The Global State of CPS Security 2024: Business Impact of Disruptions
Get the Survey Report
Claroty Toggle Search
Return to Blog

Manufacturing Cybersecurity: Challenges, Best Practices & Solutions

/ / 8 min read
Manufacturing Cybersecurity: Challenges, Best Practices, & Solutions

Revised date: 8/22/24

Manufacturing is a broad sector that encompasses the automotive, aerospace and defense, chemical, food and beverage, pharmaceutical, and medical device industries, among many others. These enterprises bring a plethora of benefits to society including contribution to economic growth, technological advancement, job creation, and the provision of essential goods and services. However, in recent years, manufacturers have been plagued by cyber attacks that exploit weaknesses inherent to the increasing (and otherwise-beneficial) interconnectivity of the information technology (IT) and operational technology (OT) environments that underpin their operations. 

In order to continue embracing this type of connectivity without worsening their exposure to cyber risks, enterprises require a comprehensive manufacturing cybersecurity strategy.

Key insights and considerations for implementing such a strategy are as follows.

What is Manufacturing Cybersecurity?

Technological advancements such as automation and the integration of IoT devices and other cyber-physical systems (CPS) throughout processing, production, packaging, and other essential operations are revolutionizing manufacturing. They have even given rise to smart factories, which are characterized by advanced technologies such as machine learning that can help efficiently automate manufacturing processes.

With these advancements, the sector is now more connected than ever before — which is also why manufacturing cybersecurity is now more important than ever before. The ultimate goal of a manufacturing cybersecurity strategy is to protect the CPS on which production availability, integrity, and safety rely.

Achieving that goal requires manufacturers to embrace an approach that extends beyond traditional IT security solutions and principles. As ransomware infections continue to halt assembly lines, rogue insiders remotely alter configurations to compromise production, and other types of attacks that exploit security weaknesses in CPS persist, manufacturers must adopt security principles that are purpose-built for CPS. Before we jump into what they are, we first need to examine the manufacturing cybersecurity challenges that those principles will address.

What Are Manufacturing Cybersecurity Challenges?

1. Legacy systems are the norm

Many of the OT assets that manufacturers rely on today were implemented decades ago — long before internet connectivity was standard in OT environments. No connectivity meant that these assets initially had no exposure to cyber risks and no need for cybersecurity controls. And, because manufacturers’ profits have always been tied to uptime, software patches for many of those decades-old assets have since been applied very infrequently, if ever. After all, patching requires downtime, downtime hinders productivity, and productivity underpins profits. 

As such, it remains commonplace for even the most successful manufacturers’ OT environments to comprise unsecured assets with unpatched legacy systems laden with vulnerabilities that cyber threat actors have already demonstrated their ability and desire to weaponize.

2. Proprietary protocols and delicate processes prevail:

Both legacy OT assets and other modern types of CPS typically use proprietary protocols that are incompatible with traditional IT security tools. Many such tools also consume far more resources and/or generate far more traffic than would enable them to be deployed on most CPS without the risk of disrupting the critical-yet-delicate physical processes they support. 

These compatibility issues also extend to standard inventory and asset management solutions, which is largely why simply discovering — much less protecting — the CPS comprising their OT environment is a key industrial cybersecurity challenge for manufacturers across sectors.

3. Remote access is a must

Most manufacturers rely on remote access to enable internal and third-party personnel to maintain the CPS in their OT environments. Traditional IT solutions like VPNs and jump servers are most commonly used for this — but unfortunately, such solutions tend to be highly risky and inefficient because they don’t account for the unique security and operational needs of OT. 

According to Galina Antova, co-founder of Claroty, “A top threat vector for targeted attacks on OT systems is individuals who have access directly through OT networks…Traditionally, OT engineers in many cases have shared admin access since they might need access to the process immediately. That practice is that much more challenging at a time when many of them are logging into OT environments remotely.” As manufacturers continue to depend on OT remote access, they must recognize that adversaries will likely continue seeking to exploit the threat vectors that common solutions for it often create.

