The manufacturing industry is under threat from cyber criminals. This is not a new issue, but one that has escalated in the past year, with the number of cyber attacks on industrial businesses increasing by 50 percent in 2023. Globally, cyber attacks on manufacturing businesses account for more than a quarter (26 percent) of attacks on all industries.
The consequences of this vary from organization to organization; but a cyber attack can bring production to a halt, affect production quality, or impact employee and client data. In turn, this can cause serious harm to a company’s reputation. With increased digitization through Artificial Intelligence (AI), manufacturers are now more vulnerable to cyber threats due to its rapid proliferation and ability to tailor attacks, exploiting unpatched machines and supply chains.
However, with greater risks comes improved regulation. The UK government recently announced it will pass a new Cyber Security and Resilience Bill to ensure digital services and supply chains are protected against the growing prevalence of supply-side attacks, where malicious actors enter networks via third-party suppliers.
The Threat Landscape
The reliance of many manufacturing businesses on legacy infrastructure and protocols make them vulnerable, tempting and lucrative targets for cyber criminals. Indeed, unpatched machines and supply chains represent particularly enticing targets for these threat actors to exploit.
Exploiting unpatched machines results in both zero-day attacks and attacks on known vulnerabilities that have yet to be fixed. Supply chain management attacks require greater sophistication but can be much more threatening. These attacks come from a vector upstream from the Industrial Control Systems (ICS) or Operational Technology (OT) realm. Systems are being built to be in use for long periods of time, which, in turn, makes upgrading or reconfiguring them more difficult.
Now, services such as Ransomware as a Service (RaaS) are being adopted by cyber criminals, causing huge disruption for businesses, incurring high costs, as well as halting production lines resulting in substantial financial losses.
The weaponization of AI, which can fully automate all stages of a cyber attack, has only increased the volume and scale of attacks, presenting a pressing and sophisticated threat to the cyber landscape. This is particularly dangerous given the rise in reliance on supply chains where third-party components, libraries, and software are broadening and thinning the security of many industries, including manufacturing. Additionally, poorly secured IoT devices can be entry points to cyber criminals introducing new vulnerabilities in the manufacturing process.
As a result of this ongoing threat facing the sector, manufacturers are under significant pressure to ensure their products are secure by design.
Security-by-Design and Threat Modeling
Embedding security in software design from the outset allows manufacturers to fully understand a device's security and make more informed decisions about the necessary safeguarding measures they need to take. To do this, software must be analyzed for potential risks to determine the most effective ways to mitigate them. This process is called threat modeling, and simply put, is about looking at the software design and asking Adam Shostack’s four questions:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good enough job?
Deploying threat modeling at the design stage of software development should be the minimum standard for security, and is the best way to mitigate and identify vulnerabilities in the development of software.
Another effective strategy to mitigate risks is employee training. Misconfigurations and phishing are some of the biggest threats to OT and IC systems, yet both can be eliminated through training. Everyone who has access to the systems must be trained in how to watch out for malicious actors coming after them, and system admins need to have quality training on how to configure and secure their systems properly.
In real-time, manufacturers can detect and respond to cyber threats depending on their ability to monitor their network for anomalies. When it comes to responding, effective execution of a response plan depends on all of the main players fully understanding their role. Too often, an organization looks to its cybersecurity team when, in practice, success depends on cooperation with other business units.
It is not good enough simply to have an Incident Response Plan – this must be tested regularly. It is also a good idea to have it out-of-band so it isn’t compromised in the event of ransomware or a system outage.
Additionally, network segmentation is essential because it allows for proper network controls and inspection of network traffic. It ensures that only the correct source networks are getting to the intended destinations. The most network segmentation possible that still allows for business functionality and proper administration is the right amount.
However, access to the network endpoints must be balanced between business functionality and security. Ultimately, technology must enable business, and being too heavy-handed can stifle growth in the name of security. Security teams need to acknowledge that and ensure that access and network segmentation work in ways that enable business, rather than hinder it.
The manufacturing sector will continue to be a prime target for cyber criminals. However, by understanding the nature of these threats and implementing comprehensive cybersecurity measures through secure design and threat modeling, employee training, and network segmentation, manufacturers can protect themselves and their supply chains.