What We Do
How We Do
Resources
Company
Partners
Get Started
Blog

Cybersecurity for the modern manufacturing plant

BY eSentire

July 15, 2019 | 4 MINS READ

Cybersecurity Strategy

Want to learn more on how to achieve Cyber Resilience?

TALK TO AN EXPERT

Originally posted in Industry Today on July 10 ,2019

Modern manufacturing faces a trinity of issues when it comes to cybersecurity. First is the merging of manufacturing IT and OT ecosystems and the adoption of new technologies. Second is the increasingly sophisticated cyber criminals who will exploit any vulnerability. Third is the resulting board and executive level of accountability when it comes to cyber risks. To succeed in today’s digital economy, manufacturing companies need to fully understand why and how each of these areas affect security.

Digital transformation and emerging technologies

As operational (OT) and information technology (IT) systems converge and blend into one ecosystem, the job of securing these systems typically sits in two different teams who aren’t used to talking to each other. This is a cultural barrier that must be overcome. Historically, manufacturers have interacted with not one technology team, but two. And these two teams aren’t aligned.

IT teams move at a fast pace to cope with evolving technology for their administrative networks. They regularly reconfigure and refresh equipment and software to cope with new business challenges. OT teams, on the other hand, think in much longer terms. They expect their technologies, like programmable logic controllers and distributed control systems, to be in place for many years. What’s more, IT and OT don’t speak the same language. The DevOps, agile sprints and canary software releases that come up in IT meetings are worlds away from plant-floor technology discussions.

And at the same time, manufacturing firms are adopting new technologies like cloud, machine learning and analytics, and IoT/IIoT, which all come with their own cyber risks. These technologies reduce errors, increase productivity, make better production projections and more. That leads to cost savings, increased profits and competitive advantage. However, they also eradicate the “air gap” that once kept OT systems off the internet and safe from attack.

This provides new opportunities for attackers. Cyber criminals are getting more brazen as they continue to adapt to new technologies and systems. They will prey on the areas they find most lucrative, which includes law firms, healthcare organizations and manufacturers. And in particular, smaller and medium-sized manufacturers typically make easier targets than larger organizations. That’s because they often don’t realize how valuable their data and intellectual property are.

Accountability remains a core issue

In a 2018 FutureWatch report conducted by eSentire, manufacturing firms self-ranked higher than financial institutions when it came to vulnerability to cyber attacks.

Manufacturers are starting to understand that cybersecurity is a board-level issue; they need to view it as an enterprise problem, not just a technology problem. OT risk and IT risk both jeopardize the business.

To overcome this enterprise problem, manufacturers need to create cybersecurity best practices and policies. This requires top-level coordination, which in turn requires cybersecurity to be a core strategic issue, with a chain of command and clear allocation of responsibilities. That means it must start at the board level.

Risk management is a key component of cybersecurity. Manufacturers will need both IT and OT’s help in identifying cybersecurity risks and prioritizing them based on likelihood and impact. Teams can weigh vulnerabilities based on their impact to those assets that are mission-critical to the company.

In addition to overseeing internal systems, manufacturers must extend risk management and cybersecurity protections to their supply chain partners’ security issues, too. To do this, they must identify the risk associated with the supply chain and contractually obligate those supply chain elements to specific security standards. A manufacturer should behave like a privacy regulator by establishing a cybersecurity trigger, so that when an event occurs, they must report it in a certain time frame.

Dotting cyber I’s and crossing cyber T’s

Attacks on manufacturing firms don’t show any signs of slowing down and, in fact, will likely increase. There are no magic bullets, but there are several key steps that firms can take to reduce risk and improve their ability to respond and recover:

United you stand

With so many new technologies at its disposal, the manufacturing sector has an exciting future. Possibilities abound for new processes and products, greater efficiencies and higher revenues. But along with these opportunities come the risks of an expanded threat landscape and the need for a comprehensive cybersecurity strategy. This strategy must start at the board level and align OT and IT teams to create a united front.

eSentire
eSentire

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.

Read the Latest from eSentire