In the classic factory of the 1950s, security was simple. Managers strolled from their offices on a floor that towered over plant activity, closely observing whether shift crews below were doing what they were supposed to do.
Because employees knew the eyes of a supervisor may be upon them at any time, they were less inclined to cheat the system – such as slipping any of the company’s property or product into their pockets, or sabotaging a machine out of spite. And motives were, on the whole, aligned: what was good for the business was good for everyone involved.
Fast-forward six decades and it’s a different story. With advancements in information and communications technology, the manufacturing industry has undergone significant transformation.
Today, manufacturing employees are more likely to operate advanced technology from their computers and mobile devices, rather than undertake physical work. They are empowered to connect remotely, set their own hours and even self-determine how to effectively perform assigned duties.
As opposed to their factory counterparts of prior generations, their tools aren’t welding machines, circular saws and drills; they’re tablets, smartphones and thumb drives. They don’t follow instructions from an assembly book stocked on a shelf; all best practices/guidance are stored in files on a server.
But that’s also where an abundance of sensitive, proprietary data about customers is kept, as well as information about electronic payments to both suppliers and workers.
With the rapid rise of sophistication and autonomy, it’s clear that something important has been lost: the protective eyes on the floor. And this has security implications for both the insider threat and external cyber security threats.
The Insider Threat
Years ago, those eyes made it more difficult for a disgruntled crew member to surreptitiously slip a blueprint into his lunchbox.
Today, it’s much easier for the same worker – perhaps unhappy after years of stagnant career progression – to abruptly quit, transfer the entire R&D library onto a thumb drive and deliver the stolen information to a competitor.
Without proper monitoring and auditing controls in place, the current level of empowerment – which ultimately serves a positive, productive purpose for organisations – can be abused.
That’s not good for the enterprise, and it’s not good for employees. But it’s fairly unfeasible to “watch” over everything when there are so many employees now connecting to manufacturing systems both inside and outside a traditional factory environment. Toss in an expanding influx of contractors, partners and other non-staff enterprise users, and you invite additional risk.
Especially since many of these parties aren’t vetted to the same degree of scrutiny as full-time personnel. It’s worth noting here that not all security breaches are the result of a malicious insider.
Personnel or contractors may play the role of the unintentional insider where they can be ‘tricked’ into downloading malware and introducing this into the network.
Or they can lapse into sloppy habits, such as sending corporate materials to their home computers on vulnerable, private email accounts.
Of course, they can also outright lose things (devices, USB flash drives, etc.) which can end up in the wrong hands.
To combat the insider threat, manufacturers need to empower the organisation to better protect the information and data that helps make it profitable. Whilst it’s important to give employees the latitude they need to do their jobs the business also needs to retain visibility into their actions.
A robust security measure that is able to do this includes three important pillars:
1. Data capture – implementing a lightweight endpoint agent can capture data without disrupting user productivity. A system like this can monitor the data’s location and movement, as well as the actions of users who access, alter and transport the data. Collected user data can be viewed as a video replay that displays keys typed, mouse movements, documents opened or websites visited. This unique capability provides irrefutable and unambiguous attribution of end-user activity.
2. Behavioural audit – understanding how employees act will help pinpoint unusual or suspect behaviour enabling closer monitoring for those deemed high risk.
3. Focused investigation – if a clear violation is detected it’s important to pinpoint specific events or users so you can assess the severity of the threat, remediate the problem and create new policies to stop it happening again.
The Outside Threat
With significant changes to the manufacturing landscape businesses also face significant threats from outside criminals. Over the last decade there has been huge uptake of technology and online systems to create new efficiencies and improve operational effectiveness through the sharing of information.
However with every opportunity comes risk; and given the growth of the Industrial Internet of Things (IIoTs) and big data it’s no surprise that cyber security has been elevated to one of manufacturers’ biggest risk factors. In fact, according to IBM, manufacturing was the second most targeted industry in the US for cyber-attacks in 2015.
So whilst networked products, known as IIoT in manufacturing, means there are virtually endless opportunities and connections that can take place between devices, it also means there are a number risks due to the growth in data and network entry points. In many cases, manufacturers have been quick to embrace the benefits of IIoT but still have some catching up to do in order to adequately protect their data, customers, products and factory floors.
Australian manufacturers need to consider multiple cyber security threats including factory threats, product threats and operational threats.
For example, if equipment controllers are not adequately secured it is possible for an outsider to attach malware ridden PCs to the OT network while performing routine maintenance. Similarly, manufacturers must take great care in preventing any products, like driverless cards or robotics, from being compromised as not all cyber-attacks are focused on the network but can also affect how a computer processor or piece of technology operates.
For manufacturers to fully realise the benefits of IIoT securely, it’s important they identify security weaknesses and put a process in place that can mitigate not just current but future risks.
This means any security system should be:
1. Simple and flexible – your security solution should be able to scale with your operations and be easy to use.
2. Unified – in today’s environment you’re likely to split IT functions between cloud and on-premise technologies to maximise the advantages of each approach. By implementing a unified solution you can eliminate the extra cost and duplicated work of systems that have separate management to consolidate cloud services and on-premises solutions in a single console with one visibility, policy and reporting system.
3. Fault tolerant – there’s no point in having a security system if it goes down when you need it most. Prevent interruptions in network security by having traffic rerouted to a trusted partner in the event that a security appliance goes offline.
Ultimately, even though the threat of cyber-attacks in manufacturing is a reality, there are multiple ways Australian businesses can move forward without fear.
Forcepoint