The what, when, where, and why of modernizing cybersecurity in smart factory and OT environments.
With the integration and interconnectedness of operational technology (OT) systems and information technology (IT) systems, smart manufacturing has become a prominent target for cyber-attackers.
Historically, plant operators and security teams rely on the “air gap” between OT devices and an organization’s IT network to serve as a security countermeasure to create an impenetrable barrier from malicious attacks. However, it has been proven that the air gap can no longer be used as the sole security solution in today’s smart manufacturing cyber landscape.
The result of dissolving the air gap is an exponential increase in cybersecurity incidents that can quickly undermine the return on investment from smart manufacturing technology. It is true that keeping systems off the public internet will strengthen security posture, but vulnerabilities are also introduced when operators connect Industrial Internet of Things (IIoT) and OT equipment to IT networks and cloud-based solutions.
Understanding the unique security risks and vulnerabilities of industrial IoT devices and how to address them is important:
- Operating System differences
Many legacy OT devices run on older operating systems that get few to no updates, compared to the new IIoT devices. This can complicate security management of OS statuses, vulnerabilities, updates, and alerts, especially when organizations or plants run different devices on different operating systems. -
Installation and oversight differences
Typically, the IT department should oversee any IT devices that are connected to a network. However, IIoT devices such as environmental sensors, equipment vibration sensors and remote video cameras are often marketed as easy and fast to install with no wiring or coding required. Hence, this leads to the creation of IoT networks that are essentially “shadow IT” within the larger environment and increases the risk that OS, app, or communication vulnerabilities and incidents will go unnoticed by the security team. -
Device scanning issues
IT scans are designed to look for and probe active agented devices on the network. However, most OT/IIoT devices cannot accommodate agents, and scans that probe their OS and apps can disrupt their functions, causing them to fail. Hence, many devices do not appear on traditional IT network monitoring tools, and the use of scans can interfere with the way the devices work, further complicating OT and IIoT security. -
Digital OT equipment exposed to cyberattacks
Organized criminals and state-sponsored attackers are well aware that smart devices can often act as points of vulnerability to compromise. Even publicly disclosed zero day device vulnerabilities do not always ensure that the industry responds accordingly. This trend puts organizations at serious risk, and recovering from any attack is costly, and requires months or years for the identification of all the damage, and rebuilding of customer/investor trust.
Core elements of smart manufacturing cybersecurity
As an organization’s smart manufacturing plan starts leveraging customer device data, security is critical for customer experience, brand reputation, and liability protection.
A comprehensive smart device security program should include:
- Agentless and passive monitoring capabilities to allow IT teams to see every device in the environment while protecting OT device functions
- Continuous monitoring of device activity and communication for rapid anomaly detection and response
- Risk assessment and scoring to help security team to prioritize responses
- Automated alert and update options
- Easy integration with IT security monitoring for a single source of truth
In order for smart manufacturing workforces to secure and manage the next generation of plants, OT and IIoT device manufacturers and critical infrastructure operators will need to be reskilled and provided with upgraded tools in the above aspects to ensure that OT security maintains pace with digital transformation and the cyber risk landscape.