Operational technology (OT) has been advancing faster than many manufacturers can keep up with. As new tech emerges, new problems arise -- and a substantial vulnerability is shop floor security.
The more connected our machines get, the more opportunities hackers have to compromise our systems. We cannot secure our plant floor the same as our information technology (IT) networks.
Make Your List and Check it Twice
To begin securing your factory floor, have your plant operator take inventory of all the devices and software on your network. Corporate IT environments won’t have too many issues with this; but OT is another story, due to the variety and complexities of devices and languages involved.
Depending upon the age of each device, manufacturer, make and model, the devices communicate in different protocols.
Get your security team involved to overcome any communication breakdowns between devices.
The Cyber Landscape for Manufacturers
If you’re manufacturing parts for defense and weaponry, then the Department of Defense and Homeland Security are looking at you very closely for security loopholes.
For the rest of the manufacturing industry, such as consumer goods, you’re largely on your own and there may be some disastrous oversight happening.
Don’t risk the safety of your machines, products, or employees by falling victim to a data breach. According to IBM X-Force Research’s 2016 Cyber Security Intelligence Index, the manufacturing industry is the second most attacked industry behind healthcare. Automotive manufacturers apparently are the top targets for cybercriminals with chemical manufacturers as runner ups.
Keep IT Focused on Security
Don’t be another manufacturer slacking on penetration testing. Lax security standards are the number one reason manufacturers have been exposed to threats on their networks. All it takes is being aware and taking proactive steps towards prevention.
OT networks have poor visibility as we’ve mentioned, due to a large number of variables. In particular, industrial controllers that speak to the machinery and automate industrial processes are at significant risk.
There is an inherent lack of encryption with these controllers, and software exploits run rampant. As soon as a network is breached, a hacker has free roam of your entire OT and IT network… causing disruptions, altering configurations and wreaking havoc on your company.
IoT or I-Uh-Oh
The more manufacturers rely on IoT and smart factory solutions, the more we need to keep up with cyber threat exposure. You can’t invest in new technology without foresight into the downside of these advancements. We often focus on the positive side of tech, such as efficiency, quality and ability to be controlled from anywhere 24/7… but there are significant issues to address, namely network security.
Protect your production processes by utilizing secure gateways and insertion detection systems. Maintain a log of suspicious network activity and implement real-time network scanning.
Educating Factory Employees
Another missing factor in many manufacturers' shop floor security is keeping employees informed on best practices. One slip from an uninitiated worker could result in an entire assembly line shutting down. Teach employees about the dangers of phishing emails and avoiding plugging unauthorized USB thumb drives into devices.
Keep your IT personnel on top of any new devices added to networks. Make sure they are safeguarded. You would never expect to be protecting your shop floor from underground criminal gangs or even the Kremlin… but in the wild world of the internet, it’s a real thing.
For example, in 2018 the FBI uncovered the Kremlin hacking operation called VPNFilter which allowed hackers into U.S. residential and commercial network routers. They deployed a sniffing tool that scanned for industrial control systems. The result was a dizzying amount of devices all compromised and the user's credentials stolen.
A great solution to your security concerns is to have a connected factory. Rather than every device communicating in different protocol languages, streamline your devices.
We’ve discussed the benefits of utilizing Cisco’s Connected Factory Security suite in previous articles. This is a great full-circle approach to protecting machines and infrastructure with integrity by utilizing a highly updated and trusted system.
Could your factory use some assistance in keeping IT and OT secure and employee education? Emerge IT offers Managed Solutions specifically for manufacturers to make automation and network security hands-off & headache-free.