In a recently published addendum to its 2023 Hybrid Security Trends Report focused exclusively on manufacturing, cybersecurity solutions provider Netwrix found that 64% of manufacturing organizations experienced a cyberattack in the past 12 months. said. While this is on par with other industries, the nature of the attacks was unique, with more cyberattacks focused on cloud infrastructure than on-premises infrastructure.
According to the report, the following companies were among the manufacturers that detected cyberattacks:
- 85% discovered phishing in the cloud, compared to 58% across all industries.
- 43% of user accounts were compromised in the cloud, compared to 27% across all industries.
- 25% of organizations have experienced data theft in the cloud, compared to 15% of all organizations.
Photo: Alamy
“Manufacturing industries rely heavily on the cloud, especially for real-time collaboration with the supply chain,” Dirk Schrader, vice president of security research at Netwrix, said in the report. “Compromising this cloud infrastructure is a lucrative target for attackers, as it can enable lateral movement and compromise other linked organizations.
According to Schrader, the solution provided by Frisco, Texas-based Netwrix addresses the six pillars of the Cybersecurity Framework (CSF). The framework was first introduced in 2014 by the US Department of Commerce's National Institute of Standards and Technology (NIST) and is designed to help organizations of all types manage and reduce the risk of unauthorized access to information systems. I am. NIST he published his CSF update in February.
“Early versions of the NIST Cybersecurity Framework talked about identifying, protecting, detecting, responding, and recovering as necessary capabilities that organizations should have,” Schrader said in an interview with Power Progress. He added that the latest version includes a governance pillar. “What are your ideas on how to coordinate these things?” he said. “How do you put all of this into context from a regulatory perspective and from a policy perspective?”
Vulnerabilities in “noisy” computing
According to Schroeder, smart manufacturing concepts generate and share large amounts of data, making production lines vulnerable to cyberattacks. Schroeder calls this a “noisy” computing environment.
“The main effect of smart manufacturing is two-fold: You can leverage data to look for additional benefits and create additional value,” Schroeder said. “But on the other hand, the idea of collecting, harvesting, and generating more data in order to have more flexibility, that flexibility itself creates opportunities for attackers.” The environment is a “perfect place for an attacker to hide,” he added.
Schrader added that edge computing is often used to process and manipulate data on the factory floor, further impacting cybersecurity in manufacturing.
“From a data center perspective, in simplistic terms, you're bringing a critical part of the processing, the computing part, to the manufacturing floor,” he said. “As a result, security architectures need to adapt to this setting. It requires local oversight, local understanding, and local change control.”
Schrader said that understanding includes what data is being shared with whom or what, and because increased production data generation means an increased amount of security data being created. Contains whether the is logged.
“At every moment of the day, can you really identify and say who is operating the machine, locally or remotely, who is extracting data from the machine, who is extracting data from edge computing? '' he said.
Reduction of attack surface area
It's important to understand this overall data footprint. According to Schroeder, cybersecurity is all about reducing what he called the “attack surface,” which can be a counterintuitive approach in a smart manufacturing environment. is.
“Essentially, what you're doing is extending it [the attack surface]”Because more machines are communicating with each other,” he said. “But then you have to adapt your security approach, your security architecture: how you capture logs, how you monitor, how you control setup, configuration, and even changes to your business processes. That's true at any time of the day. I have the ability to control what's going on. I have that visibility. I fully understand that.”
Cyber security culture
According to Schrader, cybersecurity needs to become part of a company's culture. Encouraging a change in mindset requires training across the organization.
“If you're in the field, you're talking about inventory, you're talking about doing the same thing over and over again,” he said. “In the IT industry, we have much shorter device lifecycles and we're talking about patchability, data integrity, etc. So we're talking about two different schools of thought. And this guy says two things. , there is a bridge to be built between the two ideas.
Part of that bridge is helping shop floor employees and IT staff understand the unique aspects of each other's roles in the manufacturing environment.
“If you have this concept of how to use technology, IT needs to learn it,” Schrader says. “IT departments basically need to speak the jargon of the shop floor. On the other hand, we are trying to understand what multi-layered communication means from the perspective of manufacturing employees who are not embedded in IT. Maybe you need to understand.”
