State of Industrial Cybersecurity report reveals challenges facing manufacturers

April 11, 2021

Cybersecurity company Trend Micro recently released a report on the state of industrial cybersecurity and the challenges facing manufacturers. According to the report, most manufacturers have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk.

“Manufacturing organizations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, process and technology, and it gives bad guys a chance to attack.” Akihiko Omikawa, executive vice president of IoT security for Trend Micro, said in a press release. “That’s why Trend Micro has integrated IT and OT intelligence and provides a comprehensive solution from the shop floor to the office. We’re helping put visibility and continuous control back in the hands of smart factory owners.”

The report includes the results of an online survey with 500 IT and OT professionals in the United States, Germany, and Japan. The survey indicates that 61 percent of manufacturers have experienced cyber incidents. Seventy-five percent of these companies have suffered system outages as part of the incident and 43 percent said outages lasted more than four days.

“Manufacturing companies play a part in the global supply chain and as can be seen from the report anyone that can penetrate the perimeter can then have a freehold of the internal network and can riot by not only impacting production by shutting systems down but also sabotage and contaminate product being manufactured,” says Bharat Mistry, U.K. technical director for Trend Micro.

In the Trend Micro survey, 78 percent of respondents identified technology as the biggest security challenge. Sixty-eight percent of respondents cited people and 67 percent cited process and the biggest challenge.

“Technology is the biggest challenge faced by manufacturers in each country,” says Mistry. “Manufacturing or plant network architecture does not factor in segmentation or zoning of systems and services. Everything is on one big flat network so that everything can communicate with each other with any security inspection or controls. This is ok when everything works, but if there was an infection like ransomware then this could spread very easily and rapidly without any barriers.”

Industrial Cyber talked to Mistry about the challenges facing manufacturers. He says the challenges stem from insecure authentication due to flaws from legacy design and the use of factory default passwords that have never been changed.

“The software and firmware of critical assets running legacy systems are no longer updated, meaning newly-discovered vulnerabilities will not be patched,” Mistry says. “Many control communication protocols are not encrypted, which also makes it easy for hackers to manipulate factory operations and disrupt production.”

Less than half of respondents in the Trend Micro survey said they’re implementing technical measures to improve cybersecurity. According to the report, asset visualization and segmentation were the least likely of cybersecurity measures to be deployed, which could indicate that these measures are the most technically challenging for organizations to implement.

“Over the last decade attacks on manufacturing systems have been few and far between. But in the last two to three years as manufacturers look at programmes like Industry 4.0 to get better business insight into operations and create new business models by connecting their manufacturing environments to enterprise IT and public cloud, we have seen a significant rise in attacks,” Mistry says. “Manufactures embarking on the journey to digital transformation and connecting previously closed systems to public internet and even third party suppliers do need to factor in the cybersecurity risks and put in a mitigation strategy that reduces the exposure especially to vulnerable systems and whilst still maintaining safety and availability.”

The report also indicates that organizations with a high degree of IT-OT collaboration are more likely to implement technical security measures than those with less cohesion. There was a particularly large disparity between organizations with high IT-OT collaboration versus those with little to no IT-OT collaboration in the use of firewalls, IPS, and network segmentation.

According to the report, standards and guidelines were cited as the top driver for enhanced collaboration in the United States , Germany, and Japan. The National Institute of Standards and Technology’s Cybersecurity Framework and ISO27001 were among the most popular guidelines cited by respondents.

“The approaches across the different countries are broadly similar in that all tend to focus on having a strong emphasis on the perimeter with decreasing measures on the internal network. In terms of controls we see the common set of network firewall, IPS and USB storage controls,” Mistry says. “In addition in the US we see antivirus ranking high along with vulnerability management. Also great to see that for regulated industry, standards such as NIST CSF are also widely adopted.”

The Trend Micro report concludes that while manufacturers are rushing to introduce technical cybersecurity measures in the factory, these efforts are still largely in the development process. Moving forward, the report indicates that involving both IT and OT in the decision-making process will be essential to addressing the challenges facing manufacturers.

“In recent years, many enterprises invested heavily on Industrial IoT and Industry 4.0 to transform their business operations,” says Mistry. “One key aspect to implement the IIoT is to digitalize and interconnect the industrial control systems so that big data can be utilized to create new business intelligence. Originally, ICS networks were physically isolated and almost immune to cyber attacks. With this transformation, more industrial systems are brought online to deliver big data and smart analytics through technological integrations. IT/OT convergence provides organizations with a clearer view of their industrial systems together with better process management. However, it also generates new cybersecurity risks due to the transition from closed to open systems.”

Rebecca Addison

Industrial Cyber Chief Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Features

House Committee on Oversight and Reform works towards cracking down on ransomware intrusions

Asset visibility in OT, ICS environments proves challenging as digital transformation reigns

Building greater industrial cyber resilience following Nobelium supply chain attacks

Building cyber security awareness in industrial, OT environments

Adopting a Counter Ransomware Initiative to address transnational threat landscape

New DHS railroad and aviation security directive aims to strengthen cybersecurity fabric

Adopting regulations, standards, and guidelines to build safeguards into maritime cyber security frameworks

IT-OT collaboration calls for reconceptualizing of cybersecurity insurance

Analyzing the role of the CIR Office at CISA to deal with cybersecurity incidents

Applied Risk’s TactICS suite to stimulate OT security awareness company culture with innovative approach

New bill urges critical infrastructure firms to adopt various measures, in response to mounting cybersecurity incidents

Industrial cyber security training comes into focus in advancing threat landscape – Part II

Resources

The Emerging Cyber Threat to Industrial Control Systems Final 16.02.2021

Download

Ponemon Research Report The Impact of Ransomware on Healthcare During COVID-19 and Beyond

Download

Securing IoT Networks with Edge Architecture 2

Download

Securing IoT Networks with Edge Architecture

Download

IT and OT Cybersecurity United We Stand, Divided We Fall

View

Connected digital technologies causing increased cybersecurity risks in the railways

View

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

State of Industrial Cybersecurity report reveals challenges facing manufacturers

Related

Register to be the first to know about all the news