How automotive manufacturers can leverage the zero-trust approach to secure operational technology.

In the era of Industry 4.0, the convergence of Operational Technology (OT) and Information Technology (IT) has brought tremendous opportunities to improve efficiency and productivity. However, as organizations become increasingly connected, the expanding network edge has also led to a significant increase in cyber-attacks on critical infrastructure globally. Today, most industrial control systems have not been designed with security. With the accelerated digital transformation, OT security has now become a top priority.

Challenges in Industrial Control System (ICS) security of automotive manufacturing

Over the years, automotive plants have become highly automated with massive deployments of robots and autonomous operations from welding and painting to assembly. Robots, control systems, smart sensors and other equipment are becoming “interconnected” to drive higher outputs and productivity. At the enterprise layer, the Enterprise Resource Planning (ERP) and Manufacturing Execution System (MES) are also moving toward “interoperability” to further optimize production. This not only increases the complexity of the network and system, but also exposes the OT network, which has traditionally been air-gapped, to cyber-attacks.

In the past decades, industrial control networks had been physically segmented and isolated from the internet to limit cyber breaches. The isolation has further led to a deficiency of security awareness and knowledge among operations staff. Even in an air-gapped environment, it is not uncommon to see staff or equipment vendors using external flash drives or laptops to upload contents to a controller during maintenance, exposing the systems to malware attack.

A case study of how a leading automotive manufacturer overcame its OT security challenges

A leading automotive manufacturer based in Asia identified the needs of unifying its entire operations across the value chain to optimize production in order to drive better efficiency and output. As the manufacturer has production plants and offices, as well as R&D and marketing centers in Asia and other regions, the integration has brought complex security challenges to the organization.

Previously, only stateful industrial firewalls were deployed to protect the network at the level of IP and TCP/UDP ports filtering. However, some industrial controllers with legacy operating systems such as Windows XP or 7 and old firmware with known vulnerabilities lack the necessary security features for proper zoning and protection to defend against advanced cyber threats. Now, with the increasing interconnectivity of the entire network due to digital transformation, there was an urgent call to upgrade their OT security to protect the investment. The OT network, which used to face only internal industrial control security threats, is now facing those cyber threats common to an office network.

In addition, the real-time operations platform to integrate the broad range of industrial communication protocols is typically custom-built and lacks security design. Proper zoning and segmentation are needed to effectively segregate between physical assets and functional areas. Once a device or a production line was infected, the entire OT network would be exposed and defenseless which allows  the threat to spread across the automotive manufacturer’s global network rapidly.

Apart from the technology challenge, another roadblock was the lack of security skills among its operations staff.  Although the IT team has been deploying Fortinet security solutions and products at the IT network level across the regions all the while, the security posture at the OT network remains inadequate. And with the rise of ransomware attacks on OT infrastructure worldwide, maintaining the status quo is no longer an option.

OT security is not just about technology

The extension of the automotive manufacturer’s strong IT security posture to OT network could be executed effectively only if the OT team was equipped with the needed knowledge and skillsets. To overcome this challenge, the IT team collaborated closely with the operations team to share best practices on security and processes and help prescribe the relevant security solutions that would address the OT security gaps.

For instance, before purchasing major security products such as firewalls, IPS (intrusion prevention systems) or Antivirus solutions, the organization would conduct a benchmark test to identify the best vendors based on overall performance basis to reduce total cost of ownership and improve ROI. When the manufacturer upgraded its industrial network in 2020, Fortinet demonstrated the functions and performance of its broad OT security solutions through advanced tests such as firewall application identification and virus attack detection. Through a real-world test using a third-party virus sample, Fortinet’s detection rate was over 80% and reached 95% when optimized while the detection rate of competing products was considerably lower at 20%. This revealed the huge capability gap among vendors. As a result, Fortinet was chosen as the preferred security partner.

Fortinet’s Zero-Trust Solution for ICS Network Security

Fortinet’s Zero-Trust Security Solution helps the manufacturer secure its production network more effectively. Through micro-segmentation and traffic content detection, the solution strengthens the control and detection of unknown threats, enhancing its incident response capability to ensure timely reporting of security breaches. This not only raises the OT security benchmark but also enables digital innovations which are crucial in the automotive manufacturing industry.    

Micro-segmentation is one of the core capabilities of the zero-trust security concept. Using Fortinet’s next-generation firewall, the manufacturer has accomplished horizontal isolation at the top layer of its production network across multiple plants while its vertical segmentation provides isolation of the IT/OT network boundary within the plant. In this architecture, even if an industrial control system or application system is infected by a malware, the threat can be timely contained within the single device or application level, preventing it from spreading across the network while allowing fast response to abnormal events.

This strategy provides a clear demarcation of the whole network across office, Industrial Control Systems, mobile device and servers. In addition, Fortinet’s support of a wide range of industrial communication protocols allows monitoring of full OT/IT network and assets through active inquiry and passive traffic functions, enabling abnormality detection at a deeper OT layers for a stronger security posture.

Join Fortinet at the Secure Operational Technology Summit 2022 – APAC

On April 7th, hear from CISOs, Asset Owners, Industrial Control System (ICS) vendors, IDC and Fortinet experts online during a virtual conference where we will discuss how organizations deal with the uncertainties of the continuing pandemic and how you can build cyber resilience to protect your digitalization plan. This year’s Fortinet OT Summit has been tailored for Asia Pacific, with different start times to cater to attendees across different timezones in South East Asia and Hong Kong, India & SAARC and ANZ regions. With 6 keynotes, 2 panel discussions and 5 on-demand sessions in the Technology Track covering ransomware disruptions, supply chain breaches, securing remote access and strategic implementations for ICS (industrial control systems) security – the Fortinet OT Summit APAC provides a forum for knowledge-sharing to the theme, Building Cyber Resilience in a Digital-First World.