Every morning, I start my day by reading email about the latest cybersecurity news. These emails almost always involve data breaches or malware targeting a retail outlet, a restaurant, a healthcare company or a financial institution. What do these cyberattacks have in common? They involve organizations that have a direct relationship to people. Hackers are stealing credit card numbers, usernames and passwords, medical and other personal information.
Because of the emphasis on cyberattacks in these industries, you may be surprised to learn that the manufacturing industry is seeing higher-than-normal rates of cyberthreats. According to a new study from Vectra, metadata “revealed a high volume of malicious internal reconnaissance and lateral movement behaviors among manufacturing organizations.” Cybercriminals are hiding inside the network spying and stealing, and they appear to have been there for an extended period of time, undetected. What they’re after, more often than not, is intellectual property (IP), which is not a new target, and they are gaining access into the networks through industrial internet of things (IIoT), which is a new attack vector.
“The increase in industrial IoT devices exponentially increases the attack surface for manufacturers,” Jürg Affolter, CIO at Brugg Cables, said in a formal statement. “Implementing continuous monitoring of the internal network for attacker behaviors as well as additional access controls are important since an agent-based solution isn’t possible for industrial IoT devices.”
New Levels of Automation
Intellectual property includes proprietary manufacturing processes, formulas, recipes and product designs, explained Chris Morales, head of security analytics at Vectra. In the past, IP theft used to involve finding an insider willing to trade secrets for money. However, this type of attack was time-intensive and very costly.
“What is new is the level of automation within manufacturing and the way that information can now be accessed,” Morales continued. “For example, think of a machine loaded with designs for a new product and the process used to develop that product. This information could be acquired by a remote attacker with access to the industrial network.”
Another type of attack would involve the disruption of the manufacturing supply chain, which would disable the manufacturing and distribution of goods. “Last year we saw this type of impact when manufacturers were hit of with ransomware attacks like Wannacry,” he noted.
Risks with IIoT
IIoT differs from consumer IoT in levels of scale and durability. IIoT is designed to support large numbers of sensors that operate in what often are dangerous and hazardous conditions. IIoT and IoT are similar in the way devices connect to the network and with the protocols used for communication, and both types of devices use already published and understood standard network communication protocols.
“In the past, manufacturers relied on customized, proprietary protocols, which made mounting an attack more difficult for cybercriminals,” Morales said. “The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread and steal.”
However, for business reasons, most manufacturers do not invest heavily in security access controls, as these controls can interrupt and isolate manufacturing systems critical for lean production lines and digital supply-chain processes.
“Consequently,” Morales added, “network visibility and real-time monitoring of interconnected systems is essential to identify the earliest signs of attacker behaviors in the manufacturing infrastructure.”
However, Morales warned, networkwide visibility can be a double-edged sword. “Manually monitoring network devices and system administrators creates a challenge for resource-constrained organizations that cannot hire large security teams,” he said.
Numerous security analysts are needed to perform the manual analysis required in identifying attacks or unapproved behaviors in large, automated networks that have IIoT and information technology (IT) with operational technology (OT) devices.
The solution to secure IIoT and better protect IP from theft is the use of artificial intelligence. AI, said Morales, is essential to augment existing cybersecurity teams, so they can detect and respond to threats faster and stay well ahead of attackers. AI solutions allow for better understanding of hacker behavior and trends, as well as address business risks.
The combination of IIoT and the interconnectedness of industrial control systems has created a massive, attack surface for cybercriminals to exploit, he noted. With nation-states becoming a bigger player in cybercrime and the value of IP, as well the ability to disrupt business operations, it is clear more attention needs to be paid to cybersecurity in manufacturing. While the attacks themselves may not have an immediate human factor, the end results will.