There are many factors affecting downtime that manufacturers must consider minimizing disruption to the production line. While unplanned maintenance is one of the main elements posing a risk to streamlined operations, another growing issue is cyber-attacks and ransomware.
Cyber security has long been a threat to industrial organizations, but the risk, and indeed incident rate, is growing. According to a report by cybersecurity technology specialists Dragos, ransomware attacks alone against industrial organizations increased by 50% during 2023. The firm tracked 28% more ransomware groups impacting operational technology (OT) in the same period, with 70% of all ransomware attacks targeting 638 manufacturing entities across 33 subsectors.[1]
Threats also continue from ‘hacktivists’ driven by global conflict, most notably those between Russia and Ukraine, and Israel and Hamas. Techniques used by adversaries range from a re-hash of old techniques such as phishing, to very sophisticated attacks that are harder to stop, as well as a trend for targeting low-hanging fruit like internet-accessible devices that lack adequate security and enable easy operational disruption.
These threats, alongside new regulations that mandate security controls and which hold financial, or even criminal, penalties for organizations not complying with them, means industrial organizations need to have a robust plan when it comes to management of cyber security risk.
The motive behind cyber attacks - Operational technology (OT) within manufacturing plants and industrial organizations is being deliberately targeted by cyber criminals due to the likelihood of a pay-out from any affected company. If a criminal can hold a factory to ransom, then the company affected may have no option other than to pay up. It’s a rising tide as threat groups evolve and grow.
Last month, Belgian ale manufacturer, Duvel, had its brewery brought to a halt when it was hit by a ransomware attack. The impact was not as damaging as it could have been, due to the firm having good stocks to fulfil orders to its shops, bar and restaurant customers. But when a crippling cyber-attack was launched in 2017 on Reckitt Benckiser, a provider of consumer health, hygiene and nutrition products, it resulted in significant loss to the organization of £100 million, with 15,000 laptop computers, 2,000 servers and 500 systems hit in a hacking attack that spanned just 45 minutes.
The 2021 cyber ransomware attack on Colonial Pipeline’s servers shut down operations of the US’ largest pipeline for transportation of refined petroleum products. The fall-out lasted five days and caused localized shortages of petrol, diesel and jet fuel, sparking panic-buying which exacerbated the shortages. And while it’s reported that around only 34% of firms pay ransoms, the proportion of manufacturing firms paying higher ransoms is on the rise, according to a recent Sophos report, so cyber criminals are highly motivated in this sector as the reward can be fruitful. The threat of being caught in the crossfire of conflict-driven activity is also ever-present in these times of global political instability.
The challenges for manufacturers in protecting OT - OT is often harder to secure due to age and lifespan of the equipment used in most plants, its specialist nature and the difficulty in interrupting operations, which are often 24/7 in order to fix or patch issues. It is also often unlikely that there is an equivalent test environment where changes can be tested safely without impacting production.
There can also be confusion regarding where the responsibility for security of OT environments lies. Historically, it would be the responsibility of engineers, who have little to do with IT, and vice versa. But increasingly, these lines of demarcation are becoming blurred and it’s not always straightforward to know who should do what. As well as the impact a cyber-attack could cause, industrial players must also now be mindful of NIS2, the second Network Information Systems directive, which mandates several information security controls, both technical and organizational, for certain organizations operating in the EU. There have been more stringent supervisory measures and stricter enforcement requirements introduced. Non-compliance can result in serious financial impacts and even personal liability for senior management.
What industrial operatives can do to protect the business from cyber crime - All manufacturing organizations should ensure they regularly conduct security tests against their OT environments. This requires a specialist set of skills, distinct from IT penetration testing, but there are security firms operating that specialize in OT security testing and it’s an investment well worth making.
It is crucial to run tabletop simulation exercises to prepare the organization, particularly senior decision makers, for a cyber-attack in a manufacturing environment. This enables the consideration of big decisions like whether a plant switch could be made and who has responsibility for what to do with what equipment in the middle of the crisis: who gets to decide what gets turned off and when? There is a point at which the attack might become obvious to customers, competitors, suppliers and the press, so an action plan should be in place for this eventuality too.
Operators should also be considering the physical security measures within the plant, including how easy is it for someone to simply walk into the buildings that hold the OT. Could anyone wearing a high-vis jacket walk in unnoticed? Risk from third-party access should also be a consideration if equipment suppliers have remote access into the site. The level of security they have on their side for verifying employees is important and should be a key element of the supplier contract.
Preventative measures to consider - Effective OT security monitoring enables an organization to proactively detect potential security incidents before they become operationally impacting. Other than cost the barriers to this for some firms may be the requirement for specialist staff to run them and to filter out false positives whereby a detection of something that looks bad, but is in fact innocuous, could cause unnecessary alarm.
Ensuring proper segregation of IT from OT networks is key to blocking cybercriminal access. Implementation of Internet of Things (IoT) devices for effective monitoring is increasing in the industrial space, but when improperly secured, these devices can also provide an easy way into the wider network.
Many providers can now connect IoT devices in one cloud-based system for effective real-time data analysis to facilitate predictive maintenance, but it’s wise to consider providers that have industrial sector knowledge and can provide confidence in having high levels of security, like RS Industria.
Security can also be breached by criminals compromising employees, either directly through coercion or indirectly through phishing, or other social engineering methods such as sending a malicious USB stick to someone who could use it unwittingly. The tactics of cyber criminals will of course continue to evolve, and the threat is ever-present and growing. Any industrial organization without a protection plan in place could leave themselves open to attack and/or at risk of regulatory action. The phrase ‘prevention is better than cure’ has never been so appropriate.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.themanufacturer.com/articles/industrial-operators-must-be-geared-up-to-tackle-the-rising-threat-of-cyber-security/
Comments