Wednesday, April 17 2024

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers.

The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset tracking systems can locate products across the supply chain. These are just a few of the ways industrial IoT (IIoT) devices have ushered in an unprecedented wave of efficiency and productivity in manufacturing.

Yet IIoT in manufacturing creates massive cybersecurity risks that pose a significant threat to the seamless operation of manufacturing sites. What happens when threat actors infiltrate those sensors to spy on factories or affect the quality of products? How is national security affected? And what can manufacturers do to safeguard their operations?  

“One thing we’ve seen, especially since the breakout of the war in Ukraine over the last year, is critical infrastructure and smart factories put in the crosshairs in a geopolitical way that wasn’t necessarily the case previously,” said Dr. Scott J. Shackelford, a Professor of Business Law and Ethics at the Indiana University Kelley School of Business, in an interview with CISOstack. He added, “Now, we’re in one another’s systems constantly, and that’s been a wake-up call for a lot of operators that they need to be mindful in a way that they weren’t before.”

IIoT Threat Trends 

A fall report from cloud security company Zscaler confirmed those trends. It found that IoT malware attacks increased by 400% in the first half of 2023 compared with 2022, with 6,000 weekly attacks targeting the manufacturing sector. The report used information gathered from customer devices linked to the Zscaler global security cloud. It also employed device fingerprinting technology to create a comprehensive inventory of devices and analyze IoT transactions/traffic.

“This significant year-over-year growth in IoT malware is further proof of the relentlessness of cybercriminal organizations to adapt to evolving conditions and continue to escalate the scale of IoT malware attacks against enterprises,” the report noted.

The manufacturing sector has been especially targeted. In a given week, it is impacted by over three times the number of attacks as any other sector, according to the report. Enabling remote access with VPN for employees and third parties using IIoT systems can significantly expand the potential attack surface, especially since cybercriminals exploit vulnerabilities in VPNs.

Manufacturing and retail services made up nearly 52% of all IoT transactions during the ZScaler’s research period. Data collection terminals accounted for 62.1% of all IoT traffic in the manufacturing sector and 8.5% of all traffic sent to the ZScaler cloud. These terminals routed just 3.9% of their traffic to China and Russia, which suggests an unusual limited international impact on security concerns. Overall, the manufacturing sector had the highest number of unique IoT devices of all the sectors studied, at 7,695 devices, and accounted for 15% of IoT traffic.

Mitigating Risks 

In 2024, manufacturing will remain a top target for IoT attacks. Key recommendations from ZScaler include using multi-factor authentication, keeping up with patching software, and training employees.

Being prepared is important, but manufacturers may struggle to keep up with the evolving landscape of cybersecurity threats. Sean Peasley, a cybersecurity professional at Deloitte, echoed this point in an online analysis. “A significant share of manufacturers, however, have yet to build the cyber capabilities to secure some of these business-critical systems. Given the rapid pace at which new technologies are added to factories via smart factory use cases, IT and OT leaders may be unprepared to respond to new threats that arise,” he said.

According to the ZScaler report, “manufacturing organizations must work to gain comprehensive visibility into the IoT devices (and vulnerabilities) active in their environments and prevent unrestricted access to the corporate network.” It thus lists a zero-trust architecture as a best practice.

That zero-trust technology is more widely available with a fresh announcement from Celona, an enterprise networking company. The company announced last week it was integrating with Palo Alto Networks. This integration equips manufacturing industry clients with enhanced cybersecurity defenses, enabling the identification and profiling of cellular-connected IoT devices, automated risk assessment, and the detection of malware.

While this advanced technology mitigates cybersecurity risks, Dr. Shackelford noted that basic risk measures are important, too. “A lot of people lose sight of the fact still, even now in 2024, most breaches are the result of some pretty basic phishing techniques that still work,” concluding, “Cyber hygiene is still absolutely vital.”

Industry Collaboration

Manufacturing clients will benefit from another industry partnership. In October, Blues, an IoT intelligence company, announced it was partnering with IoT supply company RAKWireless to optimize IIoT product development. Blues’ notecard, which can connect industrial equipment to the cloud, is now available in RAKwireless’ modules, sensors, and enclosures.

The end of 2023 was marked by a strategic investment in two companies by TeamViewer, a German remote computer software company. The first company was Sight Machine, a manufacturing data platform which uses AI. Sight Machine’s technology provides information on areas such as quality control, system-level plant performance, and predictive maintenance. The two companies will collaborate on a joint product offering.

The second company was German software provider Cybus. The company specializes in IIoT solutions for industrial-scale manufacturing facilities. Its data hub processes industrial data, facilitating smooth communication among diverse devices, machines, and processes within the smart factory. TeamViewer will join Cybus’ advisory board and is the lead investor in its current financing round.

