ML Journal February 2022

ML Journal February 2022

3 Steps to Secure the Factory of the Future

As more companies move toward creating factories of the future, they need to prioritize cybersecurity as these new manufacturing models present new threats and require new defense strategies.     

The promises of smart manufacturing capabilities have many manufacturers planning for their own organizations’ factories of the future. Deloitte found that 86% of manufacturers believe smart manufacturing technologies hold the key to their competitiveness in the next five years and 83% say these capabilities will transform the way products are made over the same timeframe1.

The use cases for the factory of the future are multi-layered, with Deloitte prioritizing eight—the Great 8—that are most likely to drive investment in systems that are not only interconnected, but communicate, analyze, and use data to drive intelligent action in the physical world. Threaded across these transformative use cases is the notion that cybersecurity must be an integral part of the design that drives them.

The promises of everything from optimization of the factory floor to boosting material mobility and availability comes with heightened cyber risk. The more hyperconnected and digital factories become, the more entry points for attackers that manufacturers can potentially introduce to their operations. Truly forward-looking manufacturers are planning investment solutions to manage cyber risk in lockstep with the technology and services that are digitally transforming their businesses.

Planning for effective manufacturing cybersecurity should occur speedily because while there may still be a long runway for putting all the pieces together, organizations are already executing on parts of the use cases that make up the factory of the future.

In fact, many organizations have already operationalized on smart factory capabilities that introduce quality sensing and detection, as well as improved energy management. And some of them are utilizing digital capabilities for smart conveyance, digital product development, and factory synchronization2.

For example, The Smart Factory @ Wichita3, a collaborative facility featuring an end-to-end smart production line, space for smart ecosystem sponsors, and experiential labs, has given insight into what likely works and what doesn’t, both for cybersecurity and broader manufacturing innovation. Here are some of the cyber lessons learned and demonstrated at The Smart Factory @ Wichita so as your organization preps for its own smart factory future, it consider ways to appropriately manage cyber risks along the way.

Exploring The Smart Factory @ Wichita

Before we dig into cybersecurity guidance, let’s first explain the particulars of The Smart Factory @ Wichita. This new, 60,000-square-foot space located on Wichita State University’s Innovation Campus convened by Deloitte with an ecosystem of world-renowned solution providers and technology innovators – helps companies explore what’s possible with smart factory applications and informs them on ways to create sustainable smart manufacturing investments.

The facility is housed in a net-zero impact smart building that runs on a smart grid, with connectivity and integration of a whole ecosystem of technology solutions at play. The idea is to demonstrate how digital, physical, and experimental technologies can be fully integrated to innovate in areas like cybersecurity, Internet of Things (IoT), cloud, and computer vision. This cohesive approach brings the factory of the future to fruition so business leaders can see how they can use these technologies to drive down costs deliberately and securely, increase supply chain efficiencies, and ultimately position their organizations for success.


The more hyperconnected and digital factories become, the more entry points for attackers

 

The Manufacturing Leadership Council is hosting a plant tour at The Smart Factory @ Wichita on May 10-11, 2022 so members can experience the latest smart factory capabilities and see first-hand how competitive advantage can be accelerated through digital transformation. This new, cutting-edge, immersive Industry 4.0 experience allows products to be built with a fully connected tech stack and industrial-grade production line.

Here are 3 steps to consider for securing your factory of the future, as learned from The Smart Factory @ Wichita:

  • Understand Heightened Cyber Risks
  • Identify Potential Risky Scenarios in Factories of the Future
  • Implement Critical Security Controls

1.   Understand Heightened Cyber Risks

Safely harnessing the benefits of smart manufacturing requires recognizing the heightened cyber risks that may arise unless proper security controls are implemented in lockstep with business innovation.

