Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

06:10 PM

Manufacturing Firms Learn Cybersecurity the Hard Way

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.

Manufacturing firms have become a top target of cybercriminals, extortionists, and nation-state groups, with 61% of companies experiencing a cybersecurity incident affecting their factories and three-quarters of those incidents taking production offline, according to a report published by cybersecurity firm Trend Micro on Monday. 

The report, based on a survey of 250 IT departments and 250 operational technology (OT) departments, states that OT groups have more challenges with security across the board, with technology presenting the most difficulty for both groups but with people and process posing a greater security problem for OT groups. Among the challenges for OT groups are a lack of visibility into assets and associated cyber threats, and a lack of set goals for cybersecurity maturity.

Related Content:

Manufacturing Sees Rising Ransomware Threat

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: A Day in the Life of a DevSecOps Manager

The different challenges and viewpoints mean that IT and OT groups should be collaborating on cybersecurity, but only 12% of groups are working together, says William Malik, vice president of infrastructure strategies at Trend Micro.

"OT systems generally are not overbuilt, so they are chronically short of available processing power, memory, [and] network bandwidth," Malik says. "On the other hand, IT people tend to do a better job at understanding attacks. So, working together they can get better protection and trustworthiness without risking crucial functionality."

The survey is the latest to identify manufacturing as an industry sector in the crosshairs of cyber attackers. Manufacturing  along with healthcare, information technology, and construction are the top industries targeted by ransomware groups, according to a recent report by network security firm Palo Alto Networks. A November report found that multiple ransomware development teams had started adding features to the malware to manipulate industrial control systems. 

The survey revealed that the average manufacturing firm has experienced a cyber incident, and 75% of those companies had suffered a production outage as a result. In 43% of the outage cases — about 20% of all manufacturing firms — had production stopped for more than four days after a cyberattack.

"Factory cybersecurity is in the developing phase," the Trend Micro report states. "Cyber incidents have not been rare, and many companies are making progress in both organizational and technical approaches and most of them aware the risks attached. As factory cybersecurity evolves in the next few years, this survey shows that it is difficult to select appropriate technical measures."

Because the survey only asked if a company had ever experienced a cyber incident, the data is not an indication of increasing threat and may indicate severe past incidents, such as NotPetya or WannaCry, both of which cause significant manufacturing outages and damages.

The survey data also shows differences in companies based in the United States versus Germany and Japan, the two other countries surveyed. The US firms saw fewer challenges with securing people, processes, and technology than Germany or Japan.

"US manufacturers may have done a better job of deploying that 1990s approach to information security — build a perimeter to keep the bad actors outside," says Malik. "The current interest in 'zero trust' emphasizes the need for a deeper understanding of what traffic occurs within the corporate network."

Yet unique OT challenges mean that collaboration with IT security groups is even more important. Take the example of medical equipment. While IT groups are used to pushing for faster patching, many medical devices are approved by the Food and Drug Administration and cannot easily have the software changed after certification, says Malik.

"Given the inaccessibility of some OT systems, remote maintenance is crucial — and difficult to design," he says. "OT systems are usually constrained, so installing additional software to manage potential problems usually is not possible."

Overall, while 89% of companies have built operational processes for cybersecurity, and 88% have created an incident response process, both OT and IT teams have done so separately. Only 12% of respondents actively collaborated with their counterparts in designing either process, according to the survey. 

Companies whose OT and IT groups collaborated had much greater adoption of cybersecurity technology and cybersecurity strategies, such as segmentation and asset discovery.

"[I]f both IT and OT teams participate in the selection of technical measures and the decision-making process in factory cybersecurity, the implementation of technical measures will be easier," the report states. "In particular, there are significant differences in [the rate of adoption of] measures such as firewalls, IPS, and network segmentation."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-17
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
PUBLISHED: 2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
PUBLISHED: 2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.