Authored by: Eddie Stefanescu, General Manager of APJ at Claroty
Singapore, through the Economic Development Board, has acknowledged that there is a need to reinvent the current manufacturing model into one that is innovation-based and offers high-value production. There is much talk of the Industry 4.0 promise to push adoption of automation and robotics, large scale monitoring systems that provide real-time information about production processes, and flexible systems that can be quickly adapted to produce modified or different products.
During the pandemic manufacturers have had to re-evaluate their entire modus operandi amid strict social distancing measures, and there is now a widespread need to keep things running with a limited onsite workforce and enable remote access to manufacturing plants. It is therefore an apt time for manufacturers to invest in and implement the state-of-the-art fully integrated operational technology (OT) and information technology (IT) systems which they will need to adopt Industry 4.0.
Comprehensive OT/IT integration empowers manufacturers because at the foundational level, with better business process planning and management, IOT/IT integration can help gear production systems to know the business’ priorities, and to be more responsive to customer requirements. It also helps with effective remote management. Yet while there are many advantages to integrating these systems, there are also new security challenges to address, with one of the most pertinent being remote access to OT.
The very nature of remote access to manufacturing facilities inevitably gives attackers more points of entry into the network. Claroty research found that in the second half of 2020, 71% of the industrial control system vulnerabilities disclosed were remotely exploitable through network attack vectors.
As OT systems are often required to control or monitor real-time processes, manufacturers cannot afford to have system outages. In some cases, outages can be catastrophic, such as shutting down power plants. Thus, internal and third-party users require easy and importantly secure remote access to industrial assets for maintenance or other purposes to reduce their mean time-to-repair. Administrators also need to have the ability to monitor remote sessions, or to disconnect user sessions in the event of malicious activity in real-time to prevent outages.
Specialised security solutions are also required. OT networks run on proprietary protocols, which in current manufacturing environments are often powered by legacy equipment that is incompatible with conventional IT security tools (like the VPN-based remote access solutions used in enterprise environments), rendering them inaccessible. Existing IT security tools can’t gather the necessary data from OT networks to calculate and mitigate risk. Moreover, the traditional VPNs they run on can be accessed through the public internet and attackers can use them as a potential entry point for malicious activity if they manage to steal an authorised user’s credentials.
Once secluded from corporate IT networks, which separated them from the Internet and thus the global community of hackers and cyber-criminals, the connectivity of OT networks today mean the entire network can become vulnerable and exposed to the threats. More so if OT and IT networks have been suddenly connected and are not carefully integrated. To avoid such circumstances, security tools that have deep visibility into their networks are recommended in manufacturing operations, to determine all connected devices and network processes.
While there are no simple solutions, the following steps help to ensure a fully guarded OT network security system:
Network monitoring. By using continuous monitoring via virtual segmentation - rather than physical or actual segmentation - you can permit only necessary connections to each part of the network, which can help lessen the risk of unsuspecting devices being used as attack routes. It’s essential to prevent situations where vulnerable and, in some cases, trivial devices are given access to a company's crown jewels.
A complete inventory of connected assets and the communication paths between them. Manufacturers need to reveal and contextualise network contents, including its invisible or poorly understood contents. Once visibility is established, real-time threat detection and response can be enabled.
Recognise that you can’t eliminate risks, but can mitigate them by implementing proactive monitoring. Monitoring is used to observe indicators of threat actors attempting to exploit your environment. Establish a baseline by defining what “normal” network operations look like, and then monitor the network to understand how all devices interact with each other. That way, any anomalies in activity can be detected and shut down before an attack occurs.
Ideally, to protect their facilities, manufacturers should deploy specialists that embrace OT and the IT/OT connect when it comes to securing remote access to critical environments. Purpose-built OT solutions far better address OT needs than general remote access solutions. The investment is worthwhile as remote work will likely continue in some capacity long after the pandemic is over.
Moreover, continuous monitoring enables deep asset, network, and process visibility, which helps detect known-threats and anomalies in real time, flags vulnerabilities, and promotes understanding of, and prioritization for, risk. OT solutions can calculate and map potential attack routes and contribute to physical segmentation to curtail both deep and lateral movement in OT.
Thus proactively protecting OT networks with robust security tools will continue to help manufacturers fully protect their networks as they journey to adopt Industry 4.0 technology.