As factories become more integrated into the broader business, cyber criminals are increasingly exploiting them in their attacks. ServiceNow's Sascha Brodsky explains more.
In today’s interconnected world, where manufacturing systems are seamlessly integrated into broader business operations, threats from cyber criminals loom larger than ever.
An array of internet of things, RFID and other operational technologies (OT) utilised on the factory floor can serve as entry points for cyber criminals to tunnel into corporate IT, or vice versa.
Yet safeguarding these critical OT systems often takes a backseat to securing high-profile IT operations, leaving industrial environments exposed to cyber risks and susceptible to attacks.
Companies may soon find themselves struggling to keep up with digital intruders, whose criminal sophistication continues to grow. In a survey by ServiceNow and Dynata, only 34% of respondents said they planned to make a large investment in methods to protect from cyber attacks.
It’s no surprise that IT operations overshadow their OT counterparts in terms of funding and strategy. After all, protecting customer data and business-critical information is of paramount importance. But doing so shouldn’t come at the expense of securing an OT landscape, whose vulnerabilities can leave manufacturers with security risks and exposed to potentially devastating attacks that could disrupt production, cause machinery to malfunction and endanger employee or public safety, as well as compromise sensitive data and tarnish a company’s reputation.
“Operationally, the primary objective of OT is to provide safe and reliable operation,” said Steve Mustard, an independent automation consultant and subject matter expert of the International Society of Automation. And historically, these systems were typically self-contained on-site. “As a result,” added Mustard, “there were no demands for securing the technology. Now, these systems are connected to the internet, as well as business systems in IT environments,” making security a more central issue.
What’s more, because OT environments are so complex, manufacturers often don’t know how vulnerable they are – and therefore haven’t invested sufficiently in OT cyber security. Only 35% of manufacturers said they had a single, comprehensive view of OT vulnerabilities, according to ServiceNow and Dynata’s survey.
An increase in OT attacks
Cyber criminals are starting to pay more attention to OT. In 2021, there were 64 publicly reported operational technology cyber attacks, marking a 140% increase in OT data breaches compared to the previous year. Roughly 35% resulted in physical disruptions, including a ransomware attack against Dole, which caused a plant shutdown and resulted in food shortages. The estimated average damages caused by each attack amounted to $140m.
The recent convergence of IT and OT has opened new avenues for cyber attackers to exploit. Malicious actors are increasingly targeting interconnected industrial control systems, posing risks to global supply chains and economic stability.
Cyber attacks against manufacturers: Why hackers choose OT
Attackers have varied motives, from causing production disruptions and supply chain issues to engaging in industrial espionage by stealing valuable data and proprietary information, according to a report by PwC. Ransomware attacks are also on the rise. In a 2021 cyber attack, the world’s largest meat producer was forced to shut down its nine US beef plants and suffered disruptions at poultry and pork plants.
“The industry must start focusing on protecting critical infrastructure through robust cyber security,” said Hartmut Mueller, Vice President and Chief Transformation Officer at ServiceNow. “There’s no longer a gap between IT and OT, and we are seeing the results of deficiencies in security practices every day.”
Prioritising IT + OT cyber security secures the enterprise
A secure enterprise requires both robust IT and OT security. If one falls short, there will always be increased levels of risk.
According to the ServiceNow/Dynata survey, manufacturing leaders recognise the significance of improved cyber security around OT. Four out of five respondents said they put a high priority on improving OT security to preempt attacks more effectively, to prevent factory downtime, and to keep their employees safe. However, only one-third of respondents had actually made significant progress securing their OT systems.
OT security best practices
The approach to keeping a company safe should be comprehensive and holistic, a combination that includes unifying data and best practices across internal OT and IT teams, as well as managing risk from a large ecosystem of third parties.
That includes keeping tabs on older equipment, too, noted William Heinrich, Founder of Strong Tower Cybersecurity. “They were installed when cyber security practices weren’t a concern,” he said. “Additionally, the technology may be old enough that patches for operating systems, software and firmware are no longer available.”
Assess existing OT systems with risk scores
A good first step to creating more secure systems is an inventory of industrial equipment and a basic risk assessment that includes understanding the consequences of compromise and the vulnerabilities in the OT infrastructure. Mustard suggested asking: How are these systems connected to the network? What types of cyber security mechanisms are installed? Are there any vulnerabilities, and are there any patches to close the vulnerabilities? These assessments also need to occur in real-time or near real-time.
Prioritising the most critical asset vulnerabilities with risk scores enables manufacturers to optimise the continuity of operations. Automated OT service management and intelligent routing can proactively resolve the vulnerabilities and risks that are most pressing. In the survey, manufacturers identify OT service management as the top targeted area to improve operational technology security.
Regular OT security reassessments are integral to organisational safety
To safeguard against future disruptions, a fundamental reassessment of OT security is required, integrating it into the enterprise risk approach that has long been taken for IT. This strategic conversation starts at a C-suite level, helping to define governance and responsibilities across OT and IT teams. By creating a unified operating model, manufacturers can proactively identify vulnerabilities, mitigate cyber threats, maintain compliance, and ensure a more cyber-secure and efficient future for their businesses.
Read more: Download your Guide to OT Security
For more stories on Digital Transformation click here.