4. Ransomware is increasingly common and damaging:

In recent years, ransomware incidents have plagued the manufacturing sector with attacks halting assembly lines and exploiting weaknesses in the CPS in which the availability, integrity, and safety of automotive manufacturing rely on. Since most manufacturers are part of complex supply chains, a ransomware attack on one company within the supply chain can have a ripple effect  — impacting other manufacturers, distributors, retailers, and even consumers downstream. 

Aside from data and intellectual property loss, reputational damage, and regulatory compliance issues, ransomware attacks can also have safety implications. If an attack affects an industrial control system (ICS) or safety-critical process within the OT environment, it may impact employee safety and cause physical harm. 

5. Increased adoption of smart technology expands the attack surface

As we’ve discussed, the rapid adoption of connected technologies is driving increased interconnectivity that provides considerable benefits for manufacturers. This change is reflected in the estimation that, by 2029, there will be nearly 40 billion IoT connections around the globe, more than twice today’s number.

However, the growth of connected technologies expands the attack surface of these critical manufacturing environments, creating new exposures and other cyber risks that malicious actors can exploit. This is evident through the increase in cyber incidents over the past 3 years. During this time we’ve witnessed cyber attacks by nation-states and criminal organizations that have specifically targeted manufacturing environments including the JBS Foods ransomware incident. This organized cyberattack forced a shutdown of some of this Brazilian food company’s plants and meat distribution — and forced the company to pay an equivalent of $11m (£7.8m) in ransom. This attack has shown the world that manufacturing cybersecurity is now more important than ever.

Key Principles for Securing OT Environments in Manufacturing

According to Rockwell Automation’s 9th annual State of Smart Manufacturing Report, for the first time, cybersecurity was listed as one of the top five external risks to manufacturers. This report emphasizes the severity of ongoing threats to manufacturers, and the immediate need for a concrete manufacturing cybersecurity strategy. 

In order to address the above challenges posed to manufacturers’ OT environments and ensure your organization is protected from new and emerging cyber threats, it is important to adhere to the following three key principles that are purpose-built for securing CPS: 

1. Gain visibility into all CPS in your OT environment

A comprehensive inventory of all OT, IoT, IIoT, and BMS assets — and all other CPS — that underpin your OT environment across each manufacturing plant is the foundation of effective manufacturing cybersecurity. However, gaining this visibility is one of the most important yet challenging tasks facing security and risk leaders today. This is why Claroty offers multiple, highly flexible discovery methods that can be mixed and matched to deliver full visibility in the manner best suited to your organizations distinct needs.

2. Integrate your existing tech stack and workflow from IT to OT

While we discussed above that most CPS are simply incompatible with traditional IT solutions — that doesn’t mean that such solutions have no place in OT. Rather than expanding your already-extensive tech stack, Claroty integrates with it, enabling you to safely uncover risk blindspots without endangering operations. This strategy will help manufacturers to take control of your risk environment and create further visibility across traditionally siloed teams by simply extending existing tools and workflows from IT to OT.

3. Extend your security governance from IT to OT

Unlike their IT counterparts, most OT environments in the manufacturing sector lack essential cybersecurity controls and consistent governance. Again, that’s because the legacy systems in many OT environments were built with a focus on functionality and operational reliability, rather than security, as these systems were not initially intended to be connected to the internet. Claroty eliminates this gap by extending your IT controls to OT — unifying your security governance and driving all use cases on your journey to cyber and operational resilience.

Manufacturing industries are the heart of the global economy, playing an integral role in job creation, technological advancement, infrastructure development, international trade, and more. As the industrial internet of things (IIoT), automation, and advanced analytics continue to pave the way for smarter, more efficient production processes, we have seen the benefits digital transformation can provide. However, the integration of digital technologies has also led to an expanded attack surface for threat actors, and caused more challenges for manufacturing organizations to contend with. In response, it is vital for organizations to understand these threats, implement cybersecurity best practices, and utilize a CPS protection platform — like Claroty — to build a robust manufacturing cybersecurity posture and to support all use cases across their security journey.  

Critical Infrastructure Cybersecurity
Stay in the know Get the Claroty Newsletter

Related Articles

Tagged with Critical Infrastructure Cybersecurity

Interested in learning about Claroty's Cybersecurity Solutions?

Claroty
LinkedIn Twitter YouTube Facebook