search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CYBER DEFENSE


agencies on the software controlling centrifuges at an Iranian nuclear facility. Manufacturers are still drawing lessons from that zero-day exploit. Stuxnet “shone a spotlight on the ways that


isolated, custom-built and specialized [industrial control systems] could legitimately be attacked and compromised,” Wenzler said. The attack’s precision in being able to hit only the specific control systems it was after showed that “previous security models of air-gapping [industrial control systems], or trusting that the custom nature of the manufacturing systems made it secure from outside attacks, were no longer valid,” he said. Air gapping—the act of physically separating


one network from another—has been going out of vogue for manufacturers, and Stuxnet may be a big reason for that. The Industrial Internet of Things, or the growing connectivity of control systems, has seen manufacturers prefer connectivity to the lim- ited security returns of air gapping. Connectivity is here to stay for manufacturers, and the


security controls they employ better catch up quickly. “In a modern factory, there is no way that you would


completely isolate… your control network from the enter- prise network,” Langner said. “No way, because you want this integration in order to do things like manufacturing execution systems.” In a sequel of sorts to Stuxnet, hackers were able to cause significant damage to a German steel mill, a 2014 assessment by German analysts revealed. The hackers were able to use social engineering to enter the network of the steel mill and prevent a furnace from shutting down. Then there was the highjacking of medical devices,


known as MEDJACK, a tire-pressure monitoring system (TPMS) attack, and the remote hack of a Jeep vehicle that was shown in a 60 Minutes episode. These disruptive attacks notwithstanding, the manu-


facturing sector has not felt anything on the order of the magnitude of the data breaches that have hit, for example, the retail sector. The 2014 breach of Target Inc. compro- mised the privacy of tens of millions customers’ data and cost the company’s chief executive his job. Despite attacks like Stuxnet, “the reality is that the asset owners in manufacturing really didn’t wake up,” Langner said.


Insuring against disaster Bolstering supply chain security is crucial for manu- facturers, but it is, of course, no panacea against getting


26


hacked. There is a growing acceptance among asset own- ers that getting hacked is part of the cost of doing busi- ness, and that buying insurance is a necessary safeguard. Justyn Hardcastle, a cyber underwriter at insurer Tokio Marine Kiln, said he has seen a clear increase in manufac- turers’ interest in insurance and that a market has taken shape that accounts for their specific needs. “There’s this ever-growing interconnectivity between IT


infrastructure and operational technology infrastructure,” Hardcastle said. “There’s a greater exposure, I think people are becoming more aware of that exposure. Whereas before, people might not have been aware of the risks of, say, con- necting certain aspects of control systems to the Internet.” Hardcastle predicted a “gradual uptick” in manufactur- ers’ adoption of cyber insurances as awareness of its utility increases, in part, through communication between IT se- curity professionals across sectors. Citing client confidenti- ality clauses in its policies, he said his firm could not name any companies it has insured.


Parsing the tea leaves What will the next six to 12 months look like for cyber


threats to manufacturers? Ransomware will grow as a menace, experts agreed. Ransomware “is a very lucrative business model for or-


ganized crime, and it’s just a matter of time until the threat actors in question figure out how much more money they can make just by hitting real large manufacturing compa- nies,” Langner said.


March 2017


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64