Is Your Intellectual Property Being Stolen from the Manufacturing Network?New manufacturing technologies and techniques bring new opportunities but can also bring security risks without the right strategies in place By: David Langlands
With so much American intellectual property being stolen—hundreds of billions of dollars per year—the U.S. manufacturing sector as well as global manufacturers should be on heightened alert for cybersecurity espionage. Except that's not the case for much of the sector, where relatively unsophisticated security controls remain commonplace and security budgets, resources and headcounts remain flat.
There are certainly plenty of technological shifts and advances taking place in manufacturing. Industrial systems are being overhauled for higher connectivity. Productivity is getting a major boost with the use of robotics and the Internet of Things (IoT). Unfortunately, these technological and productivity gains will also increase the attack surface.
Other highly targeted industries like the financial space, retail and healthcare are subject to strict security compliance standards and mandates. Manufacturing has no such compliance requirements. But it does face a concerted and organized criminal threat—often from nation states—to steal its credentials, to infect its networks with mass malware, and to extract valuable intellectual property.
According to the Ponemon Institute's "2015 Cost of a Data Breach Study" it took an average of 256 days to identify and 82 days to contain the attacks analyzed in the report. Advanced persistent threats remain a major problem for manufacturers. The cyber criminals have multiple entry points at their disposal. They can use phishing scams, ransomware and mass malware to gain entry to a system. From there, the long-term and covert theft of intellectual property can go on for months or years. Schematics, drilling sites, formulas and even board-level emails can be targeted and taken.
Just as we've advised the financial and retail sectors, manufacturers need to embrace a "when, not if" mindset when it comes to a breach of their valuable data. But when you're facing an onslaught of threats—some of it noise, some of it significant and some of it quite dangerous and sophisticated—how can you continue to defend and protect the network without sacrificing the productivity and innovation at the very heart of manufacturing?
You can start by thinking like a hacker, or better yet, a hacker's boss. What valuable information do you have? Where does it reside and who can access it? While some of the traditional isolation and segmentation in manufacturing networks has become outmoded, it's still a good idea to create and enforce boundaries. Your tens of thousands of workstations and employees don't need to talk to every enterprise server and vice versa. Additional protection and security monitoring should be placed around the most vital data assets, and communication between those assets and other endpoints should be extremely limited or forbidden by default.
Likewise, the shop floor networks that are always on and difficult to patch should be air-gapped or heavily monitored. As IoT and the use of advanced, connected robotics increases, manufacturers must consider the security ramifications and apply protection and monitoring accordingly.
One way to stay ahead of advanced adversaries targeting the manufacturing network is by focusing on early warnings of compromise on endpoints. This requires a powerful combination of threat intelligence, security expertise and technology.
Incident response must become a daily habit, and you will need a single pane of glass through which you can see and interpret all of the threat data on endpoints, including the stealthier attack techniques that don't involve recognizable malware. Look for advanced endpoint protection that can spot not only malware and other malicious activity, but that also recognizes attacker behavior patterns and other indicators of compromise that are harder to detect. This will help you spot, contain and eradicate the advanced threats that so often penetrate your network without using malware at all.
As an added benefit, early-warning endpoint detection can help reduce downtime, which is always a concern for the supply chain and the shop floor. When you know which specific endpoints are compromised, you can focus remediation efforts there instead of pulling 25,000 workstations offline unnecessarily. In addition, when you know exactly what occurred in the attack timeline, your IT security team can perform a precise remediation without reimaging entire systems.
As precise and technology driven as these endpoint protection solutions can be, human beings remain the weakest link in the manufacturing security program. Many advanced threat actors use spear phishing techniques to specifically target an employee, or a supply chain partner's employee, into giving up useful network credentials. You cannot ignore the workforce when it comes to security awareness training, just as you would never forego safety procedures in the warehouse or the factory.
For manufacturers that want to keep their trade secrets proprietary, security must be engaged on multiple fronts—by assessing risk, identifying points of weakness, applying powerful protection and analysis, and conducting security awareness training. Manufacturing security can and should become an ongoing process. And for the process experts in the manufacturing sector, it's both achievable and rewarding.
To learn more about the intersection of manufacturing innovation and IT security, please read our whitepaper, Protecting the Manufacturing Industry and IoT.
Click to download the Manufacturing Holes for Hackers infographic.