The manufacturing industry is at risk of increased cyberattacks due to industrial IoT devices and Industry 4.0 initiatives. This is due to the way that systems are installed and configured. Too many Industrial Internet of Things (IIoT) devices are connected directly to the Internet. This provides hackers the opportunity to map devices and exploit known vulnerabilities. This is just part of the claim from a report from security vendor Vectra (registration required).
Chris Morales, Head of Security Analytics at Vectra said: “The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit.”
Attackers are targeting manufacturers for a number of reasons. The two most obvious are intellectual property (IP) theft and supply chain attacks.
How real is the threat to manufacturing?
From January to June 2018, Vectra used its Cognito threat-detection and hunting platform to monitor network traffic. The data it collected came from more than 4 million devices and workloads both on-premises and in the cloud.
The data revealed active cyberattacks that were not just seeking access but proliferating inside manufacturers networks. Cyberattacks begin by mapping the network infrastructure of a target. While mapping networks, the attackers are actively identifying IP assets and stealing them. Theft of IP increased over the monitoring period with the majority of attacks using data smuggling technology. This allows the attackers to stay hidden as they continue to gather data over longer periods.
As attacks proliferate inside a network they identify connections to third-party networks. This provides the opportunity for the attackers to launch supply chain attacks. As a trusted third party, attacks from a manufacturer have a good chance of success. However, as customers increase their use of supply chain risk ratings manufacturers with poor security records could lose business.
A need for better security control
Manufacturers need to invest more in their security infrastructure. The vast majority of the attacks were against unsecured IIoT devices. These are often easily identified through the use of Internet search engines such as Shodan and Censys.
The lack of secure access is often due to a lack of cybersecurity skills among manufacturers. Skills shortages make it hard to find security staff. Once found, their lack of knowledge about how manufacturing systems are interconnected creates a steep learning curve. That issue doesn’t go away when bringing in third-party security vendors.
There are several steps that manufacturers IT security teams can take to improve security. This includes:
- Identifying all Internet facing devices inside the company and securing them. Where they are connected to a supplier network for monitoring there has to be a joint security policy.
- Policies to prevent new IIoT installations without a security assessment. This is especially important when air-gapped systems are replaced by cloud-based systems
- Regular review and updating of security access controls. This should include limiting who can access and change the settings of a device to stop attacks from the IT network against IIoT devices.
- Real-time analysis of networks including monitoring logs. This will identify brute force password attacks and allow for rapid response to the cyberattack.
- Security escalation policies. When a cyberattack is detected what do you do? This is a general weakness across multiple industry sectors and not just manufacturing.
- Keep security software up to date. This is not just about end-device protection. It has to include updating lists of known command and control (C&C) servers and blocking their IP addresses.
- Behavioural monitoring software. While this is often used to identify malicious insiders it will also help identify reconnaissance attacks.
What does this mean
There should be no surprise that manufacturers are under sustained attack, especially when it comes to IP theft. This is something that has gone on for centuries. The difference today is that it can be done remotely and on a much larger scale.
Many of the attacks against manufacturers come from experienced cybercriminals. These groups are looking for data to sell while others are state-sponsored threat actors. The latter group often has more tools at its disposal and works to a longer timescale. This allows them to take countermeasures against detection.
Manufacturers are looking for ways to become more effective. They want to lower costs and improve productivity. IIoT is one route to achieve this. What they are not paying attention to is the cybersecurity risks.
This is not just about newer systems that they are installing. Many of the older IIoT systems were built on restrictive protocols with limited processing capability. They are hard to secure and often the current IT team knows nothing about them. The problem is that the attackers are finding these systems.
The current trade war between the US and China has its roots in IP protection. This is leading to increased cyberattacks on manufacturers. Without better security, manufacturers will be unable to find future R&D investment.