The Importance of OT Security in the Manufacturing Industry

Introduction

In the ever-evolving manufacturing space, operational technology (OT) is essential for optimizing production processes and driving efficiencies. But, as more organizations embrace digital technologies and accelerate their transformation, the security of OT systems is a growing concern. Cyber threats are no longer only targeting IT infrastructures; they’re also setting their sights on OT and other critical infrastructure.

In the face of growing manufacturing OT security risks, organizations must prioritize security measures that safeguard their most valuable assets, ensure uninterrupted operations, and maintain their customers’ trust. 

In this article, we’ll discuss the mounting cybersecurity threats to manufacturing environments and consider some OT security best practices for mitigating risk in this rapidly changing landscape.

Understanding Operational Technology (OT) in the manufacturing environment

What is OT ?

Operational technology (OT) is the hardware, software, systems, and devices that organizations use to manage, monitor, automate, and control key processes and infrastructure. 

OT is present in every industry and nearly every organization and is vital in sectors like manufacturing, energy, utilities, and transportation.

The Role of OT in Manufacturing Environments 

In the realm of manufacturing, OT systems are responsible for monitoring and managing processes, assets, and other equipment in factories and other industrial settings. 

They provide manufacturers with oversight of critical processes in real time, track performance, optimize efficiency, improve reliability, streamline resource management, and improve overall productivity and safety.

Examples of OT in Manufacturing Operations 

It’s common for modern manufacturers to have a vast array of OT technologies running within their manufacturing sites. Some of the most common examples of manufacturing OT include:

• Supervisory Control and Data Acquisition (SCADA) systems
• Programmable Logic Controllers (PLCs)
• Remote terminal units (RTUs)
• Industrial control systems (ICS)
• Distributed control systems (DCS)
• Human-machine interfaces (HMIs)
• Internet of Things (IoT) devices
• Industrial Internet of Things (IIoT) devices, also known as Industry 4.0

IT/OT Convergence: A Doubled-Edged Sword

In most manufacturing environments, IT and OT devices have historically been separated, but the growth of technologies such as big data analytics and the Industrial Internet of Things (IIoT) has changed all this. Now, there’s a compelling case for uniting these processes, insights, and controls through what’s known as IT/OT convergence.

IT/OT convergence creates the potential for cost savings and resource efficiencies. It also allows manufacturers to feed sales and inventory data and insights into the operational side of the business, which helps optimize manufacturing equipment and power usage.

However, IT/OT interconnectivity can pose new cybersecurity challenges. Connecting OT and IT devices increases the attack surface and any vulnerability in one system can potentially affect the other. Equally, vulnerabilities that once were less significant due to the lack of connectivity between these areas are now enticing targets for bad actors. 

Unfortunately, security measures traditionally used to protect each area independently often don’t work well in this converged environment. And, while IT security teams are usually adept at recognizing and managing the latest threats against IT infrastructure, risks on the OT side often go undetected.

In recent years, the emergence of OT-specific malware such as Industroyer, Triton, and Incontroller points to the cybercriminals’ increasingly sophisticated capabilities in attacking manufacturers’ operations.

Cyberattacks on Manufacturing Companies are on the Rise

In 2023, about a quarter of all cyberattacks worldwide targeted manufacturing companies. 

Ransomware was one of the most common types of attack, hitting almost all subsectors and most frequently affecting metals and automotive production. 

The manufacturing supply chain is where most vulnerabilities are located, and the disruption of one party can trigger downtime that affects the entire ecosystem: 

• Between 2022 and 2023, the number of supply chain attacks in the U.S. doubled, amounting to 242 overall attacks and impacting 2,769 organizations. 
• The Solar Winds cyberattack in 2021 was one of the most significant supply chain attacks ever perpetrated, affecting approximately 18,000 customers.

What are the Challenges of Managing OT Cybersecurity Risks in Manufacturing?

OT systems face all the same threats IT systems do, such as malware, ransomware, phishing, DDoS attacks, insider threats, and human error. But OT environments face several additional challenges that can heighten manufacturing OT security risks:

Uptime Requirements

Many OT systems need to be operational at all times and maintain constant connectivity. Downtime needs to be limited to occasional maintenance scheduled months in advance. This makes it difficult to perform regular security updates, patching, and other maintenance tasks that are routine for IT systems.

Legacy Systems 

Some OT systems are decades old and, thus, more likely to be unsupported than IT systems, which are refreshed more regularly. Often, patches and other security updates that address vulnerabilities and enhance security features aren’t available for aging OT systems, leaving them vulnerable to cyberattacks.

Location and Accessibility Challenges

IT systems are generally located within data centers and other secure facilities. In contrast, many OT systems are deployed in remote or harsh environments, making it difficult to ensure adequate physical security controls. Those stationed in unattended locations may be susceptible to tampering and unauthorized use, increasing their likelihood of compromise.

Third-Party Risks

As more manufacturers invest in establishing more digitalized and connected supplier networks, they also create more potential points of cybersecurity vulnerability. These all need to be continuously monitored and defended to maintain the security and resilience of the production environment.

Skills Shortages 

It’s not easy to find professionals with the skills and experience required to manage converged IT/OT environments. Three-quarters of participants in a National Association of Manufacturers survey said that attracting and keeping a skilled workforce was a major business challenge. ISC2’s current estimate of the worldwide cybersecurity skills gap runs to four million people. So, locating talent with both OT and IT cybersecurity skills is no easy task.

