Cybersecurity in industrial automation doesn’t get the attention it deserves despite the growing security risks inherent in every computer system. Cyberattacks on industrial control system (ICS) computers are growing in the United States and other global regions. In its “OT: Cybersecurity 2023 Year in Review,” industrial cybersecurity firm Dragos reports that the threat landscape for operational technologies is getting more dangerous as “rising tensions and financial opportunity continued to spur a wide variety of actors to target industrial environments.”
The risks of a cyberattack on a manufacturing facility are severe. As such, it’s critical for these facilities to develop documented cybersecurity plans. Due to the complexity of cybersecurity, it’s imperative that companies consider using experts to conduct a risk assessment and make control recommendations that harden the facility and its production lines against potential threats.
Every organization is a potential target Many companies believe that cybercriminals won’t find them attractive targets. Unfortunately, these companies are mistaken. Not every business will get hit by cybercriminals, but every organization is a potential target. Most facilities have never had a fire, but they all have fire suppression systems.
Cybercriminals have their own business model. Some invest significant time and resources to attack an obvious high-value target. Others have a “petty thief” model. These cybercriminals look for the weakest links, often industries or company types understood to have poor cyberdefenses. They operate like car thieves, lifting door handles until they find the car that’s unlocked—and that’s the car they steal. If an organization has any assets, whether cash, intellectual property or data, it’s a potential target.
A cybersecurity breach in a manufacturing setting could have devastating consequences. Sensitive or proprietary information could be stolen, leaving the company with severe financial and legal liabilities. Production lines could be shut down. Exceptionally malicious cybercriminals could hack into a safety programmable logic controller (PLC), risking the lives of line workers who continue to follow standard procedures.
The growth of cyber risks in manufacturing Globally recognized cybersecurity firm Kaspersky’s research on 2022 cybersecurity incidents in the industrial sector found that manufacturing leads all industrial sectors, accounting for 25.37% of the attacks. In its review of publicly known cyberattacks, the Kaspersky report stated, “Among all organizations that suffered attacks, the vast majority relate to industrial manufacturing…They also have many secrets that potential buyers are willing to pay for, while being less regulated...and not as zealously protected by the state.”
The pace of technological advances in manufacturing has outpaced the attention to the cybersecurity risks these advances present. Chief among these advances are:
- Internet of Things (IoT). The growth of automated machinery that links directly to the internet or other machines with their internet connection has amplified cybersecurity risks for manufacturers. The interconnections make each device vulnerable to unauthorized access. If a PLC with internet access is not commissioned correctly or secured, cybercriminals could use it to seize control of a material handling system, even if that PLC isn’t directly connected to the handling system.
- Ethernet. As the preferred architecture in manufacturing, Ethernet networks offer the benefits of scalability, speed and remote access that the closed proprietary systems did not. These advantages also make it easier for systems to be breached and for malware to propagate across the entire network.
- Data sharing interoperability. The drive for big data analysis that managers and engineers can use to optimize production relies on integrating data from multiple systems into a single source. Interconnecting data storage through a centralized analysis program facilitates mass ex-filtration of sensitive data during a cyberattack.
The human element contributes to the growing vulnerabilities as systems get more connected. A lack of IT personnel integrated into operational and project teams limits the adoption of cybersecurity best practices, resulting in greater exposure, inadequate monitoring and delayed responses. More sophisticated social engineering enables attackers to bypass security by manipulating personnel to share information that helps cybercriminals pursue their attack path. For example, the 2013 Target attack was launched through a phishing email sent to Target’s HVAC vendor, which the attackers used to steal system access credentials.
Start with a thorough risk assessment
A cybersecurity risk assessment is the cornerstone of a robust defense strategy. It’s a comprehensive process that begins with documenting every access point within an organization's infrastructure. This includes physical and virtual access points, from automated assembly lines to the old, forgotten computer in the observation deck.
The next step requires understanding how cybercriminals could breach the system and its networks. What entry points are likely to be exploited? What potential attack methods are possible? This step is crucial to identifying and weighing vulnerabilities. Only then can the cybersecurity experts leading the risk assessment provide specific recommendations to mitigate the risks.
It is critical for manufacturers to conduct a new risk assessment every time a new element or system is introduced into the environment. If a company or facility has never conducted a cybersecurity risk assessment or hasn’t in a few years, then it’s advisable to perform a complete risk assessment.
Create a cybersecurity culture
Effective cybersecurity maintenance and risk assessments are a collaborative effort. Senior management can provide the strategic direction and resources to build a strong cyber protection program. They can also ensure that IT resources aren’t confined to corporate offices.
Having IT personnel onsite in manufacturing facilities can improve monitoring for potential cyber incidents, which shortens response time and maintains existing cyber protocols. Their proximity to operations and project managers encourages collaboration with IT and allows IT to join discussions related to system changes and assessing potential security implications.
Companies can also develop a cybersecurity culture by working closely with a system integrator experienced in cybersecurity protocols for complex manufacturing systems. The system integrator can lead regular risk assessments and verify that recommended controls are appropriately executed, allowing companies to maintain a strong cybersecurity posture.
Quick steps manufacturers can take The scope of cybersecurity risks, mitigation options, and tasks can seem overwhelming. Even before a full risk assessment can be performed, any organization will likely benefit from taking several proactive steps. These include updating company standards to include the requirement for a cyber risk assessment on new projects, documenting all machines, controllers and interfaces that are potential entry points for a cyberattack, strengthening existing passwords and encouraging personnel to improve the passwords they’ve set up to access network programs. Companies can also train all employees to recognize phishing and other social engineering tactics and defend against them.
The attack surface of manufacturing is expanding with more software-controlled machinery. Even minor adjustments to network configurations or device settings can lead to significant security risks. Integrating regular safety assessments throughout a manufacturing system’s life cycle strengthens the facility’s overall resilience against cyber threats.
Andrew Harris is Michigan team lead and director of controls business development, and Eric Headington is instrumentation and controls engineering manager with system integrator ACS.
