Staying Ahead of Threats to Industrial Control Systems (ICS) Cybersecurity

Summary

Manufacturing organizations know that unplanned downtime is costly. What may be less clear is the impact that cyberattacks, like ransomware, have on downtime. Simply put: successful attacks on manufacturing mean downtime–not measured in hours or days, but often weeks or longer. 
 
ThirdPartyTrust reports that cybercriminals are drawn to the most vulnerable and profitable sectors, which is probably why manufacturing received nearly one fifth of all attacks on businesses and organizations in 2020.  
 
The average cost of a ransomware attack in the manufacturing sector is $1.52 million USD, according to Sophos research. This is not just the cost of downtime and ransoms paid; it also includes the cost of lost opportunities, and no doubt the immeasurable loss of trust from customers and other stakeholders.  
 
Besides going after system disruption to help drive ransom payments, cybercriminals also try to gain access to high-value data like IP; extort third parties by threatening to expose their data; and threaten to harm plants, assets and workers. 

 
Critical Manufacturing supports Critical Infrastructure 

The Critical Manufacturing Sector is crucial to economic prosperity and continuity, notes the U.S. Cybersecurity & Infrastructure Security Agency (CISA). The industries that comprise this sector – metals, machinery, electrical equipment, appliance and component, and transportation equipment – require manufacturing industry cybersecurity to be strengthened, as a direct attack or disruption could disturb essential functions, economic interests and daily life. 
 

Critical Manufacturing and pandemic-related risks 

CISA identified several operational vulnerabilities in industrial control systems (ICS) related to going remote during the COVID-19 pandemic. Remote authentication, for example, is more of a challenge than when employees are physically present in a traditional workplace environment. Reduced network segmentation and expanded cyberattack surfaces from remote locations and devices create additional vulnerabilities.  
 
Effective management of remote processes, including security, identity validation and ongoing monitoring, must be in place to prevent simple to catastrophic downtime from cyberattacks. Sensible and straightforward, right? However, CISA also concludes that managing cybersecurity risks in an ICS environment requires skills that are difficult to find and maintain, especially when organizations are facing pandemic-driven changes. Support is needed. 
 
Some of the largest manufacturers in the world have successfully deployed advanced cybersecurity controls. 
 
For example, a Latin American chemical manufacturer needed secure remote access to their IT/OT network for employees, while reducing the risk of cybersecurity incidents. Rockwell deployed a solution with remote configuration services for 2,000 intelligent drives. The program was fully integrated into the organization’s process control system that handles 8,000 I/O points, reducing cybersecurity risks to the corporate and OT networks. 
 

Network visibility: You can’t protect what you can’t see 

While the sophistication of attacks grows, most attacks are preventable with today’s known cybersecurity methods and tools, since attackers often look for and strike the easiest security gaps first. But many manufacturers don’t have clear visibility into the assets on their industrial network, making it harder to secure, while complicating threat detection and risk mitigation.  
 
What’s more, with IoT devices proliferating and manufacturing companies undertaking digital transformation initiatives, network visibility becomes even more important.