Manufacturers are a critical part of U.S. and global infrastructure, making them a prime target for cyberattacks.
According to Tony Del Sesto, Technology Fellow at the Digital Manufacturing and Cybersecurity Institute (MxD), 98% of manufacturing facilities are small and medium-sized businesses (SMBs). With fewer resources than large enterprise organizations, those in the manufacturing sector often face a different set of challenges when it comes to cybersecurity.
Cybersecurity strategies for manufacturers
Del Sesto outlined education as a top cybersecurity priority for manufacturers, offering tips for facility cybersecurity professionals to bolster their security posture.
Identify connected devices and vulnerabilities
Del Sesto, who previously ran the procurement division for a large manufacturer, highlighted the importance of understanding cyber vulnerabilities not just in IT systems, but OT tools as well. "If my IT systems were hacked, I might lose confidential information, I might lose customer information — it's not a good thing. But 99% of the time, my factories are running, I'm shipping product and I'm still getting product from my supply chain. If my OT systems are hacked, my factory goes down," he said.
Identifying which technologies are able to be remotely accessed is a critical first step in assessing the threat landscape in a manufacturing facility. From programmable logic controllers (PLCs) to large machines with an Internet of Things (IoT) component, there are many potential avenues for cybercriminals to attack a manufacturing facility.
One way for manufacturing security professionals to gain better insight into their potential vulnerabilities is to examine the NIST website, which lists known software vulnerabilities that could be present in an organization's code assets. Third-party software can also help identify which pieces of vulnerable code are involved in a facility, according to Del Sesto.
"However, it's not just the good guys that have access to that information. It's also the bad guys, they go to the NIST website and find out all the vulnerabilities as well," said Del Sesto.
That emphasizes the importance of not only threat identification, but also cyber defense in a manufacturing facility.
Protect the threat landscape
From remotely launched hacking to insiders introducing malicious code via USB drives, manufacturers face many cyber threats when operating their facilities.
However, there are many tools that those responsible for cybersecurity in manufacturing facilities can employ:
- Segmentation firewalls contain malicious activity to one network segment
- Antivirus protection can stop known viruses from penetrating a network
- Whitelisting applications only allows approved applications network access
- Private 5G networks can help protect a network by limiting offsite access
With manufacturing facilities and water treatment plants being targeted by cyberattacks, it remains critical for manufacturers to enact cybersecurity strategies to protect their assets and supply chains.