As consumers, we’ve become accustomed to attacks on cyber-security in the form of data breaches. With 1,579 data breaches reported in 2017, the propensity for such threats continues to grow. Similar concerns also extend to the machines used on the shop floor of a manufacturing plant. Increasingly “smart” machines, which are connected to the internet, mean maintenance practices now require a new level of technical expertise and a heightened level of security for Operational Technology (OT) networks.
Preventing OT Attacks
Throughout the manufacturing floor, OT networks are designed to work together. The integrated system of networks includes industrial control and supervisory control and data acquisition systems. Such linked systems were once designed to stand alone with no additional outside protection needed, but connections to corporate networks for the communication of data mean these systems now handle real-time information and with that comes added risks.
The hovering threat of a cyber attack is forcing more manufacturers to understand how threats and instances of sabotage could bring a manufacturing operation to an unanticipated stop. Attackers look to control an industrial network remotely such as in the case of creating an explosion or disabling a power grid, according to Ashok Banerjee, chief technology officer of enterprise security products at Symantec, a provider of next-generation cyber security. Such threats often feature extended attacks, triggered at will, he continued.
The unseen elements of the cyber-based world make securing OT networks and connected machinery a modern and increasingly growing concern for manufacturers throughout the world. The first step in determining the current level of need is assessing if an organization has a secure network with protection from attacks originating inside and outside of the organization.
Layers of a Secure Network
Perimeter security – use of a firewall and intrusion detection protect from outside attack
Communications security – creating data confidentiality through a virtual private network (VPN) or using Secure Sockets Layer (SSL)
Platform security – a plan including antivirus and host-based intrusion detection software to ensure security
Physical security – protection from modification or physical harm such as locks and alarm systems
Access security – ability to control a user’s access to network applications and elements
The need for cyber-security within the manufacturing industry cannot be overstated. This is particularly important for manufacturers with legacy systems, many of which were designed before the looming threat of cyber attacks. Understandably, such defenses are expensive and can create the potential for interruption when/if systems come down. Those weighing the cost of investment in additional security measures will need to assess the risk of a cyber event versus the cost of not being able to produce the company’s products.