With this investment, which totals a low double-digit million-euro amount, TeamViewer hopes to become a prominent enterprise software provider at the convergence of manufacturing infrastructure and IT systems, coupled with data analytics.

By collaborating with Sight Machine and Cybus, it aims to advance smart factory solutions.

U.S. Federal Policy 

A major policy development was seen with the release of President Biden’s new plan to fortify supply chains, reduce costs, and secure important sectors. A fact sheet, unveiled by the White House at the end of November, highlights almost 30 proposals to do so. These measures are important because cyberattacks on IIoT devices can create a domino effect that affects the supply chain.

“The Biden administration deserves a lot of credit. Their executive orders have been impactful…Cybersecurity is one of those relatively rare exceptions to the partisan pingpong match between administrations,” Shackelford remarked.

Notably, Biden’s plan creates the Council on Supply Chain Resilience, which will be co-chaired by various cabinet members and other senior officials. The council will complete its first quadrennial supply chain review by the end of the year, which will update criteria on industries, sectors, and products named as critical for national and economic security. The Department of Energy will also sponsor a study to formulate a plan for smart manufacturing, which will determine key investment priorities in developing the digital and AI technology needed to augment manufacturing systems across the United States.

Biden’s plan also highlights departmental initiatives. The Department of Commerce’s new Supply Chain Center will modernize supply chain risk assessment tools. Likewise, the Department of Homeland Security is getting involved in the effort with its new Supply Chain Resilience Center.

The Department of Transportation will use its Freight Logistics Optimization Works (“FLOW”) program to deliver earlier warnings of supply chain disruption. “We’ve consistently heard from private sector partners that to make the most of our physical infrastructure, we are going to need better data infrastructure,” Secretary of Transportation Pete Buttigieg said at the inaugural meeting of the Council on Supply Chain Resilience. The new program provides industry partners in the private sector with “unprecedented access to shared data,” Buttigieg added.

International Developments 

International collaboration is key to the Biden plan, as evidenced by initiatives like the Indo-Pacific Economic Framework for Prosperity (IPEF) Supply Chain Agreement or U.S.-E.U. Trade and Technology Council. Both emphasize strategic partnerships to secure competitive global supply chains and foster innovation.

Collaboration was seen again when the Taiwan Association of Information and Communication Standards (TAICS) and 5G Alliance for Connected Industries and Automation (5G- ACIA) signed a memorandum of understanding, coordinating Taiwanese manufacturers with global IIoT standards. The December occasion was part of 5G-ACIA’s annual assembly, with the signing facilitated by the Industrial Technology Research Institute (ITRI).

Both entities aim to establish a successful global ecosystem for Industrial 5G, with a focus on accelerating its adoption. Additionally, they aim to shape the development of 5G by aligning their efforts with industrial requirements. This collaborative commitment reflects a shared goal of advancing connectivity and automation through the practical application of Industrial 5G technology.

According to Dr. Shackelford, AI adds another layer to the geopolitical implications of manufacturing IIoT. “I really do see, already, AI bots being used increasingly by attackers to identify vulnerabilities at scale in a way that was possible before, but pretty challenging without a lot of resources and expertise. That is going to empower a lot of non-state groups and potential adversaries,” he said.

Easing Burdens for Manufacturers 

Meanwhile, the Department of Defense (DoD) appears to be easing cybersecurity requirements for manufacturers. On December 26, the department proposed new rules concerning its Cybersecurity Maturity Model Certification (CMMC) program. The CMMC verifies the cybersecurity practices of defense contractors and suppliers through a tiered certification process.

The move comes after a report from the DoD Office of the Inspector General which found that DoD officials were improperly supervising suppliers. A December press release stated, “From 2018 through 2023, the DoD OIG issued five audits that consistently found DoD contracting officials failed to establish processes to verify that contractors complied with selected Federal cybersecurity requirements for CUI, as required by the National Institute of Standards and Technology (NIST).”

Manufacturers no longer need to comply with some NIST regulations that protect sensitive federal information. For level 2 asset categories, specialized assets like IIoT devices are no longer assessed against other CMMC security requirements. Only the SSP must be reviewed for these devices. Comments on the proposed rules may be submitted until February 26, following which the DoD will finalize them.

Ultimately, regulatory compliance like the CMMC program shouldn’t be the sole factor motivating manufacturers to consider cybersecurity risks. Talking about cybersecurity in the context of a given organization and avoiding technical jargon is essential. “Instead of talking about security as an end in itself, we need to make it more into whatever the mission or goals are of the organization,” said Shackelford. 


Best Microsegmentation Software


AT&T AlienVault Products Review: OSSIM vs USM

Check Also


Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]