The ongoing digital transformation of traditional industrial practices is often referred to as the “Fourth Industrial Revolution” or simply Industry 4.0. In this new era, managers are able to leverage technologies like Big Data, Machine Learning, IIoT, Artificial Intelligence and Virtual Reality for more informed decision-making.
Yet as with every great revolution, Industry 4.0 has its downsides. For instance, the risk of key components of a company’s network coming under cyber attack has increased significantly because of Industry 4.0 connectivity, making sophisticated cybersecurity an essential part of industrial control systems (ICS). Today, there are far fewer solitary industrial systems. Previously isolated systems are now connected to Ethernet-based networks, which eventually exposes them to the Internet and presents the risk of cyberattacks.
Cyberattacks in any industry are extremely costly. In 2023, the average global cost of a data breach was $4.45 million, an increase of 15% over the previous three years. Unfortunately, cybercrime is predicted to increase exponentially as manufacturers connect more devices and systems to scale their networks, creating an expanded threat surface for hackers. Once they are in, hackers can wreak havoc or interrupt the production process in a number of ways, such as simulating a motor functioning properly when it is not, or modifying PLC firmware to damage production line quality. Worse yet, they can navigate from the OT to the enterprise IT network to seek intellectual property information, customer lists, financial balance sheets and other sensitive company data.
In this article, we look at industrial cyber threats and delve into strategies to blunt attackers. Additionally, we examine how industrial Ethernet switches can help safeguard Industry 4.0 networks from intruders.
The Nature of Cybersecurity Threats
First off, what is cybersecurity? According to the U.S. Cybersecurity & Infrastructure Security Agency, "Cybersecurity is the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information.” In an industrial setting, cybersecurity involves locking down ICS systems with an iron-clad strategy that prevents hackers from inflicting harm on productivity, assets, profits and reputation.
Cyberattacks come in many forms. These can include malware (viruses, worms, Trojan horses), email phishing scams, Distributed Denial-of-Service attacks, SQL injection, Man-in-the-Middle attacks and session hijacking, among others. Ransomware— software that prevents users from accessing files unless a ransom is paid— has spread like wildfire over the world and has become the "go-to" method of attack on industrial control systems. Industry 4.0’s convergence of IT and OT gives hackers access across an entire enterprise by exploiting system vulnerabilities, meaning more opportunities to find data to place a ransom on.
Improving Network Resistance
Any company, regardless of industry or size, can become the target of cybercriminals if it possesses something that will advance a cybercriminal’s goals, be it financial or ideological. Small companies are often more vulnerable to insider threats because they lack basic cybersecurity and face insurmountable costs addressing compromised data, customer loss and regulatory penalties.
Big or small, every company needs to remain vigilant. Below are actions businesses can take to improve their overall cybersecurity posture.
- Segment OT and IT. By doing this, you’ll ensure that the harm caused by an attack will remain contained inside the "zone" that was violated, while still allowing safe data flow between IT and OT.
- Use multi-factor authentication: All internal sensitive data and services and externally facing authentication portals should employ MFA. With the use of this technology, accounts are kept secure even when passwords are cracked.
- Secure applications: Prioritize whitelisting and properly install malware configure applications that can run containerized malicious code.
- Create stronger passwords: Passwords ought to be at least 12 characters long and contain alphabetic, numeric and special characters.
- Hire OT cybersecurity pros: Traditionally, cybersecurity internal operations has been a function of the IT department. With OT infrastructure and connected devices growing in complexity and connectivity, it is playing with fire to not to have knowledgeable employees overseeing OT cybersecurity in alignment and communication with IT and business leadership.
- Determine baseline behavior: Baselining will establish normal behavior of the network to enable the detection of abnormal behavior down the line.
- Install firewalls: Installing firewalls, a network essential, can stop some malware attack vectors by preventing harmful traffic from getting into a system and by limiting unnecessary outbound interactions with malicious software.
- Develop threat intelligence: You must stay informed about the most recent ICS attack techniques and the best ways to protect against them. Do so by regularly collecting, processing and analyzing available data to better understand a cybercriminal’s motives, targets and attack behavior.
- Implement defense in depth: The ISA/IEC 62443 family of standards, which outline the prerequisites and procedures for setting up and maintaining electronically secure industrial automation and control systems (IACS), codified the defense in depth concept. These guidelines provide security best practices and offer a mechanism to gauge the security measures' performance.
- Maintain networks: This entails using security-focused protocols, maintaining patch management procedures and updating firmware. Doing so will keep attackers from taking advantage of known problems or exploit vulnerabilities. Installation of outdated software or the absence of operating systems that are adequately supported for older automation models are two factors that contribute to vulnerabilities in industrial facilities.
- Incident response plan: Create an IR plan and ensure that all impacted employees receive regular training and evaluations on it. In the event of a data breach or other type of security incident, your organization should follow the steps outlined in the IR plan to control damage and costs.
- Employee awareness: Every employee in your organization needs ongoing training in order to identify malicious assaults on the network and, if targeted, respond with best practices. At the top of the training should be how to avoid email and web attacks and phishing attacks, scams that remain the most common form of stealing employee credentials and gaining unauthorized access to networks.
In order to spot any malicious behavior, it is crucial to monitor and examine endpoint AV/EDR logs and traffic logs. Also, check your domain controllers for increased burst activity and your protocol communications for suspicious network behavior. Finally, to spot odd trends, examine communications between PLCs and internal/external destinations.
What If Your Networks Are Attacked
If your plant is the target of a cyber assault and your production environment or industrial machinery/data systems are compromised, what should you do?
The ideal scenario is to have the personnel and software solutions in place to enable a quick response in accordance with a systematic, standardized plan of action, i.e., the incident response plan. First, identify the threat — the source of the attack, whether it be a virus, malware or illegal remote access, must be found. Next, the attack must be brought to the attention of stakeholders. They can ensure that users on the affected network are alerted so they may reduce losses, while users on clean networks can aid in halting the spread of cyberattacks.
The next step is to isolate infected networks and study to see if the nature of the cyberattack has exposed any new vulnerabilities in the IT/OT infrastructure that will give hackers access to cyber-physical systems in the future. Once these steps are taken, you can return systems to their functioning state and a recovery strategy can be put into action.
Are Industrial Ethernet Switches Safe
Industrial Ethernet Switches are essential components of industrial processes used to connect devices in manufacturing plants, agricultural operations, production facilities, assembly lines, utilities, oil refineries and other critical infrastructure.
There are vulnerabilities in Industrial Ethernet Switches that you should be aware of. These have been exploited by hackers to gain access to networks with major repercussions on connected industrial assets. Flaws include the use of default passwords, hard-coded encryption keys and the lack of proper authentication for firmware updates, among others. A flaw as simple as leaving an industrial switch port open and unprotected can allow anyone with a laptop to plug in and find a pathway into a manufacturer’s OT or IT platforms.
These vulnerabilities are more pronounced in unmanaged industrial switches. An unmanaged industrial ethernet switch will lack overlapping layers for control over traffic or what devices can be connected to it.
Conversely, managed industrial Ethernet switches offer improved risk protection thanks to features like multi-level user access control, enhanced password encryption capabilities, MAC security and variable password length. After a predetermined number of unsuccessful access attempts, managed switches can also be programmed to automatically revoke user or port credentials.