Evolution of IT/OT Connectivity in Manufacturing Creates Cyber Risk
Digital transformation is bringing about increased interconnectivity between Operational Technology (OT) and Information Technology (IT) networks as organizations reap the benefits of increased productivity, efficiencies, and safety while lowering their operating costs.
Historically, these same benefits were not possible. The physical world of operational technology and OT devices used in manufacturing and critical infrastructure was separated/air-gapped from the digital world of enterprise applications and storage systems located in data centers and the cloud. While air-gapped OT systems remain, many are now being connected, and need to be shielded from both external and internal bad actors.
OT and IT Convergence Creates Opportunity — and Risk
Interconnectivity creates tremendous benefits, and at the same time, it elevates cyber risk. For example, a targeted ransomware attack making landfall in an IT system can spread laterally into OT systems with the potential of taking a manufacturing plant hostage for days or even weeks.
Successful attacks can cost a company thousands to millions of dollars, resulting from disrupted operations, damaged reputation, and recovery expenses. Therefore, IT systems that connect with OT systems need cybersecurity tools to mitigate risk by restricting access to only authorized users who have the right permissions, monitoring users’ and network behaviors, and detecting threats.
Ongoing Risk From Legacy OT Infrastructure
Whether connected or not, many OT systems are vulnerable. OT systems that are decades old — and run by control systems, such as industrial control systems (ICS), human machine interfaces (HMI), and engineering workstations — often rely on outdated hardware, cannot be patched, and may run unsupported operating systems. These factors place organizations at significant risk. For example, systems on Windows® 8.1 operating system may become less secure over time, with the OS reaching end-of-life in January and Microsoft no longer providing tech support and software updates. To mitigate these inherent vulnerabilities, these systems should be cordoned off into their own network microsegment and their network communications continuously monitored.
Risk to Air-Gapped Systems
Even air-gapped OT systems are not totally secure. All it takes is an unprotected USB port on a computer for a malicious insider to install malware. Disabling USB ports, restricting physical and user access to authorized personnel only, and regularly monitoring the systems’ behavior can minimize the risks of a successful attack.
Within an air-gapped OT system, there are typically supervisory control and data acquisition (SCADA) systems as well as end-user workstations, and they can also be compromised. Therefore, they should receive the highest level of attention to ensure that cyberattacks are prevented, and organizations should equip these systems with suitable endpoint security technologies.
IoT in Manufacturing
Turning to Internet of Things (IoT) devices, they often support critical applications in manufacturing. As such, they are as operationally vital as servers and datacenters and can also be the source of business disruption if compromised. In addition, a larger IoT/OT footprint creates more entry points and a broader attack surface for threat actors.
More connected devices in manufacturing are inevitable, so organizations must leverage cybersecurity technology to their advantage. Fortunately, cybersecurity technology powered by AI-based lightweight agents — that do not require online access or disruptive updates — exists right now. It can create and maintain a “self-defending manufacturing floor” — one that is able to identify, prevent, and adapt to threats from both internal and external sources.
But cybersecurity technology alone is insufficient. This technology must be competently managed, and that requires security talent. This is a significant challenge for resource-constrained manufacturers and other critical infrastructure industries, such as electric and energy, oil & gas, and medical IoT. For these resource-constrained organizations, IDC recommends engaging with an experienced managed service provider (MSP) that can step in right away to assist with cybersecurity. This also helps tremendously with fulfilling regulatory and compliance requirements.