Securing industrial environments and the risk of isolated PCs
It hardly comes as a surprise that the COVID-19 pandemic has pushed forward many digital initiatives worldwide. Businesses had to accelerate their digital plans, ensure employees could work from home, and provide remote access to sensitive information – otherwise, they feared missing out on lost business during what was already a trying financial time. However, this in turn has also led to an increase in cyberattacks with threat actors looking to take advantage of businesses that didn’t have robust plans in place. While this shift and rush towards digitization have affected almost every industry, it is critical that those in the industrial sector are paying extra attention, and now is the time to do so as organizations start to re-think their budget, plans, and the solutions they have in place for 2022.
Up until now, the industrial sector has operated on the basis of closed systems. Now, however, migration to Industry 4.0 means that machines, applications, PCs, and factories are being increasingly connected to cloud systems, using big data and artificial intelligence (AI) and interfaced with corporate IT systems.
This convergence between industrial and standard computer technology is radically changing the game. However, along with the vast benefits to be enjoyed from a truly connected world such as enhanced productivity, sustainability, traceability, and raw material optimization, there is also a rising tide of security threats which, if not properly addressed, could spell disaster for the industry.
In particular, improving the security of PCs and laptops is something that needs to be addressed immediately. In terms of volume alone, there are many more laptops and computers in most environments and each is a potential attack vector for cybercriminals. For example, as the healthcare situation began to stabilize and more and more people began to return to the office, the cyber risk also increased as some of the devices were either unpatched or could be infected with malware.
As the boundaries between our personal and professional lives blur, it is essential that businesses try to nullify any cyber risk this brings.
On the other hand, there is also the fear of criminal attacks by individuals or small groups, which are now occurring on a regular basis. Events such as the cyberattack on Toyota supplier Kojima Industries in early 2022, or the ransomware attack in May 2022 on AGCO, an American agricultural machinery manufacturer, clearly highlight the impact that cyber incidents can have on the industrial world, so protecting all devices in this industry is essential. So, what can the industrial sector do to prepare?
Industrial Systems: A favourite target for cyber-criminals
“The industrial sector is one that never sleeps, with machines often working around the clock and warehouse staff up at the crack of dawn. Moreover, the reality is that it can’t afford to stop: the intrinsic fragility of this industry is making it a primary target for cybercriminals. So much so that in 2021, the manufacturing industry suffered more than 23% of all cyberattacks worldwide, according to IBM.”
In addition, we are also seeing more companies opting to work with suppliers in the industry that can demonstrate proven cybersecurity robustness. This combination puts industrial organizations under the spotlight and shows how extremely crucial a well-thought-out cyber security plan is. It is about protecting data and systems, ensuring operations can continue to run smoothly and it is also ensuring they can prove robustness to prevent losing out on key projects and business along the way. This means quickly and effectively addressing the cybersecurity challenges facing the sector and proving that cyber risk management is considered in their solutions and business.
Furthermore, for the industrial sector, this goes beyond business, as breaches could also result in physical harm, either to employees injured by a malfunctioning production line or to the general public put at risk by system outages. As the Industrial Internet of Things (IIoT) expands, industrial equipment is increasingly connected to digital systems and needs to be protected from new digital threats. Without proper security in place, there is potential for such equipment to be manipulated by hackers and terrorists, or simply left exposed by negligence. This can result in anything from costly breakage through to contaminated services and harmful explosions – think of oil, gas, and water suppliers.
The rise in threats is also combined with the fact that this sector is one of the most difficult to protect. The life cycle and the service continuity of industrial equipment only ring additional difficulty. Many industrial organizations rely on isolated PCs within their environment, and this means that these devices often have specific operating systems or applications which simply cannot be managed and secured with the usual IT infrastructure. As an example, for these devices, traditional antivirus products simply won’t work unless they are connected to the internet. In addition, any endpoint device can easily become an entry point for hackers, and ensuring industrial companies have the right security strategy in place is crucial.
The security trade off
One of the other key challenges is just how interconnected industrial systems are, an attack on one device or system has the potential to bring down the entire business. They are integrated to manage production, scheduling, and remote access. Clearly, the integration of systems has introduced a great range of benefits such as reduced water and energy consumption, alongside an increase in overall equipment effectiveness, but as with most big developments, these benefits have come at a price. This means more entry points that businesses need to protect against, and a poorly secured system can provide an all-too-convenient way in for threat actors allowing them to infiltrate the network.
In addition, an equally important factor to consider is that due to these recent integrations, what previously might have been viewed as an irrelevant security issue could now be a major vulnerability – allowing threat actors to wreak havoc across the business – from bringing production lines to a halt through to threatening the use of security of equipment. With this interconnection and the convergence of IT and OT threats can infiltrate the network, giving potential attackers free rein over highly sensitive material and assets.
Up until recently, the very nature of industrial business has also presented a challenge. Unlike other sectors, in the industrial space there is a need for systems to run nonstop, and this must also be contented with the delicate balance of keeping facility costs low and availability high. What this has often meant it that priority has been placed on the availability and safety of equipment over cyber security.
A second area that IT teams need to pay close attention to is that many systems in this space, were once traditionally isolated before many digital initiatives began. Because many of these systems were essentially air locked from the outside world for so long, little attention has been paid to ensuring their security, leaving potential security gaps as they become connected to the rest of the IT environment and IP-enabled.
A weak security system puts organizations, workers, and the general public at risk when it comes to the industrial sector. From a workforce viewpoint, a cyberattack can result in malfunctioning machinery and disrupted processes which can be extremely hazardous, with explosions, power surges, and sudden changes in machine activity among the many dangers such a breach may cause. In addition, one of the biggest potential results of cyber-breach is a full production shutdown. Not only is this financially detrimental, but it can have major reputational and public safety consequences as well. As an example, disruption to rail networks and traffic signals can cause damage to the normal functioning of integral aspects of our built environment, as well as physical risk. A power grid shutdown, for example – such as the infamous attack in Ukraine in 2015 – can have extreme impacts. Without gas, electricity or water, the consequences could be fatal. For the organization itself, the financial cost of a cyber breach or attack is just the tip of the iceberg. Data leaks are hugely disruptive and put the organization under great pressure from additional repercussions when it comes to compliance.
What can be done?
Ultimately, what this means is that organizations need to have a robust security system in place, which includes endpoint management and control over who has access to critical systems, when, and how they are permitted to use them.
While most attention is paid to the threat of attacks from outside sources, it is equally as important to secure the organization from the inside, and restricting and monitoring access will allow this. External attackers can piggyback on credentials from those within the company to execute their attack, a move that can be avoided, or at least mitigated, by having proper access management in place. Likewise, increasing reports of insider attacks highlight the need to minimize access to the least privilege principle.
In a world where connectivity across devices and systems is now ubiquitous, the necessity for organizations to arm themselves adequately against the growing tide of cyber threats is absolutely crucial. As the use of IoT grows across the industrial sector, the pressing need to secure all operational collateral, both physical and digital, cannot be underestimated.
To ensure business continuity and asset resilience, companies need to make sure that access to their OT infrastructure is protected anytime, anywhere. Securing credentials usage, controlling privileges elevation, or restricting network access, should be seen as a priority and not as a trade-off.
Privileged Access Management (PAM) coupled with endpoint security plays a central role in securing these systems. Without effective controls over access to critical systems and data, the dangers to organizational performance, compliance, profitability, and reputation are immense. Furthermore, any breach that threatens the safety of workers and the general public is inexcusable. It is time we took the security of Industry 4.0 seriously. There is too much at stake not to.