Addressing cybersecurity in a smart manufacturing environment

In a recently published addendum to its 2023 Hybrid Security Trends Report focused exclusively on manufacturing, cybersecurity solutions provider Netwrix said 64 percent of organizations in the manufacturing sector had experienced a cyberattack in the previous 12 months. While this is on par with other industries, the nature of the attacks was unique, with more cyberattacks focused on cloud infrastructure than that which is on-premises.

According to the report, among manufacturers that detected a cyberattack:

  • 85 percent spotted phishing in the cloud versus 58 percent across all verticals.
  • 43 percent saw compromised user accounts in the cloud compared to 27 percent among all industries.
  • 25 percent experienced data theft in the cloud as opposed to 15 percent among all organizations.
Photo: Alamy

“The manufacturing sector heavily relies on the cloud specifically to work with their supply chain in real time,” said Dirk Schrader, vice president of security research for Netwrix, in the report. “Infiltration into this cloud infrastructure is a lucrative target for attackers as it allows to move laterally and potentially compromise other linked organizations.

According to Schrader, the solutions that Frisco, Texas-based Netwrix provides address the six pillars of the Cybersecurity Framework (CSF). First introduced in 2014 by the U.S. Commerce Department’s National Institute of Standards and Technology (NIST), the framework is designed to help organizations of all types manage and reduce the risks of unauthorized access to information systems. NIST announced an update to the CSF in February.

“The NIST cybersecurity framework in its initial version was talking about identify, protect, detect, respond and recover as the necessary capabilities you should have as an organization,” Schrader said in an interview with Power Progress. He added that the latest version includes a governance pillar. “The idea of how do you orchestrate these things?” he said. “How do you put them into context from a regulation perspective, from a policy perspective, on all these things?”

“Noisy” Computing Vulnerability

According to Schrader, the concept of smart manufacturing makes production lines vulnerable to cyberattacks because of the large quantities of data produced and shared — what he called a “noisy” computing environment.

“The two main effects of smart manufacturing are, you want to leverage the data to be able to look for additional benefits, for additional value you can generate,” Schrader said. “But on the other hand, that idea of gathering, collecting, generating more and more data so that you can become more flexible — that flexibility in itself creates the opportunity for the attacker.” He added that a noisy data environment is “the best place for an attacker to hide.”

Schrader added that edge computing, which is often used to process and manipulate data on the plant floor, adds an additional wrinkle to cybersecurity in manufacturing.

“From a data center perspective, you take a vital part of the processing — of the computing part — to the shop floor, in a simplified way of saying,” he said. “The consequence of that is you have to adapt your security architecture to this setup. There needs to be that level of local monitoring, of local understanding, of local change control, so that whatever is happening on that local aspect, with the edge computing in place, there is a good understanding about what’s going on.”

Want to see more insights from the power industry?
Sign up to the
Power Briefing

That understanding, according to Schrader, includes what data is being shared with whom — or what — and whether security events are being logged, as the increase in the generation of production data means an increase in the amount of security data being created.

“Can I really pinpoint and say, for every moment in the day, I know who is working with the machine, either locally or remotely — who is extracting data from the machine, who’s extracting data from the edge computing,” he said.

Shrinking Attack Surfaces

Being knowledgeable of this overall data footprint is critical, because according to Schrader, cybersecurity is all about shrinking what he called the “attack surface,” and in a smart manufacturing environment, it’s an approach that can be counterintuitive.

“In essence, what you do is you expand it [the attack surface], because you have more machines talking to each other,” he said. “But then you need to adapt your security approach, your security architecture — the way you are taking logs, the way you monitor, the way you control changes in setups, in configurations, even in business processes. So that you can say that any time of the day, I have the ability to control what’s going on. I have that visibility. I have that full understanding.”

A Cybersecurity Culture

According to Schrader, cybersecurity must become part of a company’s culture. It’s something that requires training across the organization to encourage a change of thinking.

“If you’re on the shop floor, you’re talking about availability, you’re talking about repeating the same thing over and over again,” he said. “In IT, you’re talking about a much shorter lifecycle of devices, you’re talking about patch-ability, you’re talking about integrity of data and stuff like that. So we’re talking about two different mindsets. And there is a there’s a bridge to be built between the two things, between the two mindsets.”

Part of building that bridge is helping shop floor employees and IT staff understand the unique aspects of each other’s roles in the manufacturing environment.

“If you have this notion of how you use technology, IT needs to learn that,” Schrader said. “IT needs to talk the lingo of the shop floor basically. On the other hand, in terms of the manufacturing employee who is not embedded into IT, they might have to understand that idea of what does it mean to have layered communication.”

How cyber-aware are you? Staying informed is crucial for individuals and organisations
Construction sector is ‘most targeted industry by cybercriminals’ CovertSwarm says that ransomware attacks have grown exponentially over the last 12 months
CONNECT WITH THE TEAM
Leila Steed Editor, Demolition & Recycling International Tel: +44(0) 1892 786 261 E-mail: [email protected]
Peter Collinson International Sales Manager Tel: +44 (0) 1892 786220 E-mail: [email protected]