The target of the Toyota attack was Kojima Press Industry Co., which manufactures metal, plastic and electronic components for vehicles, but it indirectly impacted Toyota’s just-in-time production control system. To prevent the infection spreading to other network components, the car manufacturer made the decision to halt production, which resulted in a five percent drop in car production and significant financial losses for the company.
The attack also demonstrated the true impact of supply chain attacks on manufacturers. As connectivity in their operational environments grows and interdependency chains with suppliers become more embedded in their networks, devastating and production halting cyber attacks are becoming a greater risk.
Hackers have discovered that by compromising production of key suppliers they can also shut down operations for their customers. The convergence of IT, Internet of Things (IoT) and operational technology (OT) systems, including industrial control systems (ICS), often plays a major role in supply chain attacks – and, more commonly internal, non-malicious cyber risks.
Given this heightened risk, how can manufacturers improve the security of their connected environments?
The digitalisation of manufacturing
For decades, IT and OT were seen as separate entities within organisations. In keeping with practices first defined by the Purdue Enterprise Reference Architecture, the two systems were entirely air gapped to never impact one another. While this separation kept OT networks more protected, today digital transformation efforts have merged the networks to improve efficiency, cut costs and improve safety for plant employees, but it has also raised the cyber stakes.
Digital transformation is underpinned by the convergence of OT and IT systems. Convergence doesn’t mean IT and OT systems and processes are collapsed into a single, flat system, but information is shared to allow them to interoperate. For manufacturers, the challenge is how to securely connect IT and OT systems that need to communicate, while preventing those that don’t from doing so. Oftentimes, unwanted communication links go unchecked and vulnerabilities hide in plain sight based on the assumption that OT and IT are separated when they are not. Such assumptions increase the chance that malware on one network may spread and impact other networks.
When thinking about manufacturing cybersecurity challenges, the issues most frequently faced include:
Security as an afterthought: Because OT assets were never connected, they were not built with security or even integrity in mind. Adding security later can be exceptionally difficult because many assets cannot accommodate an agent. Some leading manufacturers are finally implementing ‘secure by design’ principles to newer technology, but that is still the exception.
Long refresh cycles: It’s not uncommon for IT organisations to refresh technology every few years as new hardware, operating systems and applications evolve. In contrast, OT systems are built for reliability, they remain relatively static and have long lifecycles. Some OT assets may not get a refresh for up to 30 years.
Zero downtime requirements: Many OT systems are built for continuous production and are intended never to go offline. As the Toyota example illustrates, even an hour of downtime can mean staggering revenue loss. Moreover, attempting a security patch usually causes more problems than it solves. Even if safe patches exist there may be no maintenance window to shut down production, install and restart. These systems also feature decades-old technology that lacks processing power, making installing things like endpoint protection tools difficult.
Visibility into operational risk: Cyber attacks like the one that crippled Toyota make headlines, but daily issues like network or process misconfigurations, operational errors, resource usage spikes and other anomalies are ten times more likely to threaten productivity. Until it is investigated, an anomaly could indicate a process problem or a malicious attack. Either way, manufacturers must be able to detect intrusions, unwanted behaviour or equipment failure and respond quickly to avoid downtime.
Exponential growth of IoT: The use of Internet of Things (IoT) devices in manufacturing environments is also exploding, for the same reasons as OT: to further reduce costs and deliver more value to customers. IoT devices are used to collect real-time data on production processes. This data flows into IT or even cloud services to enable better scheduling, forecasting and overall performance against metrics. They’re also used to manage facility systems such as building access control, HVAC, lighting and fire safety systems.
Despite their pivotal role, often IoT device communications are not tracked and monitored. Because it’s not clear who they communicate with it can be difficult to maintain a secure perimeter. And like OT devices, IoT systems use simple operating systems and off-the-shelf software components. Their firmware is rarely updated, so vulnerabilities abound, making them an easy target for hackers.
Geography and scale: Manufacturing sites can be huge, with several production plants on a campus or geographically dispersed over several regions and countries. Each one of those environments may rely on thousands of systems and devices from different generations, built by different vendors on different architectures. Maintaining an accurate asset inventory with pen and paper is no longer possible. You need automation to continuously identify and assess all connected assets, from decade-old process controllers to dormant IT systems and new IoT devices.
Shortage of OT cyber security skills: OT engineers, as opposed to IT security staff, often work with OT systems. Tensions may arise when stakeholders primarily concerned with safety and productivity must now balance operational and cybersecurity risk, especially if it means shutting down operations. Couple that with the global shortage of skilled cybersecurity resources – and unclear ownership of IoT devices, which may fall through the cracks.
Cyber security best practices for manufacturers
When rolling out new digitalisation projects, organisations can prepare by following best practices such as the NIST Cyber security Framework, which outlines how to identify, protect, detect, respond and recover from threats. The following recommendations align with this framework and they are based on more than a decade of industrial threat research and experience: