search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
INDUSTRY 4.0/SMART FACTORIES


WAREHOUSING, HANDLING & STORAGE


CYBERSECURITY: UNDERSTANDING THE SPECIFICITIES OF THE MANUFACTURING INDUSTRY


A


ccording to IBM X-Force’s Threat Intelligence Index, manufacturing became the world’s most attacked industry in 2022, but this trend has been on the increase for several years. Five years ago, pharmaceutical giant Merck lost around $870 million in the wake of NotPetya cyberattack, which temporarily disrupted manufacturing, research and sales operations, leaving the company unable to fulfill orders for certain products. In a matter of hours, NotPetya spread like wildfire, resulting in companies worldwide suffering $10 billion in damage as well as the incalculable cost of damaged or lost goods, services, and opportunity.


The attack acted as a wake-up call for companies and their executives showing how unprepared their systems are, alarming the manufacturing industry to shield their environments. In 2018 a Cybersecurity for Manufacturing report showcased that although the manufacturing industry was always flying under threat actors’ radars, it slowly became one of the most targeted industries. According to the Verizon’s 2019 Data Breach Investigations Report, intentional attacks on manufacturing by outsiders accounted for 70% of all breaches reported.


With the COVID-19 pandemic, digital transformation accelerated in the manufacturing sector. Innovation and automation fast-tracked the growth potential, however the new technologies also increased the exposure to cyber threats. The interconnectivity between enterprise and operational networks opened the door for cyberattacks. So did the external connectivity spurred by Industry 4.0 and the Industrial Internet of Things (IIoT).


AN INCREASING THREAT LEVEL While connectivity has the advantage of increasing productivity, it can also multiply the potential vulnerabilities of a smart manufacturing entity. Curiously, the concept of Industry 4.0 did not consider the extraordinary surge of cyberattacks in the recent years. And as the intention behind cyberattacks has shifted from harmless testing of cyber defences to making a profit through ransomware, manufacturing companies faced and urgent


need to invest in more new technologies to best protect their operations.


With ransomware accounting for 36% of cyber-attacks on manufacturing companies and with cyber threats representing a considerable business risk, the magnitude of which is difficult to anticipate, assess and mitigate, business leaders had to act quickly.


TARGET THE THREAT WELL UPSTREAM


The paralysis of world freight via the Suez Canal following the grounding of a container ship has revealed the sensitive balance on which this industry is based, and the possible consequences in the medium and long term. For threat actors, this meant that compromising a single element of a network, such as billing or email systems, can cripple entire production line.


The Infamous examples of the WannaCry and NotPetya attacks and their impact on manufacturing companies have also shown that the industrial control systems (ICS) and production networks require protection against the daily weaknesses of companies’ IT systems. Ransomware campaigns rely largely on detecting weaknesses upstream, and often penetrate networks through poorly secured software interfaces, such as corporate virtual private networks (VPNs) or remote diagnostic or support ports, often months before asking for money. Therefore, defending against those threats requires paying close attention to the network design and traffic and noticing a subtle change or knowing where the weaknesses lie before it’s too late. However, that essential factor of visibility is difficult to obtain.


WHAT IS THE FUTURE FOR INDUSTRIAL IOT (IIOT) SECURITY?


As the industry transitioned, navigating a blend of new and old infrastructure proved to be challenging. Between legacy OT systems and new IIoT devices being added without documentation, many teams did not have an accurate view of what is on their network. As more systems converge, the vulnerability points and potential risks only continued to


10 OCTOBER 2022 | FACTORY&HANDLINGSOLUTIONS


increase, requiring teams to balance their dueling priorities and tap into each other’s unique expertise.


IIoT technologies, built on common platforms and protocols - things that made them easier to manage and less costly in development, also made them vulnerable. Threat actors, aware that manufacturing control systems are increasingly built on common technologies, were now able to operate in a simpler way and with less customization. As with IoT, the industry behind IIoT has underestimated the need for security, and many first- and second- generation hardware has vulnerabilities in their software configuration and design. By investing in IIoT and automation companies have exposed themselves to more cyberattacks in the form of ransomware requiring them to invest in defense solutions that can work in a unified way through a single management system.


Rather than backtracking and isolating industrial networks, it makes more sense to integrate them securely. For that, companies need to have access to an accurate inventory of their systems, be able to monitor their status in real time, and have a way to model maintenance, including patches, in complex ways. Before even buying equipment, it is imperative to check its safety design and ability to address weaknesses. There is also a need to integrate threat intelligence from as many sources as possible to gain insight into attacks, whether anticipated or detected in real incidents. Finally, special attention should be paid to connections to computer networks so as not to create backdoors that attacks could exploit, for example unpatched VPNs used for remote maintenance.


While all sectors are exposed to a very high risk of cyberattack, the manufacturing sector has only recently become aware of the risks involved. To ensure its long-term future in a context of latent insecurity, the sector must make cybersecurity a commercial motivation in its own right.


Paul Evans


Tech Evangelist Nozomi Networks


www.nozominetworks.com/ 39


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58