How to Strengthen OT Security Against Manufacturing Ransomware Attacks

As manufacturing devices become increasing interconnected security leaders need comprehensive strategies to fully secure their environments to protect against malware, ransomware, and supply chain attacks. This includes sophisticated IT environments, to mitigate risk and provide protections for the myriad of Internet of Things (IoT), operational technology (OT), and industrial control systems (ICS) connected across their facilities.

IoT/OT/ICS components, which we will refer to collectively as OT, are now fully integrated to the IT and building network dependencies to enable granular data collection and operational efficiencies. At the same time, this enhanced device connectivity puts OT systems at greater risk of falling victim to cybersecurity threats and attacks. OT systems often lack the basic security features their IT counterparts take for granted. Security features such as encryption and access controls aren’t as widely available on some of these legacy systems that rely on older technologies, making it more difficult for them to defend against modern cybersecurity threats.

Effective OT security is critical to manufacturing success as threat landscapes broaden and attackers scout for weaker infrastructures. This piece will dig into the critical differences between IT and OT security, the blind spots manufacturers must avoid when implementing OT security, and the key steps to take toward establishing smart OT security in your manufacturing environment.

IT versus OT Security: How They Differ

Industry 4.0 features a more interconnected ecosystem of OT and ICS systems, which can also include cloud services, digital supply changes, and enterprise IT. The upside is that this interconnectivity fosters data-driven decision-making and improved operational efficiencies. The downside is that the heightened connectivity attracts attackers focused on breaching the operational environment to gain access to the broader network.

IT and OT networks are increasingly converging, and it is crucial to protect the OT systems to maintain operational continuity and reliability. A breach in OT can directly impact the physical manufacturing process, causing operational setbacks and risks to the business. OT security requires manufacturing leaders to invest in different toolsets because:

• IT environments are generally made up of Windows and Mac devices connected to hybrid cloud and software-as-a-service (SaaS) applications. OT environments are made up of several different devices from various vendors designed solely to control or monitor a specific piece of equipment.
• IT environments are based on TCP/IP networking, and IT networks are based on the Purdue framework, which acts as a foundational framework for structuring and securing OT networks by dividing them into distinct levels or zones based on functionality and security needs, effectively separating critical control systems from enterprise IT networks.
• Both IT and OT teams care about confidentiality, integrity, and availability (CIA), but IT security primarily focuses on confidentiality, while OT security prioritizes availability.

Because manufacturers rely so heavily on OT equipment for revenue operations - a ransomware cyberattack can lead to production stoppages, delays, and quality issues—which will all significantly impact a manufacturer’s bottom line. Most industries must adhere to strict regulations regarding cybersecurity for critical infrastructure – however, manufacturing has lagged behind in terms of security maturity. The increasing integration of IT and OT networks also expands the attack surface for malicious actors - a breach in the IT environment could leave the organization vulnerable to a lateral attack in the OT network, and vice versa.

OT security vendors are emerging to address the security challenges specific to these environments. Technology to secure OT networks can offer capabilities including asset discovery, asset management, vulnerability assessment, network protection, and threat detection for devices ranging from programmable logic controllers, remote terminal units, actuators, lighting systems, and heating, ventilation, and air conditioning units, among others. This combination of asset visibility and real-time anomaly and threat detection can help manufacturers better secure OT networks.

A common approach by these OT security providers includes collecting data from sensors placed inside the network and analyzing the network for information related to inventory and vulnerabilities. The results from the data would then be passed over to a vulnerability manager or the security operations center (SOC) teams. 

How to Avoid OT Security Adoption Blind Spots

Manufacturing organizations need OT security now, and to get the right technology for their business, they must avoid pitfalls in both the vendor evaluation and implementation processes.

Don’t Overlook OT Incident Response

Many organizations purchase IT security tools without first putting a process in place for migrating or integrating OT alerts into the greater organization. OT alerts are another critical difference between IT and OT systems, and they differ because they:

• OT alerts can be harder to prioritize, given the criticality of the environment.
• OT alerts can’t always be easily mitigated due to the inability to patch most OT infrastructure.
• OT alerts don’t always have a clear owner, which can lead to more work to understand how to best prioritize vulnerabilities, add compensating controls, and implement new processes.

Data and alerts from OT systems will eventually be fed into the organization’s SOC, helping to further converge the IT and OT environment to provide greater security protections for both. This convergence will give organizations a holistic view of their entire network, enhance visibility into potential threats across the environments, and enable better protections for both IT and OT systems.

Best Practices to Improve OT and IT Security

Securing OT infrastructure components requires new tools and different processes than what manufacturing leaders are familiar with in their IT security stack. To successfully implement OT security and protect sophisticated manufacturing facilities, security leaders should consider:

• Asking about each vendor’s roadmap: Request briefings to learn how vendors address companies that are moving from legacy systems to newer technologies and security techniques.
• Taking a multi-pronged approach: It’s the only way to address the diversity and complexity of OT security.
• Getting a handle on the alerts: OT alerts can be more difficult to handle, making it important to establish a clear line of ownership and implement strong incident response processes before deploying a tool.
  

Manufacturing security leaders must adopt new tools and processes to protect OT systems from cyber threats and attacks to avoid significant operational disruptions and financial losses. Effective OT security requires a multi-pronged approach that includes understanding vendor capabilities and roadmaps, managing OT alerts, and integrating OT and IT security to provide comprehensive protections across the manufacturing environment.

Connect with IANS Manufacturing CISO Community 

Want more manufacturing resources and guidance? We’ve got answers for your biggest pain points.  Go to our new Manufacturing Resource page - You’ll find tools and guidance that make your job easier.

IANS offers many ways to engage with the manufacturing cyber community, including reports, webinars, CISO roundtables and opportunities to request a call with peers or IANS Faculty. Our 150+ Faculty practitioners are here to help you and your team move faster and make more informed decisions. Manage risk while saving time and budget. Not an IANS client? Get in touch to learn more.