A Comprehensive Guide to Manufacturing Cyber Security

Big Data Analytics

Many technologies, particularly IIoT, are driving the need for better analysis of large data sets. Big data analytics is a field of research that addresses techniques for analyzing data sets that are too large to be dealt with in traditional data processing application software. Big data and IIoT work in tandem to monitor, analyze, and react to environmental data in manufacturing environments. Again, the applications are almost unlimited, but an early use case was predictive maintenance.

5G

5G is the fifth-generation technology standard for broadband cellular networks. Telecommunications providers began rolling out this successor to 4G in 2019. 5G is designed to deliver massive bandwidth improvements over its predecessor, with maximum download speeds of 10 Gbps. This should allow the networks to not only act as a traditional network for cellular calls but also to become general-purpose networks for internet service providers. This ubiquitous, global, wireless bandwidth is expected to enable further a multitude of IIoT use cases, as well as traditional industrial control system (ICS) applications.

Building a Framework

There is a lot of effort underway to provide a framework that encompasses all of the technological changes currently underway in manufacturing. For example, the German Electrical and Electronic Manufacturers’ Association published the Reference Architecture Model for Industry 4.0 (RAMI 4.0) in July 2015. The RAMI 4.0 model maps hierarchical levels (e.g., the Purdue model) against functional communication levels that run from high-level business concerns to individual assets. Finally, the model considers the life cycle of a product under development or in manufacturing.

The big-picture approaches are welcome, and organizations should certainly be considering the strategic implications of each new technology purchase and how those technologies can best be deployed, integrated, and leveraged. Investments in these new technologies are typically made piecemeal, but by adhering to a common reference architecture, these incremental investments can provide more holistic benefits.

Critical Manufacturing Cybersecurity

It should come as no surprise that all of this technological change is causing the industry to reevaluate how to approach cybersecurity in manufacturing for both information technology (IT) and operational technology (OT) infrastructure. Industry 4.0 requires an even tighter coupling of traditional IT and OT. In almost every case, these new technologies create additional data, create additional connections to existing data, or enable the storage and use of data in new, more distributed locations.

These architectural changes raise obvious questions about cybersecurity. But they also make clear the need to reconsider traditional approaches to disaster recovery and resiliency planning. Organizations will have a much richer set of operational data that are both distributed and redundant, along with powerful predictive analytic capabilities that will make preventing or recovering from system outages simpler. But the additional connectivity to OT infrastructure required to enable this benefit is accompanied by greater exposure to cybersecurity threats as the attack surface is enlarged.

Legacy Challenges

Legacy OT systems are burdened with a long list of cybersecurity concerns, including:

• Equipment with decades-long life cycles,
• An inability to patch systems due to stability concerns,
• And a lack of basic cybersecurity features such as user authentication or encryption.

Historically, OT security personnel could at least credibly claim that such systems were “air-gapped” to ensure isolation from the rest of the world. However, complete isolation, if it ever existed, has become impossible today. No manufacturing organization can embrace an Industry 4.0 strategy without addressing the severe cybersecurity risks that attend it. This strategy requires a recognition of the almost complete integration of IT with OT in modern Industry 4.0 deployments.

OT cybersecurity has traditionally been its own discipline. Analyst firm Gartner defines OT cybersecurity as: “The practices and technologies used to protect people, assets and information involved in the monitoring and/or control of physical devices, processes and events, particularly in production and operations.” Over the years, as IT has been incorporated into OT systems, the approaches to cyber protection have also merged, but the primary goals of the two disciplines remain distinct.

IT and OT cybersecurity differ in fundamental ways but not only because the systems often require different security controls. The real distinction is that IT and OT security practitioners have different goals for “securing” their assets and different definitions of “secure.” This is hardly surprising given that IT is chiefly concerned with digital assets and OT is chiefly concerned with physical assets.

CIA vs. CAIC

The standard for IT cybersecurity is the well-known confidentiality, integrity, and availability (CIA) triad. Enterprise data is considered proprietary intellectual property, and therefore keeping digital assets under lock and key has been the primary objective of IT cybersecurity strategies. This is followed by the need to ensure the integrity of digital assets. Organizations must not only keep their data out of competitors’ hands, but they must also ensure that data is not corrupted, either intentionally or otherwise. Finally, that data should be available internally to appropriate employees and partners, and potentially, customers.

The standard for OT cybersecurity, however, requires a broader and a reordered set of priorities, namely control, availability, integrity, and confidentiality (CAIC). Maintaining control of all physical assets to ensure their safe operation at all times is the primary objective of OT cybersecurity and overrides all other concerns. The next most important goal for OT cybersecurity is availability. OT is present in all critical infrastructure facilities, and critical infrastructure typically needs to be available 24/7/365. Integrity is also essential, particularly to the degree it ensures safety and availability. The confidentiality of OT data is the least important concern.

Resiliency Planning

When developing a cybersecurity action plan, it is important to consider how it fits into an organization’s broader resiliency planning. The U.S. National Security Agency (NSA) and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) strongly recommend having a resiliency plan in place to deal with potential cyber disruption. Those agencies suggest that organizations need an OT resilience plan that allows them to:

The CMMC model framework organizes cybersecurity processes and practices into domains that are mapped across five maturity levels.

• Immediately disconnect any systems from the internet that do not need internet connectivity for safe and reliable operations. Additionally, implement compensating controls for systems where connectivity cannot be safely removed.
• Be prepared to operate processes manually should ICS infrastructure become unavailable or should it need to be deactivated due to cyberattack.
• Remove any additional functionality that could induce risk and increase the attack surface area.
• Identify and understand system and operational dependencies.
• Restore OT devices and services in a timely manner.
• Create and safely store gold-copy backup resources, such as firmware, software, ladder logic, service contracts, product licenses, product keys, and configuration information.
• Periodically test and validate data backups and processes in the event of data loss due to malicious cyber activity.

For manufacturers, creating and understanding an accurate “as-operated” map of OT connectivity is critical to initiating a risk reduction cybersecurity plan. Again, the NSA and CISA recommend the following actions to identify assets: