What the manufacturing sector should know about Cybersecurity

Manufacturing has been at the forefront of the technological revolution that has given the world Industry 4.0: From Robotic Process Automation (RPA) to the Industrial Internet of Things (IIoT) to the merger of OT and IT (operational technology and information technology), the interface and network of manufacturing have changed beyond recognition. The result of this digital transformation in the sector is that the isolation afforded by “Island Operation” is no longer there to withstand cyber-attacks. Instead, the modern manufacturer is dealing with complex challenges: A recent report highlights that 69% of manufacturing executives say they “face cybersecurity challenges in implementing their digital transformation strategies”.

Modern manufacturing is at a crossroads. To compete in a global market, manufacturers must innovate and take advantage of state-of-the-art automation, AI, and hyper-connected network comms. This brings them into the spotlight of the cybercriminal community. IT teams and security professionals within the industry must be informed of the choices available to mitigate these existential threats to manufacturing.

SD WAN is ideal for manufacturing, helping the industry to connect the dot of operations, locations, suppliers, etc. As cybersecurity and SD WAN continue to converge it is important for those in manufacturing to know how to optimize their use within the unique environments of our manufacturing sector.

The cybersecurity challenges of manufacturing

Manufacturing is optimized through better productivity, the use of innovative technology, and robust connectivity. Manufacturing is arguably unique in its model of highly distributed sites and applications, compounded by a complex web of suppliers. SD WAN has been embraced by the sector because it provides the backbone for reliable and high-performance networks that service this unique environment. However, SD WAN must be shored up by powerful cybersecurity solutions.

Any organization in the manufacturing sector, including the supply chains servicing the sector, is at high risk of cyber-attacks. Attacks against manufacturers are complicated and enabled by the move to internet-enabled industrial technologies, and the merger of OT and IT (operational technology and information technology): This is evidenced by the Fortinet “2021 State of Operational Technology and Cybersecurity Report”. The researchers found that 90% of organizations in the sector had at least one cyber incident in the past year and 63% had 3 or more incidents.

The IBM X-Force “Threat Intelligence Report Index 2020” identified a 2,000 % increase in cyber-incidents impacting OT infrastructures.

According to research from Sophos, 36% of manufacturing and production companies suffered ransomware attacks in 2020. Almost half of those unaffected by ransomware expect to be attacked soon.

According to the Verizon 2021 Data Breach Investigation Report (DBIR), the top patterns of attack in the sector are:

• System Intrusion
• Social Engineering
• Basic Web Application Attacks

Together these areas represent 82% of breaches. Attackers are predominantly motivated by money (92%) but industrial espionage was also a factor in 6% of cyber-attacks on manufacturing companies.

The cybersecurity elements of manufacturing map to the regulations, compounding the work needed to achieve a compliant, connected, robust, organization. Regulations and standards vary across the sector and across geographies: as well as general industry regulations/standards such as GDPR and ISO 27001, more specific examples include the International Electro-Technical Committee (IEC) 62443 “Security for Industrial Automation and Control Systems and NIST’s Cybersecurity Framework Manufacturing Profile.

Cybersecurity augmentation of an SD WAN platform is achieved using a security-by-design approach that deeply integrates appropriate security solutions. This ecosystem view is based on a tightly meshed SD WAN-cybersecurity solution, a view encapsulated in Gartner’s SASE framework (Secure Access Service Edge).

The people behind the manufacturing sector must be able to make decisions about what security solutions are appropriate for the unique environment of manufacturing.

How to select the best cybersecurity solutions to work with SD WAN

A lot is at stake in the manufacturing industry. Competition is stiff. As the industry becomes more digitized, the cybersecurity risks increase, and preparedness is vital to maintain production. Manufacturer body MakeUK warns that as digitization increases cybersecurity risk will “deepen and broaden”. The same report points out that:

“41% of manufacturers don’t believe they have access to sufficient information to confidently assess their specific risk, and 45% are not confident they are prepared with the right tools for the job. A worryingly large 12% of manufacturers surveyed have no process measures in place at all to mitigate against the threat.”

The imperative to get SD WAN-cybersecurity solution consolidation right is high: manufacturing IT teams MUST meet the dual challenge of keeping costs down while choosing the right security measures for the job.

Three basic pillars that inform this choice are:

Design: SD WAN solutions must use a multi-breakout network with security baked into the design - augmented by cybersecurity solutions.

