Manufacturing has benefited from digitalization, but with increased digital footprints comes the increased risks of cyberattacks. The sector has been the most commonly affected industry by cyberattacks for the second year in a row. The number of ransomware attacks on industrial infrastructure more than doubled in 2022 alone, potentially having a systemic effect on supply deliveries. Cyberattacks can disrupt industries and supply chains, leading to losses in revenue and productivity that can harm a company’s reputation.
Since manufacturing is a vital part of the nation’s critical infrastructure, cyber resilience has become an essential concept for the sector. According to the US Department of Homeland Security, cyber resilience ensures that corporate systems continue to carry out crucial tasks in the face of a cyberattack.
The Importance of Manufacturing
The manufacturing sector includes many societally essential industries. Consumer products, electronics, automobiles, pharmaceuticals, food and beverage, and heavy industries, all contribute to global circular economies in this way.
Production facilities in the industrial ecosystem are dispersed globally; every manufacturer also serves as a consumer and vice versa. As a result, a cyberattack on one organization might have an expensive knock-on effect throughout the ecosystem.
The ensuing threats are systemic, contagious, and frequently out of the grasp of any one entity’s comprehension or control. According to recent research, 98% of firms have relationships with third parties that have been compromised.
Globally, manufacturing companies now operate more efficiently and productively thanks to the expansion of cutting-edge technologies like the Industrial Internet of Things (IoT) and robotic process automation (RPA), as well as increased digitalization and connectivity brought on by the fourth industrial revolution.
However, this development has also made the manufacturing ecosystem more vulnerable to online threats. Considering the current pace of cyberattacks affecting the industry and the fact that cybercrime is expected to be one of the key global risks in the next two to 10 years, manufacturers must work to minimize the impact these threats pose.
The Evolving Cyber-Threat Landscape
According to a study, phishing attacks, ransomware, intellectual property (IP) theft, supply chain attacks, and Industrial IoT attacks are the industry’s top dangers. According to other research, victims in the manufacturing industry made up 30% of extortion-related events in 2022.
There are many factors contributing to the evolution of today’s cyber-threat landscape in the manufacturing sector:
- To escape detection, improve their success rate, and maximize the profits from ransomware assaults, threat actors constantly modify their strategies. They operationalize as a crime-as-a-service; they spy on potential victims to learn more about the operations; they launch targeted spear-phishing attacks and use initial access brokers for quick ransomware attacks to accomplish these goals.
- Cyberattacks are carried out for reasons that go beyond monetary gain. Geopolitical instability may fuel more targeted and sophisticated tactics against operational technology (OT) environments, while attacks may have a variety of motivations, such as ideological or political ones.
- The interconnectedness of businesses worldwide, the increased use of traditional cyber-threat countermeasures, and advancements in basic cybersecurity all push threats into the supply chain. Threat actors use innovative strategies to target supply chains, including cloud services, hardware, and software.
The merging of the IT and OT domains, resulting vulnerabilities, and the aforementioned external variables contribute to the growing attack surface.
Historically, manufacturing businesses had separate IT and OT environments. Because of IT and OT merging, previously isolated systems and processes are now subject to the same cyber threats as the online IT world. Manufacturing companies work in a highly integrated environment of vital infrastructures and supply chains and are no longer standalone enterprises.
Although manufacturers must integrate OT and IT security for effective risk management, OT and IT security silos pose risks and complicate matters. A Ponemon survey shows that less than half of organizations do not have aligned IT and OT cybersecurity procedures and policies, despite the requirement for coordinated security. The cultural and technological disparities between the IT and OT teams are the underlying causes of this mismatch. The need for more qualified talent worsens the IT-OT behavior gap.
These significant variations have an impact on how IT and OT are managed. Reliability and availability are the core objectives of OT, which presents a massive problem in a sector where maintenance windows for vital systems can be severely constrained, limiting the amount of time security teams have to test and deliver critical fixes. According to a 2020 study, firms in the manufacturing sector take twice as long as other enterprises to remediate risks. Uptime at any cost is unrealistic because OT hazards can jeopardize human health, safety, and corporate operations.
The Importance of Cyber Resilience
The manufacturing industry must become cyber resilient to protect itself from the evolving threat landscape and benefit from digitization. Cyber resilience differs from cybersecurity because its capabilities continue to work even after an attacker has breached a network’s security perimeter to compromise cyber assets.