Regulations and Reporting Requirements

Governments have heeded the increased cybersecurity risks introduced by converged IT/OT systems and have added more regulations. The US Securities and Exchange Commission now mandates a cyber-incident reporting window of just four days for larger, publicly traded companies. That includes manufacturers, and it adds to the pressure on them to not just prevent cybersecurity incidents from happening but also act fast if they do.

Why OT Cybersecurity Incidents Can Spell Disaster for Modern Manufacturers

The costs and consequences of successful cyberattacks on manufacturers can be grave and multifaceted. 

Many OT systems modify conditions in the physical world (such as air and water quality). If they’re compromised, it could lead to events that adversely affect the safety of employees, partners, or local communities if the attack results in dangerous levels of waste or the loss of control over hazardous materials. 

The absence of appropriate cybersecurity protocols for OT environments can leave manufacturers vulnerable to intellectual property theft, production sabotage, and logistical disruption, all of which could take a heavy toll on their revenue and market reputation. For example, if a cyberattack results in a protracted outage or shutdown of a manufacturing facility, that would mean lost revenue opportunities and supplier and customer costs due to late or non-deliveries. 

Manufacturers that fall victim to a cyberattack will also likely incur significant damage control and remediation costs, including additional security technologies and services and crisis communications with customers, partners, suppliers, communities, law enforcement, and the media.

Longer-term costs associated with a successful cyberattack could also be considerable and include regulatory penalties and higher insurance premiums.

6 Best Practices for OT Security in Manufacturing

To raise their defenses against cyber threats on their OT environments, manufacturers need to adopt a multi-pronged defense-in-depth strategy, a resilient OT Security Infrastructure. Ideally, this should include: 

1 - Asset Management and Inventory of Network Assets

If you don’t know which assets exist in your industrial environment and the current state of each, it’s impossible to protect them. That’s where automated asset management and network asset inventory solutions come in, providing insight into the entire device landscape. These solutions allow manufacturers to understand their inventory and software and which assets are connected to which networks – all without disrupting critical business processes.

2 - Risk Assessments and Vulnerability Management

OT security assessments and vulnerability management involve identifying risks and vulnerabilities in the network and applying proper control and mitigation actions. This might include:

• Analyzing threats
• Assessing the potential impact of security incidents
• Reviewing compliance with industry standards
• Evaluating the effectiveness of existing security controls
• Providing recommendations for improvement

Critical Steps to conduct an OT Risk Assessments according to the ISA 62443-3-2 standard:

3 - Network Segmentation

Manufacturers should set clear boundaries between the various networks of their different OT systems, as well as their primary enterprise IT network. This contains the risk posed by vulnerable devices and restricts external communication paths. Network segmentation also allows organizations to quickly isolate compromised systems in case of an attack, ensuring their entire operation won’t be shut down if one device or network is compromised.

4 - Robust Identity and Access Management (IAM)

IAM is the practice of preventing unauthorized access to manufacturing systems and sensitive information and ensuring that people and entities with digital identities have the correct level of access to OT resources. Here, recommended practices include: 

• Giving each user a unique set of security credentials
• Applying different privileges to each user, starting with the minimum necessary permissions to perform only the tasks their role requires 
• Closely monitoring accounts with high-privilege and admin access
• Enforcing strong password policies and rotating security credentials regularly 
• Ensuring account deactivation is included in identity lifecycle processes 

5 - Continuous OT Security Monitoring and Proactive Incident Response

The importance of continuous monitoring for detecting security incidents in real time cannot be understated. Monitoring should include leveraging logs and security alerts to detect malicious activity. A thorough incident response plan will allow an organization to swiftly respond to and mitigate cybersecurity incidents to minimize impact and ensure rapid recovery. These programs should include key steps like generating response actions, authorizing responses, and quarantining threats. 

6 - Adherence to OT Security Best Practices and Frameworks

Manufacturers should agree on OT cybersecurity standard(s) against which to benchmark themselves and set clear roles and responsibilities for adherence. The following are examples of helpful frameworks to follow:

ISA/IEC 62443 (International Electrotechnical Commission)

ISA/IEC 62443 addresses OT cybersecurity in automation and control systems. This international standard is widely used in manufacturing, energy, and other industrial sectors to secure industrial automation and control systems (IACS).

NIST Cybersecurity Framework - SP 800-82 

NIST SP 800-82 was first published in 2015 and updated in 2023 by NIST. It provides best practices and recommendations specifically dedicated to the safety of industrial control systems. The standard is applicable in various industries, including utilities, manufacturing, and transportation, to enhance the security of ICS and SCADA systems.

CIS Controls for ICS 

CIS Controls for ICS is published by the Center for Internet Security (CIS), a non-governmental organization specializing in information systems security. It proposes a list of controls designed and recommended by security teams, including specific security measures aligned with regulatory requirements to secure industrial control systems.

ISA-95 for Enterprise-Control System Integration 

The goal of the standard is to provide consistent terminology and a standardized model for integrating enterprise systems (like ERP) and control systems used in manufacturing and production. ISA-95 was developed by the International Society of Automation. 

Conclusion 

Cyberattacks on OT environments are increasing exponentially, yet many manufacturers lack systems for continuously monitoring and protecting their assets. 

Comprehensively protecting your critical OT infrastructure means crafting a holistic cybersecurity strategy centered on ensuring real-time visibility of your assets, devices, and supply chain and any threats targeting them.

Trout Software, founded by former Google and Amazon engineers, offers simple hardware appliances that solve this problem. IT and site management teams can implement Trout software appliances directly on-site to get visibility into which assets are present, how they talk to each other, and identify and enforce secure/unsecure patterns.

Trout Software is trusted by clients in the defense, manufacturing, and transportation sectors.