How to Protect Manufacturing Operations From Cyber Threats With Futureproof Networking Solutions
In this article, we examine key challenges faced by two smart manufacturing applications.
In 2022, the manufacturing sector recorded more cyberattacks than any other major industry worldwide. The main reason for this phenomenon is the dissolution of the air gap between industrial control systems (ICS) and the Internet, also known as Operational Technology (OT) and Information Technology (IT) convergence, which exposes OT infrastructure to new cyber threats. However, modern manufacturing cannot quarantine itself from the outside world if it wants to remain competitive.
We are going to examine the key challenges faced by two smart manufacturing applications:
- Interconnecting new devices on a large scale for real-time facility monitoring
- Integrating multiple networks for optimal management. In addition, the article has practical recommendations for how to protect these types of operations from cyber threats.
A New Threat Targeting Smart Manufacturing Systems
The rise of smart manufacturing, or Industry 4.0, has seen a growing number of cyber threats in the industrial sector as an unintended consequence of OT/IT convergence. While merging OT and IT infrastructure achieves better efficiency and value creation, it also exposes traditionally isolated OT systems. Combining an ever-expanding threat landscape with manufacturing organizations’ extremely low tolerance for downtime makes this a high-profile target for cyberattacks.
A deeper look at the types of industrial applications that have been targeted reveals some common challenges but also some clear areas for improvement. Let’s look at two practical examples of industrial applications, how cyber threats can affect them, and how to mitigate their vulnerability to cybersecurity risks.
Application 1: Real-time Facility Monitoring and Control Systems
Applications enabling real-time monitoring and control for large-scale industrial networks are increasingly susceptible to cyber threats. These applications generally require deploying many connected devices on a large scale to collect, send, and analyze large amounts of data from the field at the control center. Consider the following cybersecurity concerns:
- Hundreds of programmable logic controllers (PLCs) and sensors at the edge need to be connected to collect data about manufacturing facility conditions and to optimize energy usage. Each of these devices is a new node that could potentially fall prey to cybersecurity attacks such as unauthorized access or malware attacks.
- Vulnerabilities are amplified when these networks expand and aggregate large numbers of edge devices into the distribution layer. If the network is not properly segmented, the whole network is vulnerable when just a single node is compromised.
For these applications, operators should consider a defense-in-depth approach. This involves selecting secure devices, building robust network defense layers, and identifying network statuses to ensure network security and availability. Selecting security-hardened devices that have passed international security certifications, or have security functions based on internationally recognized standards, such as IEC 62443 and NERC CIP, can provide solid building blocks when adding new network nodes. Segmentation and threat prevention also provide another layer of protection to guard against attacks and help prevent unwanted intrusions and threats from propagating to other network nodes. Last but not least, constantly monitoring the security status of your network nodes allows you to stay aware of and respond to any issues or abnormalities.
Application 2: Industrial Machine Integration
Another manufacturing application vulnerable to cybersecurity threats is the integration of industrial machinery into networks for optimized management. Traditionally, industrial engineers would build a closed network environment and use similar patterns to assign IP addresses to machines.
Nevertheless, connecting industrial networks to the Internet is necessary in order to enable remote control and administration of industrial machinery. When these traditionally isolated machines need to be connected to a centralized management system, using the same pattern to generate IP addresses for all machines can result in IP conflicts and may cause network downtime. All machines will need their IP to be reconfigured, a time-consuming task that can easily result in security vulnerabilities. Furthermore, when they are connected over an Internet-enabled public network, they are exposed to all types of new cyber threats. Predictable IP addresses in particular quickly become a target for cyberattacks.
Simplified management and enhanced security can go a long way in addressing these vulnerabilities. For example, system integrators could take advantage of network address translation (NAT) technology to protect IP addresses from prying eyes and streamline device integration. More recent hardware solutions also offer embedded intelligent threat prevention mechanisms that automatically block data coming from unauthorized IP addresses. Combined, these tools provide another robust layer of protection for machine networks.
Overcome OT Networking Hurdles and Transition to a Smart Digital Future
As you converge your OT and IT networks on the path to digitalization, network security must evolve to face emerging new cyber threats. Regularly monitoring network infrastructure and keeping protection mechanisms up to date are vital parts of a dynamic security policy to protect connected systems and reduce costly downtime. It can be challenging for OT engineers to maintain their systems' intelligence and security at the same time, however, because they may have little training or expertise in the most recent IT.
To defend against cyber threats, it is crucial for system integrators and industrial operators to futureproof their manufacturing networks with integrated industrial networking solutions and employ a defense-in-depth approach designed for OT engineers.
Learn more about how to strengthen the defense of manufacturing facilities by downloading this Application Note from Moxa.
www.moxa.com
