Cybersecurity attacks are on the rise, especially since the onset of the COVID-19 pandemic. Cybercriminals are attacking all businesses, including critical infrastructure and members of the global supply chain.
Whether it’s ransomware, Distributed Denial of Service (DDoS), phishing attacks, or social engineering tactics, no business should consider itself completely immune to cyberattacks.
OEMs and other suppliers to the manufacturing industry are targets for cyberattacks. The majority of them store valuable data, maintain significant IT and OT operations, and, unfortunately, many lack the necessary resources to address major cybersecurity concerns adequately.
So, why should OEMs, in particular, prioritize cybersecurity? First and foremost, they serve manufacturing clients that are vulnerable to cybersecurity threats themselves. They must safeguard their sensitive data from outside observers, whether it’s client data, client lists, or employee information.
OEMs are often targeted because they have these connections – a criminal can execute an attack on OEMs as a means to breach other targets within their client network. In other words, malicious actors may initially attack an OEM with the understanding that there will be bigger, and possibly more valuable targets further up in the supply chain.
Consider a cybersecurity attack in 2017. FedEx, lost $300 million due to a cyberattack on one of its daughter companies, TNT Express. The attackers may have targeted TNT Express knowing that it was connected to FedEx. This example perfectly illustrates how external client connections can open a company to more vulnerabilities.
How Can OEMs Improve Their Cybersecurity Resilience?
Unfortunately, the manufacturing industry is learning about cybersecurity the hard way. According to research from IBM, manufacturing faced the brunt of cybersecurity attacks in 2021 – even more than the insurance and financial sectors.
Additional research suggests manufacturing companies are subject to an estimated 27% of all cybersecurity intrusions, showing how critical this problem is in the industry.
Here are two important measures OEMs should take to improve their cybersecurity resilience.
Secure the Chain of Custody
OEMs often make equipment parts or components that can be modified by other OEMs or suppliers, which leaves them with unique cybersecurity concerns to manage.
Any products an OEM creates can come equipped with security mechanisms, but if another OEM or supplier modifies them, it may put the mechanisms at risk. An OEM has little control over what happens to the product once it is sold to another party.
OEMs must keep cybersecurity top of mind and include security measures at the earliest stages of development. Taking steps to secure products during these early stages is a proactive approach to cybersecurity and is a form of quality assurance for the OEM.
Another step OEMs can consider taking is ensuring product security can be monitored in the future and remotely updated if necessary. For example, an automotive OEM may be able to issue an over-the-air (OTA) software update for a client to bolster security.
Generally, OEMs deal with a complex supply chain with multiple players and factors to consider. One way to bring clarity to the supply chain is to form licensing agreements.
In some cases, licensing agreements can help OEMs monitor their chain of custody so each organization involved in the supply chain is held accountable for the conditions of the product as it makes its supply chain journey. Increasing supply chain visibility should be imperative for OEMs. License agreements are essential for OEMs because it protects their brand as well as the businesses for which they provide products.
Additionally, these agreements typically should include concise language regarding the specific modifications that can be made to any products sold to involved parties. Any modifications made outside of the agreement or sub-agreement could potentially put a product’s mechanisms or security measures in jeopardy.
More Tips OEMs Should Consider to Reduce Their Risks of Cyberattacks
In addition to securing the chain of custody and devices, OEMs can take other measures to reduce their risk of facing a cyberattack. A recent report from The Association for Packaging and Processing Technologies (PMMI) titled “2021: Cybersecurity: Assess Your Risk” outlines information regarding cybersecurity in manufacturing.
Because manufacturers adopt robust technologies for enhanced connectivity, such as remote access and the Industrial Internet of Things (IIoT), OEMs are more vulnerable to cybersecurity risks. The rise of remote work is also expanding the attack surface for OEMs.
Below are more tips OEMs should consider when improving their cybersecurity posture.
Cybersecurity strategies for manufacturers
Often times we outline education as a top cybersecurity priority for manufacturers, offering tips for facility cybersecurity professionals to bolster their security posture.
Identify connected devices and vulnerabilities
Additionally in working with clients we highlight the importance of understanding cyber vulnerabilities not just in IT systems, but OT tools as well. "If my IT systems were hacked, I might lose confidential information, I might lose customer information — it's not a good thing. But 99% of the time, my factories are running, I'm shipping product and I'm still getting product from my supply chain. If my OT systems are hacked, my factory goes down," This can be a major problem.
