According to an IBM report on the state of digital manufacturing in 2021, manufacturers see cybersecurity as the top priority to help meet business goals. In a 2021 survey, 36 percent of manufacturing and production organizations reported experiencing ransomware attacks in 2020, and the average bill for remediating an attack was more than $1.5 million.
While it’s excellent news that manufacturing cybersecurity seems to be a priority, technology leaders must ensure they treat it as an ongoing practice. They must reassess their approach continuously as the pandemic, digital transformation, and an increasing prevalence of IoT contribute to a growing array of risk factors for manufacturing organizations.
Mounting Risks
Collaboration with supply chains and vendors presents many cybersecurity risks for manufacturing companies. As the pandemic continues to cause supply chain disruptions, supplier and consumer systems must be interlinked for smooth automation and communication. Manufacturing companies and their suppliers need information to flow seamlessly from one system to another. But these systems must be protected and trusted on both sides, or hackers may very well recognize the gaps in security and take advantage.
Remote work is another pandemic effect that opens the door to more risk. While modern technology has made granting remote access easier for organizations, it also makes things easier for hackers.
Many cybersecurity vulnerabilities in manufacturing stem from legacy end-of-life systems. For example, many machines run on Windows XP/2003, which Microsoft pulled support for years ago. Microsoft also ended support for Windows 7 in 2020, so manufacturing companies relying on this technology now face the same issue. These outdated systems are unpatched with no support, which can create vulnerabilities.
But replacing these systems comes at substantial upgrade costs. For example, if a packaging company that has machines controlled by Windows XP systems needs to replace these systems, it would require massive upgrades in the equipment itself. While upgrading the security alone would cost a few thousand dollars, upgrading equipment to run on a new system could cost tens of thousands.
Most manufacturing companies do not have the resources on hand to jump into those upgrades, and no company could pull it off overnight. While technology leaders should begin formulating plans to replace these systems soon, they must also prioritize protecting legacy systems from cybersecurity risks in the meantime. Manufacturing technology leaders can use a few techniques to secure legacy systems.
1. Segment your systems.
Many CISOs have been acutely aware of the need for segmentation. To accomplish it, they have turned to firewalls and the Purdue model for IoT, a hierarchical network for automation systems. Firewalls are practical and easy to deploy at the lowest levels of the IoT stack that typically have dedicated systems and point-to-point links.
However, as you move up the stack to higher levels, the environments tend to use off-the-shelf computers running on shared networks. Examples include historians, which collect data from many sensors, application servers that manage multiple programmable logic controllers, etc. These systems lend to more modern technologies for segmentation, such as firewall orchestrators or software-defined segmentation.
2. Implement application control.
Application controls help secure individual systems running operating systems that no longer have vendor support. Essentially, application controls allow manufacturers to allow list or blocklist applications, which is a simple and effective way to stop the run of ransomware or malicious software. With application control, you explicitly allow things you need the system to do. While it might not provide complete protection as ransomware in manufacturing becomes increasingly sophisticated, it offers significant protection for little investment.
3. Stop relying on VPNs for secure remote access.
VPNs weren’t developed for security. They were designed to allow remote access for business productivity and efficiency.
Indeed, as manufacturers have recognized the need to grant remote access to plants and specific systems within plants, they have relied on VPNs for productivity and efficiency purposes. But many hackers take advantage of remote access credentials, either through phishing or default credentials. The solution is to implement access technology that’s almost like an anti-VPN in the sense that it doesn’t give you access to the network, but it gives you secure access to a system and only to that system.
Many zero-trust network access, or ZTNA, technologies can help CISOs migrate away from VPN threats about granting remote access. The key to securing legacy systems is to prevent the movement of ransomware using segmentation and prevent the execution of ransomware with access control. You can then lock down remote access to systems using ZTNA instead of regular VPNs. Securing legacy systems should be your priority as they present the most risk, but these techniques can go a long way toward protecting all systems from cybersecurity threats.
Venky Raju is the Principal Solutions Architect at ColorTokens Inc., a SaaS-based Zero Trust cybersecurity solution provider.
