There are multiple security challenges that arise with Industry 4.0 and Industrial IoT (IIoT) trends. One concern in the manufacturing industry is the convergence of the IT network and the operational technology (OT) environment, including the industrial control system (ICS) network. This new digital revolution is driving the need to connect them so the machines on the floor can effectively communicate to one another on the network, to vendors for programming and diagnostics, and the IT network for business intelligence. Because of this, it is causing concerns with the reliability of the networks in terms of security risks.
This network convergence creates a massive challenge for IT professionals and manufacturers. But, in order for today’s manufacturers to keep up with production and reach its goals, they need to adopt to these new changes in Industry 4.0. While these security challenges are complex, there is a way to remain secure while also implementing the industry 4.0 changes—properly segment the OT and IT network. Here’s why;
When all manufacturing technology is connected, and the computers and internal software programs are connected, and the vendor and employee who is working remote also has access to the machines—those are a lot of exposed endpoints where a hacker can easily gain access. In fact, based on findings from NuSecure Labs, our inhouse Threat Research Team, malicious websites are accessed three times per day in an average small manufacturing plant, and 1,000 times per day at large manufacturing facilities. When you properly segment the network, you are substantially minimizing these risks from entering your network. You can still grant necessary connection points on the networks, but by minimizing these connections it is easier to look for anomalous behavior.
When the network is properly segmented, traffic is automatically filtered. Operational Technology (OT) protocols, such as Modbus, IEC 61850, ICCP, DNP315, etc., won’t be allowed to exit the ICS network segment. And while outbound email from the ICS network may be needed for alerting and reporting, all inbound SMTP traffic to the ICS network should be blocked. This eliminates the unnecessary traffic and additional access points to the network, making the network traffic much easier to monitor for unusual behavior, such as an increase in sessions, session timing and the types of connections.
With manufacturers, there are employees, third-party vendors, remote workers, and equipment on the plant floor, that are all trying to gain access to different parts of the network. On top of that, larger manufacturing facilities with more than one location is also trying to gain access to its other locations on the other side of the world. That’s a ton of ground to cover when it comes to having to monitoring all of that traffic. However, not everyone and “everything” is going to need access to every point of the network. When the networks are segmented you are preventing certain people from accessing parts of the networks that are unnecessary.
For example, let’s just say that an incident did occur on the network. Perhaps an employee was targeted and they opened a phishing email, which exposed malware on their computer which ended up affecting the entire IT network. When the networks are segmented, the threats are contained. In this example, the malware is contained in the IT network and doesn’t affect the OT network. Production on the shop floor can continue while the threat is contained and remediated on the IT network.
Overall, segmenting your networks prevents threats from spreading, allows you to control access, minimize vulnerabilities and can overall better monitor your network. However, it’s only a benefit if done properly. If you need help getting starting in segmenting your network, contact us today and we can help you get started in the process.