Enhancing OT security

Digital Transformation29 Nov 2023

Paul Evans at Nozomi Networks outlines the key cyber-security priorities for manufacturing companies

In 2023, the manufacturing industry will continue to experience challenges around rising energy costs, labour issues, supply chain delays and disruptions, affecting its ability to maintain adequate levels of production and quality.

Despite grim economic predictions, manufacturers must continue to keep pace by adopting new technologies that come with the next phase of the industrial revolution, accelerating innovation, improving efficiency, and increasing customer value.

However, while Industry 4.0 has its benefits, from increased automation, process improvements and new levels of efficiencies, it exposes critical operational technology (OT) to security vulnerabilities, presenting new windows of opportunity for cyber-criminals.

Low visibility across manufacturing environments

According to a report, 42% of UK manufacturers have been a victim of cyber-crime in 2022. With cyber-threats against industrial manufacturing rapidly escalating as more and more connected systems create larger attack surfaces, the manufacturing industry remains one of the most cyber-vulnerable sectors.

These cyber-security issues and lack of system visibility are slowing down the introduction of new technologies, hampering potential productivity gains and holding companies back from growth.

Production security and operational resilience go hand in hand: both are essential for the overall risk management. So how can manufacturers best manage new technology adoptions while ensuring business continuity when they don’t have full visibility into their OT environments?

Challenges posed by Industrial Control Systems

The majority of large manufacturing facilities typically have a significant presence of brownfield sites and legacy plants, with a set of outdated Industrial Control System (ICS) assets and new IoT devices – both difficult to secure.

Traditional ICS devices usually have long life cycles and are custom-built, stand-alone systems, designed to be reliable, rather than secure. They often run scaled-down versions of operating systems, communicating via proprietary or industrial protocols that lack safety features. In addition, they are often sensitive to changes in network traffic or firmware, making many IT security tools unsafe to use.

Traditionally, ICS security was not as a critical consideration because OT networks were designed to be isolated, running less-known industrial protocols and custom software. Those systems had limited exposure, whereas, today, OT environments have converged and are often no longer air-gapped from IT networks.

At the same time, millions of IoT devices are being added to production networks to reduce costs and provide greater value to customers. Like legacy ICS devices, many IoT devices have lightweight, low-key operating systems that lack common security features. Their firmware is rarely updated, and they are found connected to other systems becoming an easy target for threat actors.

These inherent characteristics of manufacturing systems and facilities make them difficult to protect and require specialized know-how and technology in OT/IoT security and visibility to reduce risks.

ICS and OT-specific malware such as Industroyer and Incontroller are evidence of the increasingly sophisticated capabilities that attackers have begun to deploy in attacking ICS and OT systems, resulting in many serious incidents.

The way forward: to take over, detect and respond

Visibility and asset management lay the foundation for network security. As we know, you cannot protect what you cannot see so manufacturers must ensure higher levels of visibility over all connected devices on their networks.

So how can manufacturers see in detail the resources of their OT environment, which devices are actively communicating and what protocols they are using?

One way to improve cyber-resilience is by having real-time situational awareness of OT networks, including visibility into assets, connections, communications, protocols, and more. The good news is that companies can automate asset inventory for manufacturing plants, eliminate blind spots, and reveal items that may have been previously overlooked.

Such a solution requires a large depth and breadth of protocol support, including accurate analysis of ICS protocols. In addition, it must support IoT protocols and current profiles of millions of devices for detailed asset identification and anomaly reporting.

The goal would be to have maximum and accurate coverage of all OT, IoT and IT assets from all systems, regardless of their generation, vendor or function, possibly with an easily scalable solution to monitor an unlimited number of resources and networks in numerous production facilities.

Further steps to minimize the risks

The next step, once the company has excellent visibility, is risk reduction. This requires real-time detection of vulnerabilities, threats and anomalies in both decommissioned and active plants. It includes process insights that highlight risks to reliability, such as equipment failure, unusual variables, and changes in network communications.

It is also necessary to know how to react to alerts and reports that signal the presence of a problem. A system that prioritizes risk, with actionable intelligence and remediation playbooks, helps to keep every facility safer in an efficient and systematic way.

And if problematic network changes need to be analyzed over time or require rapid incident response performance, robust forensics and the availability of effective query tools accelerate repair. For manufacturers, this translates into maximized uptime, consistent product quality and production volumes.

The inherent characteristics of manufacturing facilities make them vulnerable to cyber-attacks. As traditional ICS security measures become insufficient in the era of converged OT environments and added IoT devices, specialised knowledge and technology in OT/IoT security and visibility are necessary to mitigate risks.

The good news is that manufacturing companies are aware of the threat and have started putting their cyber-security first. In fact, cyber-security is already an urgent priority for 63% of UK manufacturers, with almost half (43%) investing in security, firewalls and anti-virus precautions.

It is crucial for manufacturing companies to make the key next step and prioritise the visibility of their OT environment, investing in effective security solutions to protect their assets, employees, and customers.

Paul Evans is a cyber-security evangelist at Nozomi Networks

Main image courtesy of iStockPhoto.com