As advanced as manufacturing is becoming — with interconnected systems and data running factories, production and the supply chain — cybersecurity should be a concern for every manufacturer. Andrew Ginter, vice president of industrial security at Waterfall Security Solutions, took some time to answer our questions about the biggest cybersecurity problems manufacturers should be mindful of this year.
Manufacturing Business Technology: What are the biggest cybersecurity problems facing manufacturing in 2016?
Andrew Ginter: Indiscriminate internetworking is the biggest problem facing manufacturing today. To reap the benefits of IT/OT integration and the industrial Internet of Things, we continue to connect networks together — networks that operate at very different levels of trust. We deploy firewalls and encryption thinking that if they are enough to keep us safe on IT networks, they must be sufficient for our OT networks. The problem is that every message might be an attack, whether plain text or encrypted, and the consequences of attacks on manufacturing networks are unacceptable. If an attacker tampers with the setpoint on a pasteurization unit, we produce product that can make people sick. If an attacker tampers with an automobile robot, we produce incorrect components that can trigger massive recalls when the flaws are discovered down the road. Unlike IT computers, we can’t “restore from backup” any damaged products.
The consequences of indiscriminate Internetworking are compounded with poor understanding of modern attacks and the limitations of security measures. Vendors and manufacturers see the vision for the future of the industrial Internet as, “just take it out of the box, plug it all together, and it all works, securely.” Encryption, authentication and “root of trust” are held up as the way to make this vision a reality. However, this vision ignores the risk of platform-level compromise. If an attacker hacks into a bug in the encryption libraries, it doesn’t matter how long the encryption key is. If that hacker takes over the laptop doing remote control across the Internet, that attacker can send incorrect commands right through the trusted, authenticated, encrypted connection.
MBT: But we've used firewalls forever - how can they suddenly be not good enough?
Ginter: Firewalls were never enough — that’s why we all deploy anti-virus systems, complex passwords, security updates and encryption. More fundamentally, attack technology only gets more sophisticated over time, like every other software technology. Firewalls have been with us for 30 years. Of course the bad guys know how to get through them. All this is why best-practice advice all holds up intrusion detection systems as the crown of every defense-in-depth security program. And intrusion detection might even be the way forward for IT networks. The problem is that intrusion detection systems take time. A recent Ponemon survey showed that the average intrusion takes more than two months to detect and longer to remediate. The worst case takes much longer. For all that time, an attacker has remote control of equipment in our manufacturing facilities. This is unacceptable.
MBT: What should IoT manufacturers be doing?
Ginter: The latest thinking in manufacturing cybersecurity is being baked into the new security framework the Industrial Internet Consortium is developing. That framework recognizes that increased Internetworking is essential to the automation revolution we are at the beginning of with the Industrial Internet of Things (IIoT), and that such internetworking is revolutionizing attack technology as well. The framework recognizes that there will always be more to security than what is possible “out of the box.” Controlling the movement of data and messages between networks is vital, especially when messages are passing between dramatically different trust levels. For example, safety systems need much better protection than throw-away environmental monitoring sensors.
MBT: And how are we preventing those attacks, if firewalls aren't the way?
Ginter: Firewalls are fine for IT networks, and for internal segmentation within networks at the same level of trust. But when we jump between levels of trust — between the IT network and the manufacturing network, or between the manufacturing network and a safety network — we need something stronger. We see manufacturers increasingly using unidirectional security gateway technology. The gateways physically permit information to flow in one direction, and physically block anything at all travelling in the other direction. Unidirectional gateways permit continuous monitoring of manufacturing networks from IT, or from the open Internet, without allowing any attack to flow back into manufacturing, safety and other cyber-physical networks.
When information does need to flow back into protected networks, scheduled unidirectional “flip” technology or “inbound gateways” can be used to provide much stronger protection than firewalls. Fundamentally, firewalls forward messages, and again, every message can contain an attack. Unidirectional gateways replicate servers unidirectionally, without ever forwarding a message from a less-trusted network to a more-trusted network.
MBT: What are some of the cybersecurity mistakes manufacturers might be making without realizing it?
Ginter: The biggest mistake I see routinely is an overemphasis on vulnerabilities in cyber-risk assessments, rather than attacks. The thinking seems to be, “if we can eliminate all vulnerabilities, then we are completely secure.” This quickly evolves into, “quick, patch all the software.” There are many more vulnerabilities in most manufacturing networks than there are known bugs in software. We need to start pulling attack specialists into our risk assessments. Show them the physical and cyber designs for our manufacturing systems, explain the worst physical consequences possible with these systems, and ask how they would attack our systems to bring about those consequences.
When attack specialists come up against firewalls, they call on their pivot-through-firewall tools. When attack specialists come up against unidirectional gateways, they throw out entire categories of attacks and tools that are no longer feasible through the gateways. To design credible defenses, we need to understand what attack tools and techniques our enemies are using.
Andrew Ginter is the vice president of industrial security at Waterfall Security Solutions.