Suppliers Provide Path To Cyberattacks
EP Editorial Staff | April 10, 2023
Unsecured supplier connectivity opens the door to your assets and operating data.
By Cody P. Bann, WIN-911
Even before the pandemic began, global supply chains were experiencing growing pains as they adapted to meet the pressures of rising demand and a delivery system in need of an overhaul. Supply and demand issues during the pandemic revealed how fragile supply chains can be, particularly with the increased threat of cyberattacks.
Technologies such as embedded sensors, GPS, and RFID have helped companies transform their existing traditional (a mix of paper-based and IT-supported processes) supply-chain structures into more agile, flexible, open, and collaborative digital models. Digital transformation in supply-chain management enables organizational flexibility, advances business process automation, and accelerates innovation in supply-chain management.
A digital supply chain provides visibility into the workings of the chain; it’s the process of integrating and applying advanced digital technologies into supply-chain operations from procurement data and inventory management to transportation and distribution. Companies are layering more systems into their IT networks to support remote work, enhance the customer experience, and generate value, all of which create potential new vulnerabilities.
Connectivity provides manufacturing-plant operations many advantages including increased productivity, faster identification and remediation of quality defects, and better collaboration across functional areas. However, this connectivity is dramatically increasing smart-factory vulnerabilities and leaving them exposed to cybersecurity threats. In a recent survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation, Arlington, VA (manufacturersalliance.org), 48% of respondents identified operational risks, which include cybersecurity, as the greatest danger to smart-factory initiatives (“Cybersecurity for smart factories,” deloitte.com).
The size of these companies doesn’t seem to matter to the attackers. According to the Federal Bureau of Investigation (FBI), “Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes (“Why Cybersecurity is a Major Concern for Food Firms in 2022,” Forrester, Powder & Bulk Solids, Feb. 4, 2022).”
Surprisingly, a significant share of manufacturers has yet to build the cyber capabilities needed to secure some of these business-critical systems. Deloitte’s survey found that, while 90% of manufacturers reported the ability to detect cyber events, very few companies today have extended monitoring into their operational technologies environments (ibid, deloitte.com).
As companies have accelerated their digitalization strategies to continue operating and support their staff remotely—and as more equipment becomes connected—they’ve become more dependent on third-party software and technology. This, in turn, has increased cyber-attack surface exposure and points of vulnerability.
Supply-chain attacks occur when a company’s data is compromised by the hacking of a third-party supplier with legitimate access to its customers’ systems. Hackers can insert malicious code into trusted hardware or software at the source, compromising the data of its customers, and their customers, in an onward chain.
Remote Alarm Notification
Most technology and software vulnerabilities can be found in remote access to networks, insufficient security configurations, outdated firewalls, weak passwords, and a lack of proper staff training. It’s ironic that, as manufacturing plants adopt more smart technologies to increase production and efficiencies, cyberattack risks escalate. Coincidentally, turning to additional technology is one answer to address this challenge.
Many supervisory control and data acquisition (SCADA) systems are simply over-exposed to the internet by remote desktop applications, e.g., RDP and TeamViewer. In an attempt to offer process and asset information to operators, organizations have provided much more, ignoring the Principle of Least Privilege (PoLP) and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote-access techniques present an increased security risk for companies.
Advanced remote alarm notification software allows remote operators access to only the information they need from SCADA but not access to the SCADA itself or its operating system host. Such notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. This is done by deploying notification solutions alongside the SCADA system at the network’s control level and using notification modalities that are not internet facing or distributing internet-facing notification processes to higher levels.
For example, internal email servers, SMS modems, and voice through PBX devices allow communication with the outside world without internet exposure. Likewise, isolating the processes that interface with SCADA from those that interface with external email servers, VoIP solutions, and cloud apps allows internet-based notifications without compromising security.
There are valid cases for desktop-sharing software that do not violate PoLP and go well beyond operator access to process information. For such systems, it’s critical that the remote desktop solutions be implemented with sound security.
There are several steps that manufacturers should take to improve their cybersecurity:
• Update any software to the latest version.
• Deploy multifactor authentication.
• Use strong passwords to protect remote-desktop protocol credentials.
• Ensure anti-virus systems, spam filters, and firewalls are up to date, properly configured, and secure (“Cybersecurity Lessons Utilities Can Learn from the Oldsmar Water Plant Hack,” Goldstein, BizTech, April 20, 2021).
Manufacturers should also take steps to secure any remote-access software. They should not use unattended access features and IT leaders should configure the software such that the application and associated background services are stopped when not in use (ibid, BizTech). Integrating remote-alarm-notification software through the SCADA system is critical to further reducing cyberattacks.
Whether you’re a manufacturer or an end user, supply-chain connectivity and the threat of cyberattacks affects your business. Organizations across industries must take immediate steps to improve security and risk posture to prevent attacks on our supply chain, critical infrastructure, and industrial systems.
The scope of the threat is growing, and no organization is immune. Companies must reinforce their defenses and understand the myriad technological tools that will help them combat the ever-growing cyber threats. EP
Cody P. Bann is Director of Engineering at Austin, TX-based WIN-911 (win911.com) and may be reached at email@example.com. The company helps protect more than 18,000 facilities in 80 countries by delivering critical machine alarms through smartphone or tablet app, voice, text, email, and in-plant announcer.