Some factors to think about include:

  • Validation of Protective Controls: Manufacturers need ways to quickly validate what devices, software, and processes are communicating with one another and whether key factory assets are talking to things they shouldn’t be.
  • Vulnerability Management: Most vulnerabilities reside deep within the industrial control system (ICS) network, which includes engineering workstations, programmable logic controllers (PLCs), sensors, and industrial controllers. Manufacturing organizations need vulnerabilities matched to asset inventory, along with guidance and context to understand which flaws put them most at risk.
  • Third-Party Risk Management: Contractors, vendors, and other third parties often have direct access to operational environments for activities like updates, inspections, or new equipment installations. Not only can they inadvertently create operational risk, such as modifying configuration outside of agreed maintenance windows, but adversaries may also compromise equipment used by these individuals. Organizations need visibility and control to understand these complexities.
  • Threat Actors: Adversary group threat actors increasingly probe industrial facilities for weaknesses using increased connectivity, unmitigated vulnerabilities, remote connections to third parties, and more to compromise critical factory networks. Organizations need monitoring and detection to keep tabs on potentially malicious activity.

2.   Identify Potential Risky Scenarios in Factories of the Future

There are a number of risky real-world scenarios that an enhanced smart factory could either introduce or exacerbate. These are just a few examples of the types of scenarios that are tested and explored at The Smart Factory @ Wichita. But there are other technologies and processes that may reduce the risk of these scenarios if applied properly.

Scenario 1: Ransomware Impacting Delivery of Materials

As organizations implement systems for improved factory synchronization and dynamic scheduling, cyber attackers could potentially freeze operations on the factory floor, putting the flow of production at risk or introducing quality issues for the purpose of extortion. Ransomware incidents impacting a manufacturer’s ability to make and provide products are a very real concern in smart manufacturing ecosystems.

Suggested Risk Reduction Strategies: Attack mapping, detection of malware.

Misconfigured assets actively operating in a factory are not a malicious attack scenario per se, but they open up potential future attacks.

 

Scenario 2: Attacker Using Ecosystem Connections to Gather Intel

AI-powered optimization models to identify ideal routings of materials from the warehouse to various points on the production line delivered via automated guided vehicles (AGVs) introduce many opportunities for efficiency. But attackers may also utilize techniques to fingerprint these connections and gain knowledge about how processes interact, what assets are in play, and the communication patterns within the factory.

Suggested Risk Reduction Strategies: Early detection of scanning; monitoring of remote communication to and from key factory assets.

Scenario 3: Adversaries Sabotaging Flow of Consumables Along the Line

The type of intel-gathering described in the scenario above can be used in a plethora of ways, up to and including sabotage. For example, simply sending an email that includes a malicious document to users with access to dynamic scheduling workflows and dashboards could potentially introduce malware that denies the flow of information to the dashboards. In another vein, adversaries could disrupt the flow of smart conveyance systems by setting up rogue master devices to communicate with the devices they control, mimicking control signals and creating a mis-operation of AGVs.

Suggested Risk Reduction Strategies: Attack mapping; detection of malware, incident response steps through playbooks, identification of rogue assets and communication.

Scenario 4: Adversaries Subverting Maintenance Communications to Instill False Sense of Security

The engineering collaboration and digital twin technology introduced in the factory of the future provide big opportunities for improving metrics and visibility into asset health to perform more effective preventative maintenance. However, attackers can potentially compromise trusted nodes that have access to process control systems and spoof outgoing alerts generated by the system to make the operator think a machine is operating normally.

Suggested Risk Reduction Strategies: Detection of spoofing scenarios; correlation to response playbooks.

Scenario 5: Misconfigurations Open Factory Up to Future Cyber Attacks

Misconfigured assets actively operating in a factory are not a malicious attack scenario per se, but they open up potential future attacks. Organizations regularly collect performance, availability, and quality information about assets for visibility and future performance improvements, but they need to add security into that asset management discipline.

Suggested Risk Reduction Strategies: Security-focused asset mapping and management, timeline analysis to detect misconfiguration and suspect communications.

