Weak security implementations and flawed organizational structures are opening up manufacturing floors as lucrative targets for cybercriminals, with more than half of manufacturers saying they have experienced disruptive cyberattacks in a recent survey.
New data from Trend Micro, which surveyed 500 security decision makers who were part of large manufacturing firms across the U.S., Germany and Japan, found that 61 percent of manufacturers have experienced a “cybersecurity incident.” According to Trend Micro researchers, this encompasses virus infections, unauthorized operations that exploit system vulnerabilities, or unauthorized accesses to systems.
Manufacturers have for the past decade been undergoing a major shift in how the equipment on production floors is monitored and controlled. The operational technology (OT) devices used for monitoring and controlling industrial equipment such as supervisory control and data acquisition (SCADA) systems are becoming increasingly connected to the Internet as manufacturers embrace new functionalities such as predictive maintenance, automation and more.
However, connecting previously air-gapped OT networks to the public Internet is also opening up a dangerous security “soft underbelly” for manufacturing firms, said Amir Preminger, vice president of research at Claroty. And cybercriminals are taking full advantage.
“The bottom line is that OT is much more prone to be attacked - it’s more vulnerable, and I think it’s an easy territory for attackers,” said Preminger.
Manufacturing experts surveyed are recognizing this security pain point, with 78 percent agreeing that technology is the biggest security challenge for their organization. Fewer than half of the respondents said they're implementing technical measures to improve cybersecurity.
Part of the challenge is that OT is built for specific environments in which system downtime is a critical factor, making it more difficult to deploy patches. On the flip side, with IT devices, “everyone is planning for a malfunction,” said Preminger.
Critical security flaws continue to pop up in OT systems - with researchers a year ago warning of bugs requiring very little skill to exploit in industrial control system (ICS) devices from Rockwell Automation and Johnson Controls, for instance. And in July, the National Security Agency (NSA) issued an advisory regarding a critical security flaw in the Schneider Electric Triconex TriStation and Tricon Communication Module, components that are designed to prevent equipment failure by shutting down plant operations in the event of an emergency.
“The bottom line is that OT is much more prone to be attacked."
On top of the security issues plaguing OT systems, more than half (67 percent) of manufacturing experts say flawed organizational processes within manufacturing companies are making security more difficult. Few organizations have teams that collaborate across the IT segments - tasked with securing and managing hardware and software along with storing and transmitting data - and the OT segments - which oversee ICS devices, and manage physical processes tied to industrial equipment.
The majority of those surveyed by Trend Micro (88 percent) said that their companies’ IT and OT teams don’t collaborate across all phases when determining cybersecurity measures. The disparity between IT and OT can affect the security posture of manufacturing companies overall: In fact, firms with IT and OT teams that did work together had a higher level of security protections like firewalls and network segmentation.
“The results show that if both IT and OT teams participate in the selection of technical measures and the decision making process in factory cybersecurity, the implementation of technical measures will be easier,” the report says. “In particular, there are significant differences in measures such as firewalls, IPS, and network segmentation.”
For manufacturers, these technology-level and organizational-level challenges are leading to potentially devastating disruptions. Of the surveyed organizations that experienced cyber attacks, 75 percent suffered system outages, with 43 percent saying their outages lasted more than four days.
Depending on the industry that the affected manufacturing firm is in, and the materials it produces, such attacks could have high financial stakes and cause disruptions for other partners and customers across the supply chain. In February, a ransomware attack hit WestRock, the second-largest packaging company in the U.S., affecting its OT systems used to control industrial operations and causing its mill system production and packaging-converting operations to sputter to a stop. The attack caused a lag in production levels for some of the company’s facilities. For instance, the firm’s mill system production, through Feb. 4, was approximately 85,000 tons lower than planned.
These types of production halts can cost companies in terms of lost productivity, brand damage and more. In 2019, a ransomware attack on Norwegian aluminum maker Norsk Hydro forced the company to shut down or isolate several plants and send several more into manual mode - ultimately accumulating a loss of $35 to $41 million in the first quarter of 2019.
Claroty’s Preminger said that for manufacturing companies, “security in-depth is the best approach.”
“You need a layer of protections - starting from the external interface, to internal,” he said. “Antivirus, firewalls and segmentation are important to practice and have, but companies also need internal protection mechanisms for OT networks. This includes different ways to protect systems - you can’t just have one solution.”