The pursuit of digital transformation in the manufacturing industry has risen rapidly. Manufacturers are exploring advanced technologies and solutions, including automation, data-driven optimisation, and advanced analytics. These digital tools are streamlining processes, enabling the sharing of data, and offering greater efficiency.
In 2021, the Singapore government announced a vision to grow the manufacturing sector by 50% over the next 10 years. With the government’s efforts to push Singapore as a global business innovation and talent hub for advanced manufacturing, local manufacturers are prompted to harness DX and gradually invest in reskilling. With the integration and interconnectedness of operation technology (OT) systems and information technology (IT) systems, smart manufacturing has become a prominent target for cyber attackers.
Historically, plant operators and security teams rely on the “air gap” between OT devices and an organization’s IT network, serving as a security countermeasure to create an impenetrable barrier from malicious attacks. Being invisible to cyber attackers may seem to be a huge security advantage, but it has been proven that the air gap can no longer be used as the sole security solution in today’s smart manufacturing cyber landscape.
The result of dissolving the air gap is an exponential increase in cybersecurity incidents. A Forrester Consulting study commissioned by Armis found that “66% of manufacturers have experienced a security incident related to IoT devices over the past two years.” In 2020, the average cost of a breach was $3.86 million, so these incidents can quickly undermine the return on investment (ROI) from smart manufacturing technology.
To benefit from DX without exposing the organization to additional cybersecurity risks, understanding the unique security risks and vulnerabilities of IIoT devices and how to address them is important.
OS differences
Many legacy OT devices run on older operating systems that get few to no updates, while new IIoT devices offer a dozen of different options to choose from. That flexibility may be great in some regards, but it can complicate security management of OS statuses, vulnerabilities, updates, and alerts, especially when organizations or plants run different devices on different operating systems.
Installation and oversight differences
Typically, the IT department should oversee any IT devices that are connected to a network. However, IIoT devices such as environmental sensors, equipment vibration sensors, and remote video cameras are often marketed as easy and fast to install with no wiring or coding required, best suited for busy plant managers. Hence, this leads to the creation of IoT networks that are essentially “shadow IT” within the larger environment. This raises the risk that OS, app, or communication vulnerabilities and incidents will go unnoticed by the security team.
OT devices went invisible
IT scans are designed to look for and probe active agented devices on the network. However, most OT/IIoT devices cannot accommodate agents, and scans that probe their OS and apps can disrupt their functions, causing them to fail. Hence, many devices do not appear on traditional IT network monitoring tools, and the use of scans can interfere with the way the devices work, further complicating OT and IIoT security.
Digital OT equipment exposed to cyber attacks
Organized criminals and state-sponsored attackers are well aware that smart devices can often act as points of vulnerability to compromise. For example, Armis uncovered 11 zero-day vulnerabilities in VxWorks that left devices open to remote code execution, data leaks, denial of service, and firewall bypass for access to the wider network. However, as of December 2020, 97% of the affected devices still remain unpatched.
Such vulnerabilities put organizations at serious risk for theft of customer and business data, sabotage of operations and databases, and ransomware attacks. Recovering from these attacks is costly and can take months or years to identify all the damage and rebuild customer, vendor, and investor trust.
Core elements of OT and smart manufacturing cybersecurity
As an organization’s smart manufacturing plan starts leveraging customer device data, security is critical for customer experience, brand reputation, and liability protection in the event of an incident. A comprehensive smart device security program will include:
- Agentless and passive monitoring capabilities to see every device in the environment while protecting OT device function
- Continuous device activity and communication monitoring for rapid anomaly detection and response
- Risk assessment and scoring to help your security team prioritize responses
- Automated alert and update options
- Easy integration with IT security monitoring for a single source of truth
While the fourth industrial revolution, Industry 4.0, heralds an era of tremendous innovation, the connected nature of smart factories is exposed to rising cybersecurity risks. It is true that keeping systems off the public internet will strengthen security posture, but vulnerabilities are also introduced when operators connect Industrial Internet of Things (IIoT) and OT equipment to IT networks and cloud-based solutions. As Singapore works toward achieving the 2030 manufacturing vision, manufacturers need to reskill their workforce. It has become crucial for the next generation of plant operators and talents to understand the security risks associated with OT and IIoT devices, ensuring that OT security maintains pace.
(About the Author: Alex is the Senior Vice-President, Global Enablement at Armis with over two decades of experience implementing innovative sales and performance-focused solutions that help organizations identify new opportunities, maximize revenue growth, and strengthen relationships across complex enterprise environments.)
