Securing Manufacturing Data, Products and Systems in a Connected World
Author:Edward J. Liebig, CSC Cybersecurity Chief Technology Officer
As manufacturers enter a new era of connected products, systems and things, they face a complex range of challenges when working to secure their intellectual property, infrastructure and sensitive information. Machine-to-machine integration, mobility and cloud-based services offer new efficiencies, yet they also require new connectivity and add new vulnerabilities.
Download this report, Securing Manufacturing Data, Products and Systems in a Connected World, by CSC's Ed Liebig, Cybersecurity Consulting Chief Technology Officer. It explores emerging cyberthreats to manufacturers and outlines key technologies and practices for securing the enterprise, while enabling innovation programs.
Poorly secured technology offers great risk; however, applying appropriate cybersecurity, especially as a strategic business initiative, can give manufacturers the confidence to rapidly apply innovation and more securely reach outside their enterprises to suppliers and customers while notably reducing their risk to reputation and assets.
Achieving this state of cybersecurity confidence has its challenges, including those that involve securing operational technology (OT) assets, such as industrial control systems, and intellectual property and capital, the Internet of Things, and customers.
Industrial control systems — risky connectivity
Certain types of businesses, such as financial services firms, have faced cybersecurity threats for decades. Many manufacturing sectors haven’t experienced as great an impetus to establish comprehensive cybersecurity capabilities. Some segments, such as aerospace, defense, automotive and chemical, due to safety or national security concerns, have an edge on others when, not that long ago, securing assets was almost as simple as posting a guard at the plant door.
Stuxnet, which was discovered in 2010, changed that perception, and the manufacturing industry’s focus on securing industrial control systems (ICS) began to mature. The Stuxnet worm, which was used to ultimately destroy the SCADA systems controlling Iranian nuclear centrifuges, proved that weapons-grade malware could be an effective offensive strategy and, if customized for its target, that software could effectively and permanently damage production assets.
With the expansion of the Internet and enterprise networks, more recent cyberattacks and researchers’ reports further demonstrate that criminals and nations can remotely destroy and disrupt equipment and control systems — they no longer need to be onsite.
New methods of detection, prevention and response
To protect against increasingly sophisticated cyberattacks, whether local or distant, organizations must continue to push advances in cybersecurity and incorporate them, keeping an eye on basic, proven forms of security, while embracing new methods of detection, prevention and response.
Protecting industrial control systems and similar systems running in the OT environment requires layering the OT infrastructure between operational functions and paying close attention to data flows. By architecting exacting standards that direct how information travels, is written or is simply read, as well as by identifying which systems should not allow arbitrary software changes, organizations can restrict what information is a “push” and what needs to be a “pull” from the OT systems.
This detailed attention mitigates cross-contamination of malware and exploitation attempts between IT and OT networks, allowing manufacturers to more securely streamline their operations. Adopting new cybersecurity tools and approaches that detect and mediate threats — such as polymorphic and advanced persistent threats — in the layers that sit above the OT environment, before they disrupt or destroy control systems, becomes increasingly critical as manufacturers look to remotely manage their OT and tie it to their business systems.
Removing barriers with IoT and cloud
With the emergence of the Internet of Things, and increased use of technologies such as cloud and mobility, manufacturers are building much closer connections with and between their machines and their different information layers. Achieving greater flexibility requires shortening cycle times, and the only way to reach that goal is by removing barriers within an enterprise’s process-based applications, which can create even greater vulnerabilities.
The concept of removing barriers between a manufacturer’s OT and its business systems creates anxiety for most cybersecurity specialists. Many control systems were never built to connect to the outside world and often require different forms of security than business systems. Security options, such as inserting a technical control, which experts may use to protect their IT systems, may not be practical, available, or the best approach. Changing how people operate, in many cases, may better protect a manufacturer’s control systems.
Steps to a more secure enterprise
Researchers, such as those at CSC, continue to drive efforts in securing OT-IT interconnectivity; however, many challenges still need to be resolved to avoid risking vulnerabilities, such as exposure to cybercriminals, or even breaking OT environments or increasing production costs. To address these emerging threats, manufacturers should:
1) Know where all their intellectual property and capital resides — organizations can’t protect what they don’t know they have. Today’s intellectual assets include software, both as part of the manufacturing process and as part of products.
2) Secure industrial control systems; Use a structured approach when linking them to business systems, the Internet and remote access technologies. Measure risk across the enterprise as it relates to the bottom line (lost revenue or revenue potential). The perceived value gained by connecting dissimilar systems may prove not to be worth the risks. Also, reduce entry points into these systems, then fortress around them. With fewer entry points, manufacturers can focus their resources on building stronger fortifications around them
3) Move from flat to mesh networks. Mesh networks, much like a ship’s many chambers, use different layers to stay afloat, keep malware out, and prevent malware from executing in a manufacturer’s systems. Flat networks give thieves a direct, high-speed highway to a manufacturer’s assets4) Develop a deep understanding of what is “normal” for systems to better detect abnormal activity. Without that understanding, criminals may be able to hide their plundering for a long time before being noticed.
5) Leverage threat intelligence from many sources. Know which bad actors are working your market sector, which ones find your systems “valuable,” what tools/techniques they use, and what motivates them. Map that knowledge back to your own systems in the form of controls that address more likely attack scenarios.
6) Collaborate — today’s cybersecurity challenges cannot be solved alone. Join the conversation. By participating, manufacturers can be at the forefront of cybersecurity best practices.