Midsized manufacturers, with revenues between $10 million and $1 billion, are also increasing investments in IIoT. Typically, their focus is on IIoT solutions that employ sensors on plant floor equipment, boosting productivity and efficiency, reducing downtime — and increasing exposure to cyber risks.
6 Steps Midsized Manufacturers Can Take to Protect IIoT Environments
Mike Riemer, Chief Security Architect | Pulse Secure
Auto manufacturers and other Fortune 500 giants dominate news about smart factory and Industry 4.0 innovations driven by the Industrial Internet of Things (IIoT). Meanwhile, midsized manufacturers, with revenues between $10 million and $1 billion, are also increasing investments in IIoT. Typically, their focus is on IIoT solutions that employ sensors on plant floor equipment, boosting productivity and efficiency, reducing downtime — and increasing exposure to cyber risks.
Those cyber risks can be significant. On the plant floor, malware that attacks IIoT devices themselves can disrupt operations or result in safety incidents, as in the case of the Triton malware that was designed to manipulate Schneider Electric’s Triconex safety systems. For manufacturing, downtime resulting from an outage may result in thousands of production time dollars lost or loss of human life.
IIoT devices are also targeted as entry points into the plant operational, or OT, network. OT networks used to be like “walled gardens,” but today they need to connect to the IT network in order to realize the promises of the smart factory. Threat actors can pivot from the OT network to the IT network to steal intellectual property or deliver malware payloads like ransomware, which can bring the entire organization to a halt.
Make security for IIoT a priority
Nearly a third of production processes and equipment already incorporate smart devices, and a similar percentage of manufacturers have a strategy implemented or in place to apply IIoT technologies to their production lines. Whether they are continuing a smart factory journey or just starting out, midsized manufacturers need to address security — or risk incidents that they may not be equipped to deal with.
Here are six steps to take in addressing IIoT security.
1. Think security from the outset. From planning to implementation, security should be top of mind for new projects. Select IIoT suppliers that are proactive about incorporating strong security into the design of their devices along with a straightforward path for patches and updates.
2. Attend to the basics. One of the most persistent security mistakes is using the default passwords that come with devices, like “admin” and “password.” These are well known to hackers and easily exploited. Whenever a new device is installed, change the defaults.
3. Know what’s on the network and what it does. Choose a network security solution that can detect, identify and classify every device attached to the OT network, down to the manufacturer, model number and compliance status. What you find may surprise you!
This step provides an essential baseline for evaluating current security posture and planning improvements. It also enables rapid identification of rogue devices connected in the future. Another desirable capability is dynamic configuration of new authorized devices that come onto the network.
4. Secure the perimeter. Secure IIoT devices on the factory floor with next-generation perimeter firewalls. These firewalls support using policies and rules to allow or deny incoming and outgoing traffic. Use firewall-protected zones to segment the OT network so that if (or when) it is penetrated, the damage can be limited.
5. Establish secure access for manufacturing floor environments. Next-generation network access control enables policy-based, fine-grained governance over who and what (people and devices) can access which resources on the network. Organizations can enable or deny access based on user, role, device, security posture (is the device itself secure?), location and behavior.
6. Authenticate for factory repair. All users and devices requesting access to manufacturing floor IIoT devices should be identified, validated, and profiled prior to being allowed access to the network. Establishing secure access by policy simplifies granting temporary access for authorized support contractors and technicians, helping to reduce downtime for preventive maintenance and repairs.
As IIoT use cases evolve and deliver on the promise of increased efficiency and productivity, midmarket manufacturers focused on growth will expand adoption. That means a dynamic factory floor environment, which requires a security infrastructure that adapts easily to change. Look for solutions that provide secure access, automated discovery and policy-based authorization, ideally in a simple and straightforward manner. Read the white paper “Zero-Trust Secure Access: 5 Steps to Secure Manufacturing and IIoT” for a deeper dive on the technology that can make it happen.
About Mike Riemer
Mike Riemer is the Chief Security Architect for Pulse Secure, a leading provider of enterprise access security solutions. He has more than 30 years’ experience researching, assessing requirements for, designing, supporting and implementing integrated security systems across firewalls, VPNs, UTM, WAF, AAA, intrusion protection and SIEMs. Prior to Pulse Secure and Juniper, Mike held a position in design consideration and implementation at Harley Davison, GE Capital and retired after 20+ years of service in the U.S. Air Force where he began his career in information and cyber security.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.