Report: IT, OT and IP are the three biggest risks for secure manufacturing networks
April 10, 2019 by Manufacturing AUTOMATION
April 10, 2019 – The threats facing manufacturing networks that are still running outdated technology include risks to intellectual property and production processes, according to a new report by Trend Micro Incorporated, a cybersecurity solutions provider and research body.
The report, called “Securing Smart Factories: Threats to Manufacturing Environments in the Era of Industry 4.0,” outlines the security dimension of a new era for manufacturing driven by IoT and connectivity everywhere. Manufacturers are heavily investing in the convergence of traditional operational technology (OT) with IT networks in 2019, adding new technology to environments that are still vulnerable to more than 10-year-old issues, like Conficker.
“Industry 4.0 offers unparalleled opportunities to increase productivity, enhance process efficiencies, and realize on-demand manufacturing, but it also dramatically alters the threat risk model for these facilities,” says Steve Quane, executive vice-president, network defense and hybrid cloud security for Trend Micro. “As this research outlines, the convergence of IT and OT could unwittingly have a serious impact on production lines, and could lead to the loss of IP and competitive advantage. Trend Micro will continue to support the industry by providing innovative AI-driven solutions to protect business-critical data and processes across the connected world.”
The report highlights the triple threat facing manufacturing, including the risks associated with IT, OT and IP. Previously isolated operations networks are being connected to the IT network to drive efficiencies, but this exposes insecure proprietary protocols and potentially decades-old OT equipment that is often not patched frequently enough because of its criticality. There is a disparity between the significant operations performed by these devices and the fact that they operate for years with known vulnerabilities.
According to Gartner, Inc.’s recent “Strategic Roadmap for Integrated IT and OT Security” report, “OT networks and assets, and their security implications, were undiscovered and unmanaged for many years. As a result, current OT networks are unsegmented with a mix of production protocols, unidentified assets, legacy systems and devices. These industrial components have many unsecure communication channels to corporate/IT networks, and they utilize different vendor architectures and security standards.”
In addition to maintaining legacy infrastructure with known weaknesses, new vulnerabilities are being discovered more frequently than ever before in these systems. Zero-day vulnerabilities purchased in human-machine interfaces (HMIs) of industrial control systems increased by more than 200 per cent in 2018 compared to the previous year.
Manufacturers are thus exposed to both targeted and commodity malware, including cryptocurrency mining attacks that could harm key production processes by consuming processing power and causing network latency. Ransomware is also a major threat to manufacturers if the attack affects production.
To help mitigate the impact of Industry 4.0 threats, Trend Micro recommends manufacturers remember the basics of cybersecurity, such as restricting user access and disabling directory listings, as well as identifying and prioritizing key assets to protect.
To find out more, read the complete report.