Insiders still remain a top priority and challenge for organizations when intellectual property and trade secrets are involved. The recent Verizon DBIR report mentions that 85% of incidents are related to unintentional insiders, and 30% of cybersecurity incidents in manufacturing are the result of insider threats.
While many insider threats in manufacturing are tied to malicious or criminal origins, unintentional insider threat remains the primary cause of manufacturing and Operational Technology (OT) incidents. Intellectual property in a manufacturing environment is often the manufacturing process itself. Sometimes called “recipes,” this critical IP is used to build or manufacture the product.
Old Technology and New Threats
The supply chain and the availability of products are an essential part of the industry, commerce, and global business. Manufacturers play a key role in supplying some of the most important products and services that serve communities, individuals, and economic needs. The industry consists of some of the oldest technologies because, in reality, most of its components have been physical in nature. As time has progressed, so have the connectivity and technological advances within manufacturing.
These environments have traditionally been old and antiquated sensors, electronics, and devices that were built long before security technologies came into the picture. Historically, there has been no awareness of cyber threats or attacks against manufacturing environments. Anytime you add technology and even the hint of connectivity, especially if that connection is close to the Internet, then challenges become a reality.
As we have discussed in the past, insider threat (and risk) takes on many forms in any organization; saboteurs, criminals, economic or corporate espionage, and finally, our larger threat, the unintentional or accidental insider. Back in the day, CISOs called these individuals the “negligent insiders.” They weren’t necessarily trying to cause problems, but by carelessly clicking a link, inadvertently misconfiguring source code, or circumventing policy to get a job done quicker, they put their organization at risk. These are the cases that organizations have to identify and remediate proactively.
CISOs on the Line for Safety
In general, information security professionals and CISOs have to build a cyber/information security strategy around three core concepts, Confidentiality, Integrity, and Availability (CIA)’. This triad must work together harmoniously to guide strategy and policy-making for an organization. In the manufacturing world, they add “Control” to the CIA Triad. Control over your technology and devices is needed to ensure a safe environment. The safety of the individuals responsible for the operation of the OT or manufacturing environment is critical.
What’s at risk includes not just data leakage and reputation loss but potentially human life. The Stuxnet situation in Iran foreshadowed the possibility of a nuclear disaster. Phishing attacks that targeted a German smelting operation represented the possibility of grievous harm resulting from a cyber attack. Both examples led to the inability to shut down critical processes, which had potentially grave consequences.
Many organizations grapple with their ability to protect these OT environments better. Many don’t want to pay to do the right thing, architect properly, or better yet, provide the necessary protections for their operation. The most important aspect here – is the fact that some of your users are going to cause an incident; not everyone, and not most of them, but just a small percentage of users, will.
Frameworks and Controls
In the Deloitte and MAPI Smart Factory Study conducted by Deloitte in 2019, the Manufacturer’s Alliance for Productivity and Innovation (MAPI) found that over 40% of the manufacturers surveyed had operations affected by a cyber incident. The report outlines some of the biggest trends, including unauthorized access to infrastructure, operational disruptions, and theft of intellectual property. Manufacturing organizations can incorporate guidance and strategy in architecting, operating, and controlling these networks and technologies, similar to non-manufacturing environments, through frameworks and architecture frameworks:
- Recent Executive Orders by the White House for strengthening cybersecurity and critical infrastructure – 13636 (2013), 13800 (2017), and 13873 (2019)
- DHS – Critical Infrastructure Sector-Specific Plan, as part of the overall National Infrastructure Protection Plan
- NIST – Framework for Improving Critical Infrastructure Cybersecurity
- NIST – Cybersecurity Manufacturing Profile – a play on NIST Cybersecurity Framework, with additional controls for manufacturing
- EU (European Union)
- “Industry 4.0” has been evolving as a new standard, as a result of the advances and addition of technology, AI, Robotics, IIOT, Machine Learning, and other technologies in the manufacturing space – that cybersecurity has become (and should be) a primary pillar of consideration in manufacturing.
6 Best Practices to Combat Cyber Risk
The SANS 2019 Industrial Control System (ICS) Security report noted the surprising number of attacks or risks related to misconfigurations and insiders. As digital transformations within organizations push the envelope between OT and IT networks, and in cases connecting the two, manufacturing operations become open, available, and connected to the public internet.
CISOs and manufacturing leaders historically were typically concerned about the physical security of OT and manufacturing components, like Programmable Logic Controllers (PLCs) or Distributed Control Systems (DCSs) and Supervisory Control and Data Acquisition (SCADA), as most of these systems are distributed throughout the manufacturing floor, often left visible to users, sometimes physically secured in cages, and oftentimes not. The threat was tied to a physical attack on the systems rather than a cyber attack. There are industry best practices that can assist an organization to limit or reduce the chances of insider threats:
- Cloud: As more manufacturing operations adopt “Industry 4.0” and utilize IT systems to manage manufacturing and OT environments, secure and monitor connections to the cloud, ensure all layers are secured (firewalls), use encryption to secure data in transit and at rest, increase visibility and use tools to decrease your attack surface.
- Network Segmentation: Ensure your architecture supports some layer of segmentation. There have been cases where hardware is connected to a flat network, and malware infection occurs, affecting manufacturing operations.
- Zero Trust might be your saving grace and could address many of the topics discussed. This includes a hearty Identity Access and Management solution to constantly verify and trust, especially with the onset of distributed workforces and the expansion of the “perimeter.”
- Purdue Reference Model (ISA-99) is the go-to model for Industrial Control Systems and guidance on how to architect the relationships between OT and IT networks.
- Security Risk Assessment: Conduct a security assessment of your organization and include your OT/manufacturing environments too.
- Human Risk: Your users should also play a part in identifying and responding to risk as it relates to the user. Many insider threat cases tied to connectivity between OT and IT networks re-introduces the issue of phishing, social engineering, credential theft, and eventually cyber attacks, hacking, data loss, and breach. Identify your most risky users and limit their blast radius.
Chat with us to learn how to identify your highest-risk users and take effective action to reduce risk and protect your organization from attack.