that nearly 1/3 of malware found on manufacturing networks can perform denial of service attacks. And while the target of these attacks may not be the manufacturing network, the execution of these DOS attacks can cripple network operations.
What to do
Around the clock management, monitoring, and alerting is the best way to discover, detect, and stop threats to network availability before they impact production operations. Early detection can be the difference between a quick remediation and response exercise to a long production outage. Managed Detection and Response (MDR) solutions are designed to find and root out threats that bypass traditional technologies. Having a 24x7 staff watching the network is the easiest and quickest way to implement safeguards to network availability risks.
Nuspire has over twenty years of security management, monitoring, and response experience working with some of the world’s largest and most geographically diverse organizations. For manufacturing organizations, the risks have never been greater. Changes in the industry are creating significant risks to IP, remote access, and network availability. Now more than ever manufacturers need to find next generation security technologies, partners to monitor the network, and solutions to ensure network reliability, availability and security. To learn more about threats and solutions available for manufacturers sign up for our free webinar on June 27th!