For organizations, an investment in cyber resilience strengthens and improves their ability to withstand attacks and ultimately prevents interruptions and revenue losses. It also benefits society at large. Businesses that manage these infrastructures know that the closure of their activities may affect the entire region in which they are located.
Legislative Initiatives for Resilient Cyber Manufacturing
Governments and businesses have recognized the advantages of a cyber-resilient manufacturing sector and adopted several legislative actions.
The Cyber Resilience Act is a new legislative proposal that would impose strict cybersecurity standards on hardware and software products throughout their entire lifecycle in the European Union. Additionally, the NIS 2 and Critical Entities Resilience (CER) directives categorize specific manufacturing industries as critical or “essential entities,” necessitating that they manage their security risks and take steps to prevent or lessen the effects of incidents on their customers.
The United States government recently unveiled a national cybersecurity strategy, where numerous federal laws have been enforced on particular industries like water, transportation, and pipelines. The National Institute of Standards and Technology (NIST) produced implementation details for the manufacturing environment and established a cybersecurity framework for vital infrastructure, which is continually being updated.
Many people believe the ISA/IEC 62443 is the most essential cybersecurity standard for industrial control systems, yet it is complicated. Nine standards, technical reports, and technical specifications are now included. The SANS Institute highlighted five ICS cybersecurity critical controls to benefit the industry.
The patchwork of regulations and standards surrounding manufacturing cybersecurity and resilience provide the guardrails for the respective organizations. However, most requirements are prescriptive since every organization is different and faces unique challenges in its environment. Hence, manufacturing organizations must adapt and supplement the described measures to fit the business risks.
Roadmap to Cyber Resilience
The development of cyber resilience requires ongoing work. It is a continuous process because the threat landscape and technological advancements constantly evolve. Levels of awareness have increased because of recent prominent attacks and breaches.
First, businesses need to gain a better understanding of their systems. Building resilience begins with knowledge of operations, risks, and solutions. Owners and operators of these systems must create high-fidelity baselines for the network’s devices and recognize even minor behavioral anomalies to achieve adequate visibility. Such minute adjustments may portend dangers and create dangerous circumstances.
Maintaining visibility and understanding of the critical IT and OT ecosystems is crucial for containing cyberattacks against these systems. History teaches us that attackers often target the IT systems and then they move laterally into the OT domain to disrupt vital operations. The perception that IT and OT systems are air-gapped is mistaken and may lead to wrong decision-making.
The second step is for businesses to adopt a zero-trust philosophy and architecture. Compared to now, networks were much less connected when most industrial OT systems were created. However, OT and IT systems are rapidly converging in the digital age. Organizations can switch from a “trust but verify” mentality to a “verify first” strategy to meet the shifting situation. Threat actors are getting better at abusing trust. Defense-in-depth tactics and proactive threat detection can help assure quick threat detection and containment to stop lateral movement and lessen the damage of an attack.
Finally, organizations should study previous attacks on businesses, which can serve as case studies for the significance of developing resilience. Even though it is challenging to predict these events, manufacturing businesses can do many things to prepare for them. Organizations must increase their systems’ responsiveness, control, and speedy recovery. These tools can help you decide how to react to a significant disruptive incident. It can make all the difference to consider adding redundancy at critical places in advance. In a crisis, time is of the essence. Organizations must prepare by learning what to do, building the necessary skills, and practicing crisis response procedures.
How Can Fortra Help?
Fortra’s portfolio of security solutions can help manufacturing owners become resilient against increasing cyber threats. Many high-profile industrial companies trust Fortra because we’re creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions.
Fortra’s Tripwire Industrial Visibility offers the understanding manufacturing needs to map networks, fix vulnerabilities sooner, facilitate secure IT-OT integration, and automate security controls.
Fortra’s Vera digital rights management solution combined with Fortra’s GoAnywhere secure file transfer allows manufacturing businesses to protect their valuable Intellectual Property to ensure only authorized individuals can access files at all times.
Fortra’s data protection solutions enable manufacturers to protect sensitive data and intellectual property such as blueprints and CAD schematics, which can become the target of cyber and industrial espionage attacks.
Fortra’s vulnerability management solutions help industrial organizations identify and quantify the security vulnerabilities in their system, so they can make improvements that reduce risks.
Finally, as phishing is the number one threat to email security, Fortra’s anti-phishing and email security software can help manufacturers keep emails, brands, and data safe from sophisticated phishing attacks, insider threats, and accidental data loss. In addition, manufacturing businesses can continuously train their employees on detecting phishing attacks via phishing simulations offered by Fortra’s Terranova Security.