Identify Cybersecurity Threats And Stop Them

Equipment sabotage, insider threats, and supply-chain attacks are the three primary vulnerabilities used by hackers to attack manufacturing operations.

Recognize these three primary cybersecurity threats and take the suggested steps to neutralize them.

By Cristi Kempf, MxD

Manufacturing is hit with more cyberattacks than any other industry, according to IBM’s X-Force Threat Intelligence Index. The threats are external and internal, aimed at data and equipment, and even target the supply chain. In the face of this growing risk, what follows is a description of three primary cybersecurity threats and what you can do to protect your operation from attacks in those three areas.

1. Equipment Sabotage

Attackers who target factory assets want to control, stop, or destroy. In this type of cyber-sabotage, the objective is not to get access to a company’s data but to access the controllers that regulate the factory equipment.

The best-known example of equipment sabotage was the Stuxnet worm attack unleashed on an Iranian nuclear facility and detected in 2010. Stuxnet went after the control system at the Natanz nuclear plant in Iran, causing centrifuges to spin wildly and fail while plant operators were unaware anything was wrong.

It’s believed that a trusted contractor carried the worm into the facility on a removable drive.

Twelve years on, machinery far-less sophisticated than centrifuges is still being targeted by cybercriminals.

Factory equipment is built to last, often for decades. That longevity creates risk. Also notable is that electronically operated/controlled equipment from the 1970s and 1980s was built before manufacturers were worried about cybersecurity.

The best way to minimize risk and prevent such attacks is with a defense-in-depth strategy. This involves multiple levels of security so that, if cybercriminals get through one, they face many more barriers.

One place to start is with physical protection of the factory floor. That’s done by strictly controlling who is allowed onto the premises. No one can use an infected USB for an attack if they can’t get near the equipment.

Other safety steps include locking the server room, installing a firewall, blocking firewall ports to limit access, and ensuring that the only way for people to access the network is with a username and password. Creating subnetworks is another way to halt or slow an attack. If networks are segmented, cybercriminals may bring down one line but won’t disable the entire factory.

Phishing attacks (in which individuals are tricked into clicking a bad link that releases malware) are among cybercriminals’ top weapons. Training and testing employees on ways to avoid falling victim to such ruses is critical.

2. Insider Threats

Sometimes the biggest cyber threat comes from within. Disgruntled or distracted employees, vendors with a grudge, or a visitor with bad intentions can do a lot of damage.

They can steal employee personal information and sell it. They can sabotage equipment. And they can introduce malware, intentionally or unintentionally, by clicking on a bad link.

These “internal threat actors” also can be invisible. In many cases, they have authorized access to or knowledge about an organization’s assets or resources. They have credentials and know-how and are hard to detect.

Most cyberattacks that target manufacturers originate on the outside. But 12% come from workers or others with insider access, according to Verizon’s 2022 Data Breach Investigations Report (verizon.com). Most (nearly 90% according to Verizon) have a financial motive.

What about when there is no real motive? An employee working from a coffee shop who doesn’t use the company’s virtual private network (VPN) connection is a threat. The worker who writes a password on a note and sticks it on their computer is a threat. So is the employee who lets someone “tailgate,” or follow him, into a badge-secured part of a factory.

Threats don’t come simply from current employees. Trusted people with access can include the after-hours maintenance company. Former workers also can pose a threat.

“Accidental” insider threats can be mitigated with training and by creating a company culture that emphasizes the importance of cybersecurity. Employees can be taught to watch for phishing attacks that most commonly arrive through email. Reinforcing a security-aware culture will remind people that it’s part of their job to protect the organization’s assets.

Monitoring morale inside an organization is crucial. That will help identify disgruntled employees. Background checks can flag potential problems. Vendors should also be asked about their background check policy. Third-party service organizations that have access to a company’s building or data should provide information on how they vet hires. Also, as soon as an employee leaves, system access should be revoked.

3. Supply-Chain Attacks

Supply-chain attacks are a cybercriminal’s version of climbing the ladder: They get a foot in a company’s door and then aim straight for the top.

The “top” is often the largest partner in a company’s supply chain. Or it could be an organization’s most sensitive information.

Insidious and on the rise, these attacks are hard to prevent because the bad actors are getting in through an unlikely source—trusted third parties.

Trusted third parties can be vendors, which is what happened to Target in 2013, an event still making headlines. Criminals were able to steal the financial and personal information of as many as 110 million customers by hacking a company that serviced Target’s HVAC systems and had access to the retailer’s network for things such as billing and contract submission, according to a U.S. Senate committee report. Using the stolen vendor credentials, cyber thieves moved throughout the network, getting to the most lucrative data and installing malware to steal it.

Trusted software vendors are another threat source. That was the path used for 2020’s SolarWinds hack, whose victims included U.S. government agencies.

In the SolarWinds attack, hackers that the United States later linked to the Russian Foreign Intelligence Service (SVR), planted malicious code into the software firm’s internet technology management tool Orion, which was used by thousands of networks around the world. Using backdoor malware, delivered as a software update, cybercriminals got into the networks of about 100 companies and at least nine U.S. agencies.

Avoiding such attacks is not easy. But there are cyber-defense strategies that can help. Manufacturers should:

Identify all hardware and every piece of software that they run. Without that knowledge, it’s impossible to know what could be attacked or whether any of those crucial assets have vulnerabilities that can be exploited.

Monitor those assets and act when there’s a red flag. In a 2014 report, the U.S. Senate Committee on Commerce, Science, and Transportation said Target appeared, “to have failed to respond to multiple automated warnings from the company’s anti-intrusion software that the attackers were installing malware on Target’s system.”

Segment or partition networks. In another example from the Target breach, the part of the network that handled HVAC contracts should not have been linked to the section handling sales. Those should be separate systems, which can be done through network segmentation.

Adopt a Zero Trust model (meaning trust no one and verify everyone). A user ID and password should not be enough for network access. Everyone—vendors, employees, visitors, and contractors—should be required to confirm their identity with multifactor authentication.

Vet all vendors and make sure they are doing the same with their vendors. Include required levels of cybersecurity in vendor contracts.

It’s never been more important to make certain that “trusted” vendors are able to prove they can be trusted. EP

Cristi Kempf is a contributing writer for MxD, Chicago (mxdusa.org). Kempf is a former journalist with almost 35 years of experience. MxD (Manufacturing x Digital) is where innovative manufacturers go to forge their futures. In partnership with the Department of Defense, MxD equips U.S. factories with the digital tools, cybersecurity, and workforce expertise needed to begin building every part better than the last.