Integration: SD WAN must use cybersecurity solutions, deeply integrated into the stack, to provide an ecosystem model of threat prevention.

Compliance: This ecosystem approach must have at its core, adherence to the stringent regulations that govern the manufacturing sector.

Strength through cohesion and consolidation: the whole is greater than the sum of the parts

SD WAN is not just enhanced by cybersecurity solutions it is made whole. The unique environments seen across all types of manufacturing require this holistic approach to secure the massive networks of suppliers, multiple cross-jurisdiction sites and warehouses, and to handle the digital transformation cybersecurity challenges of Industry 4.0.

The pillars of this challenge, bringing SD WAN and cybersecurity solutions together are: Augmentation of SD WAN and security requires deep, design-driven, integration.

The network stack and security stack must converge seamlessly to build the optimal solution.

Digital transformation requires a deeply integrated security stack based on zero trust security

The principle of ‘zero trust security’ within a manufacturing environment

Zero trust security is supported by NIST (National Institute of Standards and Technology) who have developed a framework outlining a Zero Trust Architecture (ZTA) in their publication, NIST SP 800-207 ZTA (Zero Trust Architecture). A quote from the publication captures zero trust:

“Remote enterprise subjects and assets cannot fully trust their local network connection. Remote subjects should assume that the local (i.e., non-enterprise-owned) network is hostile. Assets should assume that all traffic is being monitored and potentially modified.“

The principle of zero trust is to always verify people, devices, systems, and networks before allowing access. The extended supply chains of the manufacturing sector are an ideal candidate for a zero trust approach to securing a massively distributed network.

Manufacturers who do not use a zero trust approach with their supply chain are open to attacks such as the NotPetya ransomware attack on A.P. Møller-Maersk. The attack affected the entire extended network, with the result that the company had to reinstall 4,000 servers, 45,000 PCs, and 2500 applications; the collective damages came in at between $250M to $300M.

To meet the exacting cybersecurity requirements of complex manufacturing supply chains, and digital transformed systems and processes, SD WAN must be designed from the ground up to work by the principles of zero trust security. This is achieved through informed choices of effective cybersecurity solutions that deeply integrate into an SD WAN architecture.

The parts of a secure SD WAN for manufacturing

Zero Trust Network Access (ZTNA) and PAM (Privileged Access Management)

ZTNA is ideal for the types of disparate and lateral movements seen across the extended networks of manufacturing. Zero trust architectures are designed to enforce the principles of always verify, never trust. ZTNA creates a protected infrastructure that enforces access rules at a highly granular level so that people, devices, and locations can be checked before granting access. ZTNA provides monitoring and access controls based on zero trust principles across the network, no matter where or what device is used for access.

In terms of cross-border data flow, ZTNA can enforce encryption and dynamic access controls over data flowing across jurisdictions, these controls reflecting the data protection regulations within that geography.

Working as a deeply integrated architecture along with an SD WAN, ZTNA defines the perimeter, expanding as new devices are added or as access to resources occurs across jurisdictions.

In the case of SD WAN plus ZTNA, the whole is greater than the sum of the parts.

Privileged Access Management (PAM) is used to define the ‘least privilege’ principle to resource access and is a fundamental of zero trust. Applying least privilege rules means that only those who really do need access, receive access.

SD WAN integrated with PAM and ZTNA helps to meet the access control portion of Protect, which is one of the five core functions of NIST’s Cybersecurity Framework Manufacturing Profile.

Visibility, monitoring, policy enforcement

Manufacturing supply chains are massive. Take automobile manufacturers, as an example: McKinsey tells us that this type of manufacturer has 250 tier-one suppliers, and this escalates to around 18,000 across the full value chain. And then there are the multiple sites of global manufacturing organizations. Add to this associated companies, remote workers, and the mix of Shadow OT and the result is a complicated, often hidden, web of apps, devices, and people.

Visibility, monitoring, and policy enforcement, within this type of complex network, is a security challenge and a cybercriminal’s dream.

Firewall-as-a-Service (FWaaS) must be integrated into an SD WAN to provide highly granular firewall functionality across every SD WAN appliance; this gives each site, home office, warehouse, and associate, an intrinsic firewall.

Further cybersecurity solution integration should include a Cloud Access Security Broker (CASB) to provide the orchestration, visibility, and policy facilitation between devices and the cloud; all devices, including IoT devices and other internet-enabled hardware can be made visible using a CASB, even if this cloud is a multi-cloud environment that includes IoT and integrated OT.

