Cybersecurity: Securing the Front Line
Protecting your manufacturing network involves the entire organization
In recent years, the Department of Homeland Security and United States Secret Service arrested a foreign agent alleged to have facilitated over $4 billion worth of transactions worldwide for cyber criminals engaging in computer hacking, identity theft and ransomware. Major manufacturers are often targets. Last year, hackers infiltrated Tesla’s cloud environment and stole computer resources to mine cryptocurrency (dubbed “cryptojacking”), while proprietary data related to mapping, telemetry and vehicle servicing also was exposed.
While the breach was swiftly rectified, it illustrates manufacturing’s need for improving cybersecurity. Manufacturing supply chains are connected, integrated and interdependent to improve production efficiencies. Securing the entire multiple company supply chain is not a top-down mission. Rather, it depends on security decision-making at each local plant level.
“Industrial cybersecurity is now central to business strategy, not an afterthought,” says Rebecca Taylor, vice president of the National Center for Manufacturing Sciences (NCMS). “Security at every level should be a prerequisite for deploying new technologies.”
At the 2018 Automation Conference, Taylor cited a recent Symantec study showing there has been a 92 percent increase in malware, and a 46 percent increase in ransomware. Ransomware in particular has evolved, with hackers no longer asking for exorbitant amounts of money. They now make it a “nuisance” amount like $30,000, Taylor says, and they usually get it.
Is manufacturing particularly at risk? “All critical infrastructure sectors present unique challenges and are at risk due to vulnerabilities that can be exploited by criminals and nation-state cyber actors,” replied the U.S. Department of Homeland Security in a statement. “The last five years have brought an increase in concern regarding the potential for cyber-based attacks on critical infrastructures, and the number of cyber-based incidents across critical infrastructure sectors that asset owners reported to DHS’s National Cybersecurity and Communications Integration Center (NCCIC) has risen.
When adversaries inevitably strike, will defenders be prepared, and how quickly can they recover? Findings from the Cisco 2018 Security Capabilities Benchmark Study—which offers insights on security practices from more than 3,600 respondents across 26 countries— show that defenders have a lot of challenges to overcome. Even so, defenders will find that making strategic security improvements and adhering to common best practices can reduce exposure to emerging risks, slow attackers’ progress and provide more visibility into the threat landscape.
Standards organizations are one place to look for direction on how to establish risks and set up responses. The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, is a collaborative hub where industry organizations, government agencies and academic institutions address the most pressing cybersecurity challenges for businesses. This public-private partnership enables practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges. Working with technology partners—from Fortune 50 market leaders to smaller companies specializing in IT security—the NCCoE and NIST are developing modular, easily adaptable examples of cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology.
The five “functions” of NIST’s Cybersecurity Framework Core are:
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data and capabilities.
Protect – Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Respond – Develop and implement the appropriate response actions regarding a detected cybersecurity event.
Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any impaired capabilities or services due to a cybersecurity event.
On or Off the Internet?
“The issue every manufacturer needs to take a hard look at is how militant do they need to be about network security,” said Joe LaRussa, director of industrial engineering – seats at Brose Group, the world’s fourth-largest family-owned automotive supplier. Addressing the Michigan Manufacturers Association, he said building a point-to-point off-internet hardware network among all company locations minimizes entry points and makes manufacturing a harder target. The downside is such a setup is extremely costly.
LaRussa adds, “Perhaps sharing costs with local municipalities would not only make cybersecurity more affordable but make the U.S. more competitive compared to other countries relying on strong incumbent internet service providers. Managing internet infrastructure as a utility could provide a high security alternative to traditional internet service.”
Solving emerging security challenges is a vital part of ongoing continuous improvement in manufacturing. As threats appear seemingly daily, so are solutions from a number of automation, network, industry associations and cybersecurity specialists. The value of production efficiency means sharing it wisely and protecting it securely.
Some opinions expressed in this article may be those of a contributing author and not necessarily Gray.