Two Steps to Adopting Cyber Security Best Practices for Manufacturing

Two Steps to Adopting Cyber Security Best Practices for Manufacturing

The manufacturing environment is changing fast. Innovation and automation are unlocking efficiencies and growth potential, but the new technologies driving digitization also increase exposure to cyber and other threats that can disrupt operations.

For example, interconnected and insecure devices, complex supply chains, valuable IP and a cyber security skills gap have left the industry vulnerable.

In addition, cyber security attacks have been primarily targeting critical infrastructure, leaving manufacturers to feel that their systems weren’t at risk. However, more recently, nation-state sponsored and other malicious hackers have turned their attention to manufacturing.

The recent IBM X-Force Threat Intelligence Index pegged manufacturing as the second most targeted industry for cyber incident and attacks.1 And, according to the Verizon’s 2019 Data Breach Investigations Report, intentional attacks on manufacturing by outsiders accounted for 70% of all breaches reported.2

Fortunately, emerging guidelines such as the NIST Cybersecurity Framework for Manufacturing and IEC 62443, along with advanced visibility and cyber security solutions can help manufacturers build resiliency fast.

The Cost of OT Cyber Security Incidents is Growing

For many manufacturers, the reality of their vulnerable state set in after the 2017 NotPetya malware attack inflicted $10 billion in damages globally. Factories around the world reported compromises to manufacturing and ordering systems, corporate IT networks, and throughout their supply chains.

One British consumer goods company, Reckitt Benckiser Group, suffered a shocking $117 million loss due to NotPetya, which equated to 1% of its annual sales. For more examples of the high cost of cyber security incidents, take a look at the resource below, “The Cost of OT Cyber Security Incidents”.

As mentioned, the increase in network weak spots, paired with an increase in malicious threat actors and attacks, makes for a risky combination.

But we’ve now reached a point where executives are prioritizing security across IT and OT, and manufacturers are taking proactive measures to protect their production lines and build operational resiliency. And, governments and other members of the security community are also collaborating to help defend factories. Let’s take a look at two of the steps involved in building plant resiliency.

Step One: Adopting a Cyber Security Framework

Regardless of your current security posture, following a cyber security framework and applying security best practices will make things a lot clearer when it comes to protecting vulnerable automation systems.

Security frameworks are meant to provide guidelines for manufacturers large and small to use to reduce their factory-wide cyber security risks. The two most well-known standards include:

  • NIST Cybersecurity Framework Manufacturing Profile: The U.S. government’s NIST (National Institute of Standards and Technology) Framework offers a roadmap for identifying opportunities to improve a manufacturer’s current cyber security posture, and evaluate their ability to manage their industrial control environment for risk. It also presents a standard approach for developing an ongoing cyber security plan.
  • IEC 62443: IEC 62443 provides a framework for addressing and mitigating security vulnerabilities in industrial automation and control systems. It outlines technical standards for the components used in industrial control systems, including embedded devices, network assets and software.
Governments, equipment vendors, and the security community are collaborating to help manufacturers
Governments, equipment vendors, and the security community are collaborating to help manufacturers by establishing standards such as NIST, IEC 62443 and other ICS-specific guidelines.

Right now, adoption of a security framework is voluntary. But as we’ve seen in other industries, an increase in incidents often highlights cyber security shortcomings. Typically, that’s eventually followed by a call for regulation.

Step Two: Translate Security Guidelines into Your Best Practices

After selecting a security framework to follow, the next step is putting it into practice. The best approach to detecting and neutralizing cyber risks and threats starts with manufacturers arming themselves with the right people, processes and technology.

Here are the four foundational items all manufacturers should tackle on their path to good cyber hygiene:

1. Leverage advanced technology. ICS security applications such as the Nozomi Networks operational visibility and cyber security solution can make is easy to translate security guidelines into security best practices. It comes with the core capabilities needed to follow many of the NIST guidelines around building plant resiliency, including:

  • Network visualization
  • Asset tracking
  • Network and ICS monitoring
  • Threat detection
  • Risk identification
  • Forensic and troubleshooting insights
  • IT/OT integration

2. Take an accurate inventory of all your network assets. A common phrase in the cyber security community is, “You can’t protect what you can’t see.” But, it’s easier said than done. Most networks expand over time, becoming larger and more complex. You need an accurate asset inventory to know what you have, where it lives and what it communicates with – all to ultimately understand its vulnerabilities and protect it. This information also enables you to properly segment your network for better security (see point #3).

3. Enforce network segmentation. Most organizations have deployed robust firewall perimeters to monitor incoming traffic and detect intrusions. But if a threat actor breaches the wall, the large, complex and interconnected nature of a network allows infections to spread like wildfire. By segmenting your network into zones, you can contain threats and mitigate issues faster. It’s also easier to monitor and detect anomalies or suspicious behavior, and control individual user access to specific areas.

4. Implement employee awareness and training programs. According to the recent 2019 SANS ICS Survey, there’s been a shift in how companies are maintaining network visibility and detecting cyber threats.3 As fewer companies outsource to third-party security consultants, internal teams assume the responsibility of flagging vulnerabilities. This requires added cyber security education and training for OT, IT and hybrid IT/OT teams, as well as higher levels of management engagement.

The Road to Operational Resiliency Through ICS Visibility and Cyber Security

As manufacturers digitize to find operational efficiencies, they’ll face other challenges besides adopting a cyber security framework – such as gaining visibility into their OT network and closing security gaps to avoid unplanned downtime.

I recommend downloading the industry brief “Manufacturing: Improving Operational Resiliency Through ICS Visibility and Cyber Security” to learn how to better navigate the winding road to manufacturing resiliency.