December 13, 2022 Defending Manufacturing Industry From Cyberattacks

Manufacturing organizations are prime targets for cybersecurity threat actors creating a need to properly manage security posture.

by Ed Mosquera, Technical Director at Skybox

Industrial and manufacturing organizations are quickly becoming targets for cybersecurity threat actors thanks to the unique challenges they face due to connected physical systems. If network visualization isn’t in place, it’s challenging for security analysts to find where gaps in their networks exist and where threat actors are most likely to target. Across cybersecurity organizations, a compliance framework is often used to implement guidelines and standards. Still, these criteria don’t necessarily achieve the level of security an organization actually requires to prevent breaches.

The NIST Framework provides organizations like those in the manufacturing industry with an easy-to-understand framework for managing and reducing cyber risk to protect networks and data. However, with record-breaking vulnerabilities, rising OT security risks, and increasing exploits in the wild, operators must go beyond this framework and adopt a proactive security posture to defend against attacks.

Manufacturing organizations need to begin rigorously managing their security posture to prevent disaster. Continuous assessment of the overall strength of their controls, processes, and compliance programs is required to strengthen security efficacy to reduce exposure risks proactively. IT and OT system visibility and a comprehensive plan to identify and prioritize exploitable vulnerabilities should play a fundamental role in this proactive strategy to determine if the system is potentially open to a cyberattack.

Compliance does not equal a strong security posture

The lack of visibility into an organization’s network combined with siloed IT and OT environments makes managing compliance and remediating the vulnerabilities that matter more challenging. Professionals experienced in both IT and OT environments are increasingly rare, and the ongoing talent gap contributes to the complexity of hybrid environments. A 2022 cybersecurity benchmarking study predicts ransomware attacks will jump over the next two years, with manufacturing being a significant target for cyberattacks. Additionally, Skybox Research Lab found vulnerabilities in OT technology nearly doubling yearly due to assets increasingly being added to online networks.

NIST and other compliance frameworks provide some insight into manufacturing and industrial technologies. However, these guidelines do not consider a plant or factory’s technological landscape. For example, the Guidelines on Firewalls and Firewall Policy (NIST 800-41) only pertains to security controls and firewalls at a network’s perimeter and zone-to-zone access but does not include guidance on measures needed for user identity, virtualization or container security.

Manufacturing organizations invest significant resources to bring their factory technology online and seek to protect it based on the NIST framework. Unfortunately, when OT administrators have satisfied the checklist, it can be easy to assume they are safe because they’ve earned such certifications. This kind of thinking limits teams from finding gaps that threat actors can exploit.

Reactive strategies centered on scanning and patching have become too laborious and overwhelming, and disabling essential systems for upgrades is an expensive proposition. Cybercriminals understand that they can fly under the radar of traditional approaches, and ransomware attacks in manufacturing are likely to pay off. Therefore, manufacturing organizations would be better suited to adopt a proactive approach that includes identifying critical risks and merging IT/OT environments exposed to adversaries.

Building a modern cybersecurity program

The evolving threat landscape faced by the manufacturing sector requires dynamic risk-based strategies, including surpassing NIST Framework with a thorough vulnerability management plan. This approach enables OT administrators and security teams to manage all risks across their organization’s attack surface. While there are multiple aspects to a proactive risk-based strategy, these three components are critical for successful implementation:

• Risk Scoring: Advanced vulnerability prioritization considers a range of risk factors. Advanced vulnerability prioritization enables security teams to identify and prioritize their organization’s riskiest assets and vulnerabilities. This approach enables organizations to effectively and systematically reduce risk by ensuring they are focusing their resources on the areas of most significant risk.
• Discover vulnerabilities with a network model: A network model gives insights into all network elements, rules and configurations across an organization’s environment. Security, IT and OT teams can gain clarity across a wide range of operational security processes. Network modeling provides the insights and visibility needed to perform accurate exposure analysis.
• Converge IT/OT Environments with Full Visualization: OT administrators and plant managers can create a standard view to eliminate silos within their teams. This approach enables teams to speak the same security language and work together to find and prioritize critical vulnerabilities. With full visualization, IT can find what needs to be patched instead of taking equipment offline to patch the entire network.

A risk-based approach that goes beyond the NIST framework permits leaders to overcome complexity with a proactive security posture management program. Such an approach has been shown to increase accuracy and eliminate downtime while increasing business resiliency and preventing breaches. A recent study showed that 48% of organizations with no breaches in 2021 took a risk-based approach to their security programs. Built with cybersecurity frameworks as a starting point, risk-based strategies allow manufacturing organizations to develop modern cybersecurity programs that defend and protect even the most complex environments.

Ed Mosquera is a Technical Director at Skybox Security. Before his time at Skybox, Ed served as a Cybersecurity Collaboration Program Manager at Bank of America.

Subscribe to Industry Today