5 Tips to Mitigate Manufacturing Industry Cybersecurity Threats

Jori VanAntwerp

CEO and Founder at EmberOT || Web

For over two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and improving their overall security efforts. He has had the pleasure of working with companies such as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now CEO & Founder at EmberOT, a cybersecurity startup focused on making security a reality for critical infrastructure.

Being prepared for manufacturing industry cybersecurity threats means ICS (industrial control system) practitioners are always learning from high-profile industrial infrastructure cyber events.

Equally important, however, is remembering that manufacturing industry operators are capable of responding effectively to threats by adequately maintaining solid, foundational cybersecurity practices overall.

Too often, the industrial sector is badgered by fear-inducing tactics from outside the industry. What’s actually most helpful are level-headed discussions of what good industrial cybersecurity practices look like and learning to separate fact from FUD (fear, uncertainty, and doubt).

We’ve compiled a list of 5 straightforward ways to combat cybersecurity threats in the manufacturing industry, without any of the fear-mongering or unnecessary suspense.

1. Take a Defense-in-Depth Approach

🧅 Like onions and ogres, defense-in-depth strategies have many layers. These layers can include asset management and physical, procedural, and technical controls, all of which protect critical infrastructure and industrial control systems from threats and disruptions.

This approach creates a secure and resilient environment using multiple layers of protection and redundancy. It helps to ensure the safety, resilience, and continuity of operations by creating a robust way to detect and respond to incidents.

2. Make Physical Security a Priority

Even if a manufacturing facility’s digital network is properly secured, unsound physical security practices can leave an enterprise vulnerable to cyber (or other) threats.

• Reduce the likelihood of insider threats – Require authorized entry and monitored access for all employees, contractors, and anyone physically interacting with the onsite manufacturing systems.
• Physically shield important systems from outside access – Recent physical attacks on energy substations highlight the importance of maintaining physical security in all critical infrastructure environments.
• Maintain compliance – Many industries, including manufacturing, are regulated by standards that require the implementation of consistent physical security measures to protect critical infrastructure.

3. Segmentation: You Gotta Keep ‘em Separated

Segmentation of your OT and IT networks is critical. To quote the wise words of 90’s band The Offspring, “You gotta keep ‘em separated.”

Our friends at Garland Technology offer this breakdown of OT segmentation best practices we like a lot.

4. Bring “Shadow IT” into the Light

If you’re unfamiliar with the term, “shadow IT” refers to practices that have not been officially approved by an organization’s IT department. This can include unauthorized access to systems, programs, software, applications, and devices. Shadow IT can also mean employees downloading and using unauthorized programs and software onto enterprise devices or, in some cases, using personal devices without authorization.

There are many reasons why individuals may attempt to side-step official approval: lack of budget, ignorance of approval requirements, or a desire to “just get the job done, no matter the cost.”

The cost of “shadow IT” can be dangerously high when we’re talking about a critical infrastructure environment.

Utilize jump boxes (jump servers, jump hosts) and data diodes to manage access to your network. This will tightly control what your organization allows to be deployed in those systems.

💡 Use monitoring and visibility tools to keep an eye on your assets and the protocols that may be communicating within your network. Establish baselines and check your networks frequently for any unauthorized changes or anomalous activity that may be lurking in the shadows.

5. Adhere to a SCADA Security Checklist

A system’s SCADA (Supervisory Control and Data Acquisition) is the lynchpin of daily operations for many industrial environments. Therefore, SCADA protections are frequently the foundation on which other cybersecurity defenses are built.

Since SCADA systems require unique protections, adhering to a SCADA security checklist protocol is essential to maintain a reliable defense against cybersecurity threats in the manufacturing industry.

SCADA security checklists often include steps such as:

• Ensuring SCADA remains on its own, separate network
• Software patch management procedures
• Integrity assurances
• Assessments of physical security

For a more in-depth look at additional steps to include in a SCADA security checklist, check out our SCADA Security Checklist: What to Audit for ICS.

Using Visibility to Combat Cybersecurity Threats

It’s important to note that cyber defenses must never hinder an industrial environment’s operations. Cumbersome, incompatible, or performance-slowing cyber defenses aren’t helpful. While not necessarily medicine worse than the disease, there are usually better ways to protect your systems.

At EmberOT, we know the best defense for manufacturing industries is already in place. The operators who manage, oversee, and regularly protect ICS are the ones most qualified to keep our manufacturing systems running.

That’s why EmberOT’s vendor-agnostic software expands operators’ visibility into their manufacturing environments, helping operators themselves identify vulnerabilities and effectively respond to threats.

If you’re interested in learning more about EmberOT’s small-footprint, flexible, and scalable industrial cybersecurity software, reach out to us or request a demo today.

~Jori 🤘🔥