Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

3/29/2021
06:10 PM
50%
50%

Manufacturing Firms Learn Cybersecurity the Hard Way

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.

Manufacturing firms have become a top target of cybercriminals, extortionists, and nation-state groups, with 61% of companies experiencing a cybersecurity incident affecting their factories and three-quarters of those incidents taking production offline, according to a report published by cybersecurity firm Trend Micro on Monday. 

The report, based on a survey of 250 IT departments and 250 operational technology (OT) departments, states that OT groups have more challenges with security across the board, with technology presenting the most difficulty for both groups but with people and process posing a greater security problem for OT groups. Among the challenges for OT groups are a lack of visibility into assets and associated cyber threats, and a lack of set goals for cybersecurity maturity.

Related Content:

Manufacturing Sees Rising Ransomware Threat

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: A Day in the Life of a DevSecOps Manager

The different challenges and viewpoints mean that IT and OT groups should be collaborating on cybersecurity, but only 12% of groups are working together, says William Malik, vice president of infrastructure strategies at Trend Micro.

"OT systems generally are not overbuilt, so they are chronically short of available processing power, memory, [and] network bandwidth," Malik says. "On the other hand, IT people tend to do a better job at understanding attacks. So, working together they can get better protection and trustworthiness without risking crucial functionality."

The survey is the latest to identify manufacturing as an industry sector in the crosshairs of cyber attackers. Manufacturing  along with healthcare, information technology, and construction are the top industries targeted by ransomware groups, according to a recent report by network security firm Palo Alto Networks. A November report found that multiple ransomware development teams had started adding features to the malware to manipulate industrial control systems. 

The survey revealed that the average manufacturing firm has experienced a cyber incident, and 75% of those companies had suffered a production outage as a result. In 43% of the outage cases — about 20% of all manufacturing firms — had production stopped for more than four days after a cyberattack.

"Factory cybersecurity is in the developing phase," the Trend Micro report states. "Cyber incidents have not been rare, and many companies are making progress in both organizational and technical approaches and most of them aware the risks attached. As factory cybersecurity evolves in the next few years, this survey shows that it is difficult to select appropriate technical measures."

Because the survey only asked if a company had ever experienced a cyber incident, the data is not an indication of increasing threat and may indicate severe past incidents, such as NotPetya or WannaCry, both of which cause significant manufacturing outages and damages.

The survey data also shows differences in companies based in the United States versus Germany and Japan, the two other countries surveyed. The US firms saw fewer challenges with securing people, processes, and technology than Germany or Japan.

"US manufacturers may have done a better job of deploying that 1990s approach to information security — build a perimeter to keep the bad actors outside," says Malik. "The current interest in 'zero trust' emphasizes the need for a deeper understanding of what traffic occurs within the corporate network."

Yet unique OT challenges mean that collaboration with IT security groups is even more important. Take the example of medical equipment. While IT groups are used to pushing for faster patching, many medical devices are approved by the Food and Drug Administration and cannot easily have the software changed after certification, says Malik.

"Given the inaccessibility of some OT systems, remote maintenance is crucial — and difficult to design," he says. "OT systems are usually constrained, so installing additional software to manage potential problems usually is not possible."

Overall, while 89% of companies have built operational processes for cybersecurity, and 88% have created an incident response process, both OT and IT teams have done so separately. Only 12% of respondents actively collaborated with their counterparts in designing either process, according to the survey. 

Companies whose OT and IT groups collaborated had much greater adoption of cybersecurity technology and cybersecurity strategies, such as segmentation and asset discovery.

"[I]f both IT and OT teams participate in the selection of technical measures and the decision-making process in factory cybersecurity, the implementation of technical measures will be easier," the report states. "In particular, there are significant differences in [the rate of adoption of] measures such as firewalls, IPS, and network segmentation."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVE-2021-29452
PUBLISHED: 2021-04-16
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...
CVE-2021-29444
PUBLISHED: 2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...