2017 was a turning point for the global manufacturing industry, which saw major ransomware attacks – Wannacry and NotPetya – cause significant interruptions to the operations of several large European and US multinational manufacturing enterprises.
What makes industry sectors such as manufacturing, pharmaceuticals, oil and gas and transportation particularly vulnerable to cyberattacks it’s their reliance on Operational Technology (OT), which increases cyber risks and makes them harder to assess.
Many manufacturing systems were developed when security was considered much less of a priority and the main focus of OT has traditionally been on quality and safety, not security, explains Lukas van der Merwe, Specialist Sales Executive: Security at T-Systems South Africa.
According to the 2019 Manufacturing and Distribution Report, manufacturers face a multitude of cybersecurity threats today, and half of companies have fallen victim to at least one data breach during the past 12 months. A recent a Deloitte study, Manufacturers Alliance for Productivity and Innovation, found that 40% of manufacturing firms experienced a cyberattack in last year. Of these, 38% suffered over $1 million in damages.
Some of the threats that manufacturing enterprises are specifically vulnerable to are malware, ransomware, employee negligence, state-sponsored cyberattacks and industrial espionage.
IT and OT have historically been managed separately since their inception, but there has been a growing trend toward the convergence of these two systems over the past few of years, says Van der Merwe.
“As a result of modernisation, control engineers – in charge of OT – want to leverage the benefits that IT provides for their end users. They want the developments from the IT world to be brought to the OT world,” he adds.
“These are no longer separate islands. We need to look to the future and determine what are our plans are for digitisation and convergence of IT and OT.”
Adding big data analytics and machine learning
By incorporating IT capabilities such as big data analytics and machine learning into OT systems, along with faster connectivity to effectively respond to security and safety events, has allowed manufacturers to improve productivity and efficiency, says Van der Merwe.
A case in point is First Quality Enterprises, a producer of consumer goods, based in the US and Canada. The company employs more than 5 000 people and is active in over 40 countries.
The enterprise recently turned to a company that delivers industrial cybersecurity platforms for continuously reducing Industrial Internet of Things (IIoT) and Industrial Control Systems (ICS) risk.
The security solutions provider deployed a platform that addressed four basic fundamentals of OT cybersecurity that are key to implementing successful OT-IT convergence: visibility and profiling, consolidated monitoring, incident response and security automation.
In the past, the company did not have a methodology for how to manage its OT network as an IT network, however, by deploying the industrial cybersecurity platform, its IT division became an enabler in the manufacturing process.
“Organisations can implement several security tactics that have demonstrated success in critical infrastructure industries. With the continued convergence of OT and IT systems, implementing essential tactics and solutions can help organisations gain visibility across their OT environments, reduce complexity in their network, and enhance their security measures to reduce cyber risk,” says Van der Merwe.
As OT systems become increasingly more connected due to the pace of modernisation, they also become more exposed to more vulnerabilities. However, there are solutions and partners that can assist enterprises in the manufacturing sectors to secure their networks and help them through the OT-IT convergence journey.