Our recommendations it to identifying which technologies are able to be remotely accessed is a critical first step in assessing the threat landscape in a manufacturing facility. From programmable logic controllers (PLCs) to large machines with an Internet of Things (IoT) component, there are many potential avenues for cybercriminals to attack a manufacturing facility.
One way for manufacturing security professionals to gain better insight into their potential vulnerabilities is to examine the NIST website, which lists known software vulnerabilities that could be present in an organization's code assets. Third-party software can also help identify which pieces of vulnerable code are involved in a facility. It's not just the good guys that have access to that information. It's also the bad guys, they go to the NIST website and find out all the vulnerabilities as well.
That emphasizes the importance of not only threat identification, but also cyber defense in a manufacturing facility.
Protect the threat landscape
From remotely launched hacking to insiders introducing malicious code via USB drives, manufacturers face many cyber threats when operating their facilities.
However, there are many tools that those responsible for cybersecurity in manufacturing facilities can employ:
Segmentation firewalls contain malicious activity to one network segment
Antivirus protection can stop known viruses from penetrating a network
Whitelisting applications only allows approved applications network access
Private 5G networks can help protect a network by limiting offsite access
Identify Common Attack Vectors, Vulnerabilities, and Risks
Cybercriminals are becoming increasingly sophisticated and creative in their attack strategies. Here are some common pathways used to execute attacks:
Impersonating a target’s vendor using their credentials and demanding a ransom payment.
Infecting a supplier with dormant ransomware, which goes undetected until it reaches the desired target.
Targeting and compromising IIoT devices that ship to a recipient, potentially infecting an entire business.
Infiltrating and exploiting security updates issued by vendors and pushing malicious code into updates to target an OEM.
When an OEM understands potential vulnerabilities, they can employ appropriate counteractive measures.
Prepare, Prevent, and Respond
Taking proactive steps rather than reactive steps is critical for OEMs. OEMs can improve their posture by conducting a cybersecurity audit using a cybersecurity team’s resources or consulting a managed security services provider (MSSP). A cybersecurity team or MMSP can help OEMs build a stronger cybersecurity posture.
Additionally, OEMs must have a thorough cybersecurity incident response plan in place. Organizations with well-thought-out response plans typically bounce back more quickly, get operations back up and running, and endure less damage from an attack.
Consider Cyber Insurance
Another strategy OEMs can employ is investing in cybersecurity insurance solutions. However, it’s also important understand that cyber insurance is not a solution by itself. It works best when other cybersecurity measures are in place.
Insurers can also conduct audits to help OEMs address cybersecurity risks and improve their cybersecurity risk management tools. Also, it’s common for manufacturers that are better prepared before an audit to receive lower premiums and deductibles, making cyber insurance more cost-effective.
OEMs have their work cut out for them when it comes to cybersecurity. Protecting all of their external connections from being compromised should be of the utmost importance.
OEMs: Implement Strong Measures in 2022
A cybersecurity attack on an OEM can halt operations, lock down systems, and require a ransom to be paid, which is bad enough. However, sophisticated attacks can cause more damage, including compromised intellectual property, patent theft, or leakage of sensitive financial information.
A defenseless OEM may be a pivot point for criminals to execute more significant attacks on larger connected clients. They must consider the above information and implement strong cybersecurity risk management strategies to maintain a good posture in a high-risk cybersecurity environment.
Conclusion
Although there is a tremendous amount of product and process innovation occurring in the manufacturing sector as digital and physical paradigms continue to evolve, there is also much variability among cyber risk approaches which leaves individual companies vulnerable to attack and loss of critical data. Manufacturers face a plethora of challenges as they strive to get a handle on complex issues such as upgrading legacy ICS while maintaining production output levels to more fundamental human capital concerns such as the scarcity of critical talent.
Cyber risk is also climbing ever higher on the list of priorities for senior executives and company boards. Nevertheless, establishing effective cyber strategies remains challenging as many boards still do not have enough information about the company’s cyber profile, initiatives, and/or specific vulnerabilities to raise the right questions.
In order for manufacturing companies to capture the business value associated with emerging exponential technologies, address the dynamic cyber risk landscape, and increase preparedness should a cyber breach occur, they must remain secure, vigilant, and resilient.
Looking for help? Contact Us Now!