As the Industry Changes, the Cyber Risk in Manufacturing Changes, Too
The U.S. manufacturing industry has been in a state of change for a few years (as has the global industry). While overall manufacturing production in the U.S. doesn’t account for as much as it used to a few decades ago, the industry itself is starting to speed up. Machinery, processes, material supply, and other factors are becoming more available, advanced, and efficient.
Technology within manufacturing has also taken a leap forward despite the industry traditionally being years behind others. The Internet of Things (IoT) — a system of how data is shared via the Internet directly between devices we all use in our work and everyday lives — has opened up huge opportunities for manufacturers of all industries and sizes to better connect their equipment, processes, people, and even certain aspects of their facilities to produce more, produce faster, produce cheaper, and produce better.
This all seems like a great thing: more and more companies are keeping their operations domestic, leading to more jobs and higher incomes for workers. Companies are taking advantage of technologies that make work easier and produce better results. However, as we’ve seen many times recently, attackers are able to breach network security through less traditional means — i.e. through operational technology (OT), which consists of hardware and software that manages change in physical areas, such as robots and processes in a manufacturing facility (or, in the example above, the software monitoring temperature conditions in a Target store).
And yet despite the risks, manufacturers are trending toward convergence — the merging of OT into IoT. The benefits are tremendous: more advanced use of data, greater efficiencies and stronger processes on the shop floor, and overall better results across the board. But as the cyber risk for manufacturing continues to mount, it’s important to consider the ramifications of convergence without proper security. Let’s take a look at each area and the challenges they present to manufacturers.
The Cyber Challenges of Operational Technology
For manufacturers, operational technology consists of a wide variety of physical equipment, machines, sensors, and networks that control almost everything pertaining to the manufacturing process. This might include the system controlling the robots that assemble items, sensors that open and close certain valves, or controls for a rail that moves material and product throughout the assembly area. These systems are incredibly expensive, and often, they’re some of the oldest components within a manufacturing environment.
However, as the emphasis on metrics and analytics continues to increase, the desire to bring these older devices online to access better manufacturing data has increased, too. Unfortunately, because the physical machinery of a manufacturing facility can be costly to upgrade or outright replace with newer versions, the original machinery is networked together using those sensors and computer systems so it can be integrated via an IT/OT convergence strategy, thereby providing teams and leadership with the data they want.
However, this makes them a cyber risk for manufacturing companies because the original OT systems pose significant vulnerability. By bringing OT online to include it in an IoT strategy, companies are effectively opening the door to breaches that will be larger in scope than if they hadn’t. But because greater insights are wanted, OT is brought into the fold — and often in a way that’s not as secure.
Manufacturers must look beyond convergence for the sake of data and greater output to how OT and IoT can be unified in a secure, manageable way. While there are many benefits to convergence, they can quickly be nullified by a breach that has the potential to completely shut down your operations, leak critical data online, put customer and company information at risk, and cause the company to fall under heavy public scrutiny. We have two recommendations to help you address this upfront.
The first is to scan your existing networks for vulnerabilities. Note that this requires more than just a virus scan. There are a number of ways cybercriminals can access your system. Using a proper cybersecurity scanning solution, you’ll be able to look deeper and further than you would with off-the-shelf scanning systems. The second is to segment these networks and ensure they’re not accessible from the rest of your network. The cyber risk for manufacturing companies here is simply too great — if an attacker were able to access your OT via the rest of your system, they may be able to completely shut down your operations.
The Challenges of IoT for Manufacturing
The premise of IoT makes it a worthwhile endeavor for any manufacturing company: connecting your production to everything else to gain greater insights and make improvements. And while it’s nothing new, many manufacturing companies are still just hopping aboard the IoT train. And by many, we mean as much as 90 percent. Recently, professional services firm Sikich found in its annual report that less than 10 percent of surveyed manufacturers were using IoT in their operations. And only 30 percent even had a clear understanding of what IoT is.
This presents a huge opportunity for manufacturers and companies that can support them with IoT. By adopting an IoT strategy within their production environment, manufacturers stand to save significant resources on waste, dramatically improve operational efficiency, and gain a deeper understanding of how they’re making progress (or not). However, IoT security in manufacturing — and the risks associated with it — are just as significant.
With so many manufacturing companies not having a clear understanding of IoT or having any experience with adopting it in their environment, the risk of non-secure deployments and implementations skyrockets. It’s not just passwords and email phishing that could give cybercriminals access to your network anymore — it can be almost anything. There are a number of ways attackers can access manufacturers’ networks that go beyond human error, ranging from attacks that target legacy protocols to targeting robot operations themselves.
As more and more manufacturers begin to adopt IoT into their production environment, it will be critical to conduct vulnerability scans of existing networks in addition to any new network or connectivity being established for converging with OT. Each area — OT and IoT — isn’t on its own, either. A small vulnerability in one area could lead to a significant problem in another. But this is just the beginning, as a full-size vulnerability management program that includes IoT and OT support will be necessary.
A perfect example is an intentionally misused protocol that could disrupt robotic operations. If you’re not identifying the potential breach points for this key element of your manufacturing process, and a breach occurs, a shutdown of your robots immediately impacts your ability to produce, thereby harming revenue, ruining production schedules, damaging relationships, and causing many more problems for your business.
Identifying Cyber Risk for Manufacturing Companies is What We Do
MRK Technologies has been supporting manufacturing companies nationwide for years. We understand manufacturers’ desire to transition their businesses and operations to the next level, and that a key component of such a strategy is a reliable, secure network. If you’ve been considering converging your OT into an IoT strategy or simply want to eliminate as much cyber risk for manufacturing from your network, our expert team is here to help. Contact us below to learn more about our support for manufacturing companies.