Spear-phishing. Drive-by downloads. Watering hole attacks. Wrappers The language may be captivating and even amusing, but the reality it represents is not so alluring. While the novel coronavirus has introduced fresh concerns for manufacturers, cyber threats have never gone away. And as bad guys become more cunning, manufacturers must scramble to stay ahead of them even as they navigate new public health and economic uncertainties.
Why has the threat of cyber terrorism risen dramatically in recent years? A key reason is that the successful convergence of information technology and operations technology – so critical to reaping the rewards of Industry 4.0 – has also opened the back door to cybercriminals. A new report, Securing Critical Operational Technology in Manufacturing, by the Manufacturers Alliance (MAPI) and cybersecurity firm Fortinet found that operational technology security at large manufacturers is considered a top-five business risk, yet there remains high variability in corporate security practices and capabilities, including activities for monitoring and responding.
It’s worth a brief review of the evolution of cyber terrorism. A few years back, former CIA and National Security Agency chief Mike Hayden warned our members that the risk to manufacturers was diversifying and escalating quickly. First-generation cyberattacks had involved the theft of personal identities and money. But enhanced connectivity on shop floors around the world changed the profile of the bad guys. Second-generation thieves started targeting companies’ intellectual property (IP) so they could either make counterfeit products, sell the information, or use the IP to jump-start their own designs. Next, rogue nation-states like North Korea, Iran, and Russia found success in disrupting not just political processes but individual businesses in other countries. Finally, perhaps most dangerous of all because of the difficulty in tracking them down, individual hacktivists emerged, dedicated to creating chaos in government and business systems around the world.
And now manufacturers are more vulnerable than ever. As the Industrial Internet of Things creates highly complex networks, manufacturers are exposed to a far greater variety of risks. Not only are their internal systems now connecting outside the factory walls with assets not designed for data connectivity, the so-called “attack surface” continues to grow exponentially with the growth in the wireless transfer of data, third-party access, and interconnected supply chains.
The study found rapidly changing attitudes and approaches to this business menace. For example, a majority of companies told us that over the past 12 months, they faced at least one specific security incident that resulted in unauthorized access to data – a sizable jump from just a few years ago. For those who experienced a breach, the most commonly reported setback was operational outages affecting productivity.
Manufacturers’ incidence levels aren’t the only thing inflating. As IT and OT converge and the attack surface expands, cloud, IoT, email, mobile devices, and thumb drives rank highest among OT exposures to cyber risk recognized as falling outside of the firewall. Our research shows that phishing and malware, and to a somewhat lesser degree spyware, remain the most common forms of attacks outside the firewall. But our survey also found increased concern in recent years over the growing number of advanced tactics used by cyber terrorists. These include, in order of perceived threat level: mobile security breaches; insider breaches (through carelessness, well-intentioned actors, or bad actors); SQL injection (executing malicious statements in SQL programming code); Man-in-the-Middle (MITM) attacks on communications; Distributed Denial-of-Service (DDoS) disruptions; and Zero-Day attacks on unknown or unaddressed software vulnerabilities.
If there’s good news, it’s that almost three-quarters of manufacturers currently say they have employed effective responses to OT security breaches. And as the threats multiply and expand, manufacturing leaders say they are doubling down on a proactive posture to reduce OT risks. Their top targets: unauthorized access, operational disruption, and IP theft.
Asked whether their primary focus is on prevention, detection, or response, two-thirds of manufacturers pointed to prevention. Given the frequency of breaches, incidence-response planning demands equal attention. Companies must be proactive to detect and neutralize breaches versus having to turn out the lights due to significant attack.
Perhaps the biggest challenge manufacturers face is internal rather than external. The report reveals that many companies incorporate a complex web of leaders with significant roles in OT security. While high organizational engagement can create strength, complex reporting relationships can leave ownership unclear or reinforce the old silos and known cultural challenges for IT-OT collaboration.
The battlefield is constantly evolving. Our report shows manufacturers are preparing for a future where more resources are devoted to staying one step ahead of the enemy.
Stephen Gold is president and CEO of MAPI, the Manufacturers Alliance for Productivity and Innovation.