3.   Implement Critical Security Controls

Based on the example situations outlined above, it becomes clear how many moving pieces can be involved in an effectively functioning set of cybersecurity controls within a smart factory. However, companies shouldn’t risk missing the forest for the trees. Many of these practices fall within a few key cybersecurity disciplines. Organizations planning for the future should take special care to improve their practices in the following three areas.

OT and IoT Monitoring

Deploy network monitoring tools to provide visibility and security alerts on connected assets.

Plant managers and other plant-level personnel need real-time visibility over all network-connected assets through some kind of asset discovery and network visualization/mapping capability. Asset data should be granular, offering exact versions and operating systems so that monitoring can be keyed to the latest Common Vulnerability Enumeration (CVE) data to have timely lists of vulnerable assets currently operating in an organization.

In the meantime, mapping makes it possible to conduct continuous threat and anomaly detection across identified assets, so threat analysts are alerted when abnormal network or asset behavior is detected. Upon detection of an abnormal scenario, alerted analysts need capabilities in place to coordinate with an incident response team, including playbooks, or repeatable guidelines of viable remediation steps.

Digital Asset Management

Monitor network-connected assets while enumerating associated cyber risks.

Manufacturers should utilize customizable dashboards with search capabilities that allow plant personnel to use their inventory information to enable compliance and cybersecurity use cases. They also should have a Configuration Management Database (CMDB) to store information about all network-connected hardware and software assets. As mentioned previously, asset discovery is crucial. The ability to automatically discover, catalog, and categorize all assets should include devices, servers, desktops/laptops, control systems, apps, and services. Most importantly, organizations need a way to surface that information into a prioritized list of the crown jewel assets that matter most to the business for reasons of business sustainability and public safety.

What you can’t see,
you can’t protect or control

 

 

 

SOC Capabilities and Incident Response

Detect, analyze, and respond to cybersecurity incidents using a combination of processes and technology solutions.

It is commonly said that, ‘what you can’t see, you can’t protect or control.’ Monitoring for insider threats and activities is important, but what’s more important is easily pushing that information into the platforms that defenders use, such as security information and event management (SIEM), so they can gain timely insight into the health of OT systems and act quickly on alerts. Having security operations center (SOC) integrations to launch investigations of abnormal behavior and escalate critical notifications is key. Additionally, organizations need a technology platform that monitors the network and is continually updated with threat intelligence and/or a dedicated pipeline of threat intelligence to feed essential information about the current landscape to the OT security team to prevent or mitigate cyber attacks.

Conclusion

While many organizations are still evolving toward the vision of Manufacturing 4.0, many elements are already here today in even the most traditional factory lines. Connectivity, remote access capabilities, and other digital functions are already embedded in manufacturing systems. The three steps outlined here are designed to provide insights as organizations start to building out the kind of cyber capabilities that can help them deal with today’s risk realities and plan for the heightened risks that will inevitably arise in the future as smart factory technologies are adopted.


About the authors:

Peter Vescuso
is Vice President of Marketing at Dragos, a provider of cybersecurity for industrial control systems/operational technology environments.

 


Wendy Frank is a Principal at Deloitte & Touche LLP and Cyber 5G Leader in the Cyber & Strategic Risk practice of Deloitte Risk & Financial Advisory.

 

Footnotes:

1.     Smart Factory for Smart Manufacturing | Deloitte US: https://www2.deloitte.com/us/en/pages/consulting/solutions/the-smart-factory.html

2: Accelerating Smart Manufacturing: The Value of an Ecosystem Approach: https://www2.deloitte.com/us/en/insights/industry/manufacturing/accelerating-smart-manufacturing.html

3: https://www.thesmartfactory.io/home

This article contains general information only, does not constitute professional advice or services, and should not be used as a basis for any decision or action that may affect your business. The authors shall not be responsible for any loss sustained by any person who relies on this article.

View More