Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

06:10 PM

Manufacturing Firms Learn Cybersecurity the Hard Way

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.

Manufacturing firms have become a top target of cybercriminals, extortionists, and nation-state groups, with 61% of companies experiencing a cybersecurity incident affecting their factories and three-quarters of those incidents taking production offline, according to a report published by cybersecurity firm Trend Micro on Monday. 

The report, based on a survey of 250 IT departments and 250 operational technology (OT) departments, states that OT groups have more challenges with security across the board, with technology presenting the most difficulty for both groups but with people and process posing a greater security problem for OT groups. Among the challenges for OT groups are a lack of visibility into assets and associated cyber threats, and a lack of set goals for cybersecurity maturity.

Related Content:

Manufacturing Sees Rising Ransomware Threat

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: A Day in the Life of a DevSecOps Manager

The different challenges and viewpoints mean that IT and OT groups should be collaborating on cybersecurity, but only 12% of groups are working together, says William Malik, vice president of infrastructure strategies at Trend Micro.

"OT systems generally are not overbuilt, so they are chronically short of available processing power, memory, [and] network bandwidth," Malik says. "On the other hand, IT people tend to do a better job at understanding attacks. So, working together they can get better protection and trustworthiness without risking crucial functionality."

The survey is the latest to identify manufacturing as an industry sector in the crosshairs of cyber attackers. Manufacturing  along with healthcare, information technology, and construction are the top industries targeted by ransomware groups, according to a recent report by network security firm Palo Alto Networks. A November report found that multiple ransomware development teams had started adding features to the malware to manipulate industrial control systems. 

The survey revealed that the average manufacturing firm has experienced a cyber incident, and 75% of those companies had suffered a production outage as a result. In 43% of the outage cases — about 20% of all manufacturing firms — had production stopped for more than four days after a cyberattack.

"Factory cybersecurity is in the developing phase," the Trend Micro report states. "Cyber incidents have not been rare, and many companies are making progress in both organizational and technical approaches and most of them aware the risks attached. As factory cybersecurity evolves in the next few years, this survey shows that it is difficult to select appropriate technical measures."

Because the survey only asked if a company had ever experienced a cyber incident, the data is not an indication of increasing threat and may indicate severe past incidents, such as NotPetya or WannaCry, both of which cause significant manufacturing outages and damages.

The survey data also shows differences in companies based in the United States versus Germany and Japan, the two other countries surveyed. The US firms saw fewer challenges with securing people, processes, and technology than Germany or Japan.

"US manufacturers may have done a better job of deploying that 1990s approach to information security — build a perimeter to keep the bad actors outside," says Malik. "The current interest in 'zero trust' emphasizes the need for a deeper understanding of what traffic occurs within the corporate network."

Yet unique OT challenges mean that collaboration with IT security groups is even more important. Take the example of medical equipment. While IT groups are used to pushing for faster patching, many medical devices are approved by the Food and Drug Administration and cannot easily have the software changed after certification, says Malik.

"Given the inaccessibility of some OT systems, remote maintenance is crucial — and difficult to design," he says. "OT systems are usually constrained, so installing additional software to manage potential problems usually is not possible."

Overall, while 89% of companies have built operational processes for cybersecurity, and 88% have created an incident response process, both OT and IT teams have done so separately. Only 12% of respondents actively collaborated with their counterparts in designing either process, according to the survey. 

Companies whose OT and IT groups collaborated had much greater adoption of cybersecurity technology and cybersecurity strategies, such as segmentation and asset discovery.

"[I]f both IT and OT teams participate in the selection of technical measures and the decision-making process in factory cybersecurity, the implementation of technical measures will be easier," the report states. "In particular, there are significant differences in [the rate of adoption of] measures such as firewalls, IPS, and network segmentation."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.
PUBLISHED: 2021-06-17
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`Ch...
PUBLISHED: 2021-06-17
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.
PUBLISHED: 2021-06-17
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges for the affected p...
PUBLISHED: 2021-06-17
In Fiyo CMS, the 'tag' parameter results in an unauthenticated XSS attack.