Building a Resilient Manufacturing Environment Through Zero Trust OT Cybersecurity Controls
Published 09/23/2024
Originally published by CXO REvolutionaries.
Written by Suvabrata Sinha, CISO in Residence, Zscaler.
Introduction
In the past five years, multiple crises and disruptions have introduced a new word to the lexicon: “resilient manufacturing.” This is an approach not pivoted on cost, productivity, or profitability, but rather on the ability of a manufacturing organisation to continue to function in the face of unexpected conditions and adverse eventualities. Organisations, and to a lesser extent, customers have appreciated that a necessarily higher price is an acceptable outcome to maintain reliable production, supply chain, and availability of products and services.
IT and resilient manufacturing
While the volatility of common factors of production (viz. material input, labour, equipment, interest rates) have played a part in increasing the fragility of this ecosystem, now there is a new actor, cyber threats, that can take down critical IT systems and Operational Technology, which keeps production humming.
In recent years, we have seen examples of large automotive plants forced to stop production due to compromised Industrial Control Systems (ICS), operations stoppages caused by a ransomware attack on a critical supplier, and loss of secret designs and other intellectual property from a downstream manufacturing partner. As these examples illustrate, OT and ICS have become a critical actor in maintaining resilient operations.
Hackers and bad actors are increasingly finding new paths into manufacturing networks as digitalization eats into all systems and processes. Even high tech manufacturing often runs on legacy IT systems (don’t fix what’s not broken) which are indefensible and old OT/ ICS which were never designed to be networked but are now connected to the internet. Unfortunately, most of their legacy tech can’t be fixed or secured for a variety of technical and organisational reasons.
Hackers have a free run over the enterprise anywhere they can find vintage, insecure network architecture and can compromise a single (amongst a myriad) insecure system like a connected air-conditioning unit. Pairing insecure systems with overworked, understaffed, and stressed security and operations teams means leaders at these enterprises face an uphill battle.
CXO challenges
The principal challenges faced by CISOs and CIOs include:
- Legacy factories and production facilities - As discussed above, CISOs deal with securing old assets with “unfixable” configurations, equipment (e.g., industrial robot with Windows Vista management station) that can’t be updated without replacing the entire system, and insecure factory network running “protocols” with known vulnerabilities.
- Insecure, unprepared, and (at worst) apathetic upstream supply chain partners - A supply “chain” , like any other chain, is as strong as its weakest link. A supplier impacted by ransomware and production outage will disrupt product, or at worst, may infect other partners through IT and network integration causing wider outage.
- Insecure downstream distributors or even customers - This is similar to the risks above but can have a higher adverse impact than organisations estimate. If critical distribution centres or customers get compromised and declare their inability to “receive supplies” or already contracted sales, limited on-site storage and warehousing capacity may result in slowdown of production or expensive third-party storage centres.
- Data loss and risk to intellectual property - the manufacturing process often involves exchanges of confidential data and intellectual property like design files, and engineering and metallurgical data. Attackers deem factory environments as the “path of least resistance” to steal them rather than spending resources breaching corporate file repositories or secure labs and R&D facilities.
Four steps to boost cyber resilience
Given these challenges, what approaches can a CIO or CISO take to promote a manufacturing ecosystem that is resilient to cyber threats?
- Zero trust - Adopt the same zero trust approach to manufacturing environments that is now getting so much traction in the rest of the corporate world. All networked OT assets, factory users, cloud services, equipment, and support engineers remotely logging in to service OT assets need to be verified before being trusted. It’s not easy, but it is the only way to get a highly secure environment with a good degree of assurance on control effectiveness.
- Assume breach - In my experience, the manufacturing environments are the last bastions of “can’t-happen-here” even in the face of increasingly frequent evidence that it can get compromised. It does happen and it is probably an easier task for bad actors once they identify a target and start scoping out the attack surface. Factory and manufacturing operations leaders need to accept that a breach can happen, and prepare meaningful operational and technical steps to minimise the damage in case there is a compromise to a single factory, single assembly line, or single station and practice recovery operations at periodic intervals.
- Secure your confidential data and IP through the production pipelines - Transmitting and storing confidential design files and other confidential IP in inherently insecure manufacturing and OT systems exposes the crown jewels to unauthorised access and exfiltration. It’s critical to identify these transmission paths and storage points and an appropriate remedy is applied to secure them. These include data loss prevention (DLP) tools where viable, process changes where it is not and as a last resort, consciously accepting the residual risk. However implementing a factory-wide zero trust program will significantly reduce the residual risk.
- Test and verify - “Planning has many parents, but testing is an orphan” is an old adage in the technology world. After all, a ransomware “kill switch” is worth having only if key actors know how to make it work (hint: it’s not red and made of plastic in a glass case). However the success of any cybersecurity and risk reduction program lies in periodic testing and a building a positive culture that celebrates that tests are a learning opportunity, not a forum to assign blame. A virtuous cycle of continuous testing and incremental improvement will go a long way in building a secure and resilient manufacturing environment.
Related Resources
Related Articles:
AI-Powered Cybersecurity: Safeguarding the Media Industry
Published: 11/20/2024
Zero Standing Privileges (ZSP): Vendor Myths vs. Reality
Published: 11/15/2024
5 Best Practices for Executive Reporting
Published: 11/13/2024