A Secure Web Gateway (SWG) solution is then used to control web access via a remote device.

All these solutions work in harmony to ensure that network devices are visible and that the security policies of the devices are enforced.

Endpoints

Manufacturing is an endpoint-rich industry. Some industrial operations have tens of thousands of endpoints, and each must be secured, maintained, updated, and given a secure connection to apps and other network resources. Endpoint security in manufacturing is the sharp end of cybersecurity.

A SIEM (security information and event management) platform provides event logging and analysis that covers the entire expanded network. A SIEM, however, generates security event alerts to a degree that can be overwhelming, especially in complex environments such as those in the manufacturing sector. SIEM can be enhanced and extended using an XDR (Extended Detection and Response) solution. XDR fills the endpoint gaps across the network with granular visibility across a complex manufacturing environment made up of a vast array of different types of endpoints. XDR is designed to collate data and alerts from products such as SIEM and generate a single ‘pane-of-glass’ view. XDR uses smart data analytics via ML (machine learning) to analyze network data, looking for anomalies, patterns, and trends that signal a potential cyber threat or attack. The mix of an XDR with a SIEM capability helps to meet compliance and focus on threats.

MDR (Managed Detection and Response) can be used to augment XDR, providing enhanced monitoring, threat hunting, and response capabilities, delivered as-a-Service by security specialists connected to a SOC (Security Operations Center). These specialists use the output from the MDR for cybersecurity analysis and to inform an effective response.

The whole: security stack meets network stack in the form of a Secure SD WAN for manufacturing

By adding layers of security capability to an SD WAN, a Secure SD WAN can make sure that manufacturing companies are both compliant and secure.

The manufacturing industry is no stranger to regulations that cover various aspects of production, use of chemicals, health and safety, and so on. Cybersecurity regulations in any industry are a challenge and a burden. In manufacturing, they can often cause headaches, as the last thing that a company wants is to stop production to investigate a breach in preparation for breach notification.

Cybersecurity regulations and standards that benefit from a Secure SW-WAN include:

• USA, CISA: Critical Manufacturing Sector Cybersecurity Framework Implementation Guidance
• Global, ISO/IEC 27002: 14 controls covering many areas that are crucial to manufacturing security such as supply chains.
• EU, NIS 2 Directive (Network and Information Security (NIS) Directive): EU-wide framework for cybersecurity best practices

A ‘Secure SD WAN’, ticks many of the compliance boxes around data protection, supply chain security, endpoint protection, access control, and cyber-resilience. An SD WAN that is augmented with zero trust technologies, future proofs a manufacturer against changes in regulations and security threats.

Use cases for secure SD WAN in manufacturing

Manufacturing has an unusual set of conditions that requires robust security whilst providing expanded network coverage. As well as a very wide area network of sites, warehouses, and suppliers, the manufacturer also must deliver usability across this secure surface to employees, vendors, and executives, all of whom are targeted by cybercriminals using social engineering and phishing. A secure SD WAN balances usability with security. Examples of a Secure SD WAN in manufacturing include:

Deliver on the promises of digital transformation

As a process is digitized, new technologies are deployed, end points are configured, and devices and people are given access. SD WAN and integrated ZTNA, augmented by WFaaS, secures mission-critical business apps and unified communications. By providing business continuity through a period of change, digital transformation projects can be protected.

Keeping up a secure pace across sites

Multi-site manufacturers need to be able to quickly deploy security. An SD WAN enhanced with integrated WFaaS at each site provides robust networking and security alongside high-speed network connectivity needed in a fast-paced manufacturing environment.

Industrial control using secure SD WAN

Warehouses, factories, utility plants, and even vehicles moving between sites, can be secured using a secure SD WAN, configured to deliver a zero trust infrastructure enhanced with visibility and monitoring capabilities. Data flows from Industrial Control Units (ICU) across sites to the cloud can be secured. Any additional IoT devices added to the network can be quickly discovered, added to the network, and further data flows secured.

Future-proofing the SD WAN

A Make UK report found that 91% of manufacturers intend to invest, or are already investing in, digitization. However, conversely, 35% said that their concern over cyber-threats is preventing them from investing fully. Manufacturing is a highly competitive industry that needs to make the most of its assets. By boxing cleverly and building a Secure SD WAN, a manufacturer can deliver a secure, always-on, working environment, even across sites and large supply chains.