Cybersecurity Incident Response: Where Manufacturing Meets Security

Resolve Systems attended MANUSEC Europe and participated in the panel “Mock Crisis: What are your Priorities During a Cyber Attack?” As the leading IT and security incident response platform, Resolve Systems is uniquely qualified to discuss smart manufacturing – where not only manufacturing meets IT, but also cybersecurity.

The manufacturing industry is paying more attention to cybersecurity today than ever before. The growing problem of ransomware, as well as the disruptions of AI and IoT, GDPR compliance requirements, and obsolete organizational structures present challenges for manufacturers. As manufacturers transition to industry 4.0, cyber risk has become a top-of-mind issue.

Given the highly connected environments manufacturers work in, it’s no surprise cyberattacks targeting manufacturing companies are on the rise. The manufacturing sector is now the #2 most frequently hacked industry, second only to healthcare. A recent report noted a rise in attacks on the sector, and theft of intellectual property (IP) was found to be a primary motive.

Why is Manufacturing So Vulnerable to Cyber Risks?

Historically, an industrial network was physically isolated from the rest of the world. The rapid pace of recent technological change, however, has caused critical infrastructure to be connected to each other and the internet. Given this digital transformation and increasing reliance on connected products and focus on innovation, unique exploitation opportunities exist in manufacturing.

For example, many manufacturing operations include legacy equipment or industrial IoT (IIoT) devices that lack security by design. As a result of their vulnerabilities, IIoT devices run the risk of being hijacked by bad actors and used to DDoS others or do other harm to their own factory. In addition, as IT and Operations Technology (OT) networks converge, manufacturers are left with patchwork architectures that increase risk and vulnerabilities.

As industrial technology continues to advance, manufacturers are increasingly improving their connectivity and infrastructure by using cloud, data analytics, and mobile technologies. This creates an ever-growing attack surface to defend.

Cyberattacks on Manufacturing Are Uniquely Damaging

As the industry has gained immense efficiencies from technological advances, so has it gained commensurate sensitivity to disruptions. Even small performance changes in operations tech may lead to defective products (potentially forcing product recalls), downtime, damage on the shop floor, or even physical harm to employees. For example, a 2014 cyberattack on a steel mill caused massive physical damage by compromising a blast furnace, making it impossible to shut down. In addition, security researchers recently discovered vulnerabilities in industrial robots and controllers which can cause catastrophic and difficult-to-detect product damage.

Beyond the risk of destruction, manufacturing is also exposed to cyber theft. Recent events such as the WannaCry and other Petya-variant ransomware campaigns have exposed manufacturing as a target for not just physical damage and facility downtime, but also breaches of customer data and IP. According to research by Kaspersky Lab, by 2014 more than 20% of manufacturers had IP stolen via cyberattack. The loss of IP is especially harmful to a manufacturer, as its trade secrets, blueprints, or designs can wind up in the hands of a competitor anywhere in the world. Worst case? This could allow a competitor to create identical products, sell them at a lower price, and potentially put the victimized manufacturer out of business.

What are your Priorities During a Cyber Attack?

Being able to quickly shut down and recover from attacks is the best way to guarantee your business will stay resilient. That’s why industry pundits encourage all manufacturers to have an incident response plan in place, as Resolve Systems discussed at MANUSEC Europe in Munich. As we’ve seen across all industries, a prevention-only strategy is not enough to protect businesses from security incursions, and manufacturing is no exception.

The cornerstone of any effective plan is an incident response platform to automate and orchestrate complex steps. This recommendation is particularly stringent for manufacturers due to the confluence of two major phenomena:

  1. The fact that the manufacturing industry is already one of those struggling most with cybercrime
  2. The massive and well-documented shortfall in skilled cybersecurity professionals

This means the cybersecurity skills shortage represents one of the most significant threats to the manufacturing industry. Hence, manufacturers absolutely need automation to augment human activity in responding to security threats.

What’s the Best Security Automation Strategy for Manufacturers?

Since attackers often employ advanced technologies, it’s clear manufacturers can’t depend on simplistic automated response procedures or slow manual response activities. Instead, successful security teams in the global manufacturing sector must capitalize on the relative strengths of human and machine in security incident response. That means allowing automation to expedite straightforward activities and completely handle smaller issues, while giving security professionals the power to drive response procedures and automation in dealing with more complex issues.

Manufacturers are challenged to find a security incident response platform that offers the necessary flexibility and sophistication to respond to the many different cyberattack types faced by the industry today.

An effective solution must offer capabilities like closed-loop automation to handle common incursions instantaneously without the need for human oversight, thereby preserving the security team’s efforts for advanced planning as well as addressing more serious threats. Security teams need the ability to partially automate procedures and interact with automation during runtime in order to successfully handle new (and poorly-understood) attack types as they emerge. To ensure the security team’s response procedures and automations remain effective against the ever-evolving threat landscape, it’s also critical the security incident response platform support easy automation and process creation without without the need to involve professional developers typically external to the SecOps organization.

Advantages for Manufacturing IT

All this and more will be necessary for global manufacturers to protect their businesses as well as maintain the trust of their partners and consumers. Compliance and resilience in the face of ever-escalating cyber threats will become competitive advantages for the world’s top manufacturers.

Resolve Systems has the expertise in security automation and orchestration to help assure manufacturers’ protection in an increasingly uncertain environment. In the journey to industry 4.0, Resolve can help ensure manufacturers develop strong security incident response required for long-term success.

Ready to learn more? Resolve Systems will also be at the Cyber Security for Critical Assets event in Houston, Texas, March 6-8! Learn more about Resolve Systems on the Road on our events page.