The manufacturing industry is going through a digital revolution under the slogan Industry 4.0. This new age of intelligent technology and digitization in the manufacturing industry is transforming standard workflows into streamlined, automated and internet-enabled workflows.
But what is good for innovations is not always the safest.
Operating technology (OT), industrial control systems (ICS) and programmable logic controllers (PLCs) were not originally designed to connect to the internet. These were on-premises systems that have become global networks and this causes some serious security issues.
Lack of visibility and monitoring compromises manufacturing cybersecurity
Manufacturing organizations do not have sufficient insight or insight into critical systems, workflows and access points. More than half said their top barriers to a strong security posture are:
- Lack of insight into people (aka digital identities with access rights) and business processes
- Lack of oversight or governance
- Insufficient cybersecurity risk assessment
Manufacturing organizations have multiple (up to thousands) employees, suppliers, remote access, systems, assets, and OT—all attack vectors. Hackers could exploit all of these to gain access, which is why they all need to be controlled. But if IT and security teams don’t have visibility into the digital identities and workflows and processes that are part of their environment, it’s impossible to assess risk and build a security architecture around those risks.
Shockingly, 68% have no insight into the level of access and permissions granted to internal and external parties. Knowing the access level of each digital identity is not only a best practice, it could mean the difference between giving a hacker full network access or stopping them.
Additionally, 42% do not monitor third-party access or session activity. And most don’t document the type of network access granted to their third-party providers. For many organizations, vendor access is treated like employee access, which is too open and too privileged considering third parties only need access to certain applications to do their job.
Manufacturers do not control network access
When it comes to the essence of cybersecurity, it comes down to how best to control your users, their access rights, and the endpoint. Manufacturing companies, which host some of the most complex operating systems, don’t control the identities and access points that lead to their critical endpoints.
Only 28% of manufacturing companies employ enhanced identity and access management techniques, while only 25% implement the principle of least privilege, so users only have access necessary to do their jobs and no more.
More and more hackers are targeting third-party remote access and unprotected or shared credentials. 41% don’t remove network access credentials when users no longer need them, meaning 59% of manufacturers could still have open access points that remain unmonitored and unprotected.
Finally, when it comes to network access, less than half are able to restrict their users’ network access and practice network isolation.
Protect OT and IIoT with security controls and monitoring
As a result of all of these issues, 52% do not consider their organization to be very effective at controlling third-party network access, mitigating remote access risk, or complying with regulations.
Proper cybersecurity implementation in a manufacturing environment consists of controlling access and user identities – and then separately monitoring the environment for cyber health.
- Control access: Proactive security measures can control access by internal users and third parties. Zero trust-based methods such as restricting user access down to the protocol level can restrict lateral movement should an attacker breach a network. And credential management features lock passwords in case vendors share logins or a leaked password is compromised (like Colonial Pipeline).
- Control Identities: Digital identities are the disguises attackers need to exploit credentials and access points. Authentication techniques like multi-factor authentication and employment verification are effective ways to verify your users and ensure that the identity accessing your SPS is the same person that you hired to repair the SPS.
- Monitoring: It’s not just the endpoint that needs to be monitored. Access itself—whether via privileged access methods or remote access—must be monitored to watch for anomalous behavior that could impact OT and the Industrial Internet of Things (IIoT).