Industry 4.0 is driving exciting changes in manufacturing; however, the risk of cyber threats has increased for reasons ranging from vulnerabilities in the technology to vulnerabilities in the workforce. Unfortunately ,as companies maintain their shift to remote work and cybercriminals become more sophisticated in their attack methods, there are no easy fixes, but there are best practices worth implementing.
Meta vs. personal data
Huge amounts of data are generated in manufacturing, but not all of it is regulated. Non-personal data or metadata generated on the factory floor is extremely valuable and has been collected and processed by companies such as Splunk since 2003. When personal data is part of the collected data, however, the focus changes. Companies must be alert to what kind of data is collected, how it is stored, and with whom (or with what) it is shared.
Artificial intelligence(AI) is great for monitoring processes and accommodating changeson the fly, if necessary. AI also serves an important cybersecurity function by detecting suspicious activities in those same processes. Keep in mind, however, that cyber criminals are equally adept in manipulating AI systems by preventing detection if they can blend in with the “noise” or data distortion, making their intrusion appear normal.
What does a company need to do to have a smart factory floor?
Both external, internal, physical, and digital access controls are critical. It’s not just protection from outside or external threats, but also those that can infiltrate and impact internal systems. You can lock your front door, but if someone lets a “guest” inside, you must have additional protections in place. External protections include end-point monitoring and robust firewall protection. Internal protections might include adding a form of zero trust architecture, where every internal system access is assumed to be a breach and must be individually verified. It’s a “never trust, always verify” mode of operation.
Multi-factor authentication (MFA)
Multi-factor authentication these days is a must. The factors are:
1. What you know – password
2. What you are – some form of biometric (iris, voice, fingerprint)
3. What you have – an access card with a chip
It’s not bulletproof (recent examples are MFA “fatigue,” where cybercriminals bombard their target with such frequency that the target gives up and “confirms.” I also had a case where the targeted user was just curious and confirmed the request. Alas, robust security levels are only effective if we—the human targets—stay focused.
The Incident Response Plan
An incident response plan is not a one and done process. It requires constant updating toaddress new threats and frequent training.
Key Tips forData Storage
· It goes without saying – encrypt the data
· Segregate the data
· Protect the decryption (private) key
· Backup regularly, keep the system air-gapped
· Confirm that the backups can restore the data
· Explore immutable backups – a write-once process that does not allow modification or overwriting – so cybercriminals can’t corrupt it.
· Store the backup offsite and air-gapped (data that is offline and inaccessible) – no one can get to it.
IT departments with shared credentials or loose access controls are special targets for cybercriminals, who are often successful in getting those credentials. IT employees must be vetted, pass background checks, and have different credentials for their “user” versus their administrative functions.
The Target breach (2013) – Vulnerability by Vendor
Target spent a million dollars on a sophisticated monitoring system yet declined to use its automated features. When the hack occurred(stemming from the HVAC vendor’s access through Targets’ vendor portal), the manual response was too late. Target’s data had not been segregated, allowing the cybercriminals to roam freely, stealing 70 million customer records, including 40 million credit and debit cards.
Turn on Logging
No matter the tool or application, if there is a logging feature, turn it on so you have the record of what happened – where and why. Moreover, having the right software license is important. Microsoft Office 365 is the standard, yet there are different levels of licensing and not all of them include detailed logging. Log files going back three or six months provide important insight for IT staff.
One of the reasons the healthcare industry is often a cyber target is the tendency among medical professionals to retain legacy systems, which are often outdated and unsupported by the manufacturer. The industry is also rife with names, addresses, telephone numbers, insurance policies, social security numbers – all valuable data to threat actors. A recent example is the Common Spirit Health chain of 140 hospitals across 21 states, causing serious disruptions to normal functions.
Geo-fencing creates a virtual geographic boundary around (an area) by means of Global Positioning Systems (GPS) or Radio Frequency Identification (RFID) technology, enabling software to trigger a response when a mobile device enters or leaves the area.
When companies deploy geofencing, employees traveling outside the confines of the geofence, must inform IT in advance so when they connect with their devices, the system confirms that the person is where they are supposed to be and not in a location that is outside the geofence. Geofencing is an effective tool for a smart factory with a mobile workforce that travels in areas outside of the U.S.
The Remote Worker
An IT department is much happier if all the employees it needs to control are within one physical location. However, the challenges increase when you have a disbursed group of employees working remotely and using their home systems to connect. Their laptops may have full disk encryption, but the worker could be using an outdated router. Virtual Private Networks (VPNs) provide an encrypted “tunnel” for the worker to connect with the company, but even VPNs are not fool-proof. Misconfigurations and stolen credential lead to criminal access.
The Independent Contractor
Independent contractors are everywhere and more often than not use their own equipment, which IT departments can’t control. Theseindividuals are a major vulnerability for companies.
Security measures and the best practices to maintain them must constantly evolve to stay ahead of cybercriminals’ attack methods. It is never a one and done effort.