Scott Laliberte
Matthew FreilichThe big picture: Whenever we write about cybersecurity, news of the day ensures we are never scrambling for examples of cyber attacks, data breaches and other events that create major problems for organizations.
- The points of vulnerability are many, including, for manufacturing organizations, IoT-connected devices.
- For these companies, it is critical to secure these devices. Because they can be deployed in industrial environments, they tend to be older and run on limited hardware that lacks readily available protections, such as anti-malware, anti-virus and on-device monitoring solutions.
Why it matters: Too often, manufacturing organizations overlook their IoT device risk.
- Bad actors can target devices like sensors to gain access to the broader network.
- While in corporate IT environments we typically associate breaches with viruses, ransomware attacks and stolen data, the dangers on manufacturing floors could include harm to human life as well as damage to equipment and facilities.
Our point of view: By performing a broad evaluation of their devices and employing an IoT security strategy that includes a monitoring solution, manufacturers can prioritize which devices are the most critical and take steps to eliminate vulnerabilities.
Whenever we write about cybersecurity, news of the day ensures we are never scrambling for examples of cyber attacks, data breaches and other events that create major problems for organizations. The points of vulnerability are many, including, for manufacturing organizations, devices connected to the Internet of Things (IoT). For these companies, it is especially critical to secure these devices. Because they can be deployed in industrial environments, they tend to be older and run on limited hardware that lacks readily available protections, such as anti-malware, anti-virus and on-device monitoring solutions.
Too often, manufacturing organizations overlook their IoT device risk. As a result, bad actors can more effectively target devices like sensors to gain access to the broader network. While in corporate IT environments we typically associate breaches with viruses, ransomware attacks and stolen data, the dangers on manufacturing floors could include harm to human life as well as damage to equipment and facilities.
Unknown unknowns
While many organizations have succeeded in improving the security and management of traditional technology operations, the manufacturing sector remains largely in the dark regarding its IoT device “unknown unknowns.” These companies typically lack a solid understanding of how many IoT assets they possess as well as how vulnerable the devices are.
To address this situation, many manufacturers need to strengthen their IoT security and governance by gaining a full understanding of their device network. Steps to take include the following:
- IoT inventory – An accurate inventory is vital to determine how many IoT devices an organization possesses, their location, their functions and credentials, and how they communicate with the network or each other. Companies also need to identify which of these devices are vulnerable or compromised.
- Accountability – Often, the individuals or teams who have responsibility for the IoT system and its maintenance are largely undefined, which can lead to finger-pointing when a breach or device failure occurs. Organizations need to identify who is allowed to purchase devices, who is allowed to put them on the network and who is responsible for maintaining them. It also is important to identify third parties with whom the data or responsibility for management of the devices is shared.
- Risk assessments – Manufacturers need to understand the impact that IoT devices have on operations and how a breach could compromise production. Consider: Are the IoT devices properly credentialed? Are they handling sensitive data? Do they have capabilities that could prove dangerous to the enterprise and its people if compromised?
- Device configuration – Manufacturers need to create and maintain profiles on all of their IoT devices that include their purpose, the date they were procured and added to the network, and their credentials. They also need to determine how they need to be configured for security and properly maintained. For example, do they need to be patched manually, or are updates automatic? In doing so, keep this in mind: It’s very possible that some devices not connected to the network today will be in the future as part of a digital transformation, and as a result, they could rise in value and become a new target.
- Prioritize – Frequently, manufacturing organizations seeking to get a grasp on their IoT devices fail to launch because of “paralysis by analysis.” In other words, the prospect of evaluating hundreds or even thousands of devices across numerous plants can stall the effort before it starts. Budgets can also determine the scope of an assessment. In either case, manufacturers should prioritize devices and focus on those that are most critical to maintaining operations and, at the same time, would create the most problems should a cyber attack occur on it.
Proactive monitoring
Arguably, the most important part of an IoT device security strategy is the deployment of proactive monitoring. This is especially true because it is not always possible to protect IoT devices in a manufacturing environment with anti-malware and anti-virus software. However, by implementing solutions such as Microsoft Defender for IoT or Claroty, manufacturers can monitor network traffic to detect threats stemming from malicious sources or simple device malfunctions. In many cases, these solutions also can help organize and catalog IoT devices and can simultaneously display IT system information.
Once manufacturers have a good sense of standard network traffic produced by the devices, the monitoring solutions help provide heuristic evaluations that a company could potentially tie to standard plant or systems operations. Additionally, the solutions can alert manufacturers to potential vulnerabilities by running attack simulations or by identifying devices that are using unsecure communication protocols.
Along with the proper training, this tool enables the security operations center to respond instantaneously to security breaches or other system breakdowns by cutting off attacks at various points along the kill chain. These response options can be highly beneficial in manufacturing facilities with limited staff.
An ounce of prevention
As tech-savvy bad actors continue a relentless probing of security weaknesses across all industries, it is imperative that manufacturing organizations protect their networks from attack via IoT devices. By performing a broad evaluation of their devices and employing an IoT security strategy that includes a monitoring solution, manufacturers can prioritize which devices are the most critical and take steps to eliminate vulnerabilities. While the size and scope of the work may seem initially daunting, especially for manufacturers with multiple plants and a sizable ecosystem of devices, the steps outlined here provide a clear path to success. Those that address IoT cybersecurity today will give themselves the best chance to thwart an attack tomorrow.
This blog was originally posted on The Protiviti View.
Read the results of our 2023 Global Technology Executive Survey: The Innovation vs. Technical Debt Tug-of-War.
To learn more about our emerging technology solutions, contact us.
Joel Wuesthoff
Richard Kessler
Amanda Downs
Dave Laskowski
Varun Ravi
