The OT Security Academy

Manufacturing: 2024 Expectations in Cybersecurity

Written by Srivathsan Desikan | December 7, 2023

What are some cybersecurity trends we expect to see from the Manufacturing industry in 2024? We spoke with Omny Senior Engineer Srivathsan Desikan (SD) about the growing cyber threats facing the manufacturing industry and what companies can do to prepare for and prevent attacks. Here’s an extract of our conversation.

 

Why is the manufacturing industry becoming more prone to cyber-attack?

SD: This is an industry that is rapidly digitalizing, and we are seeing connectivity capabilities across all kinds of assets that are used to produce end products. With this comes increased vulnerability, which expands the cyber threat level for the industry. The more connected you are, the greater the surface area for an attack.

Is this only a challenge for newly connected older factories (brownfields) that may not have the same built-in cyber security features as newer ones (greenfields)?

SD: Brownfields are most vulnerable as they run with primitive and legacy control systems. A security first mindset in a greenfield manufacturing facility is of course an advantage. But the problem is that software and hardware are advancing so rapidly. This means that between the design stage and build stage, your protections may already be outdated. It’s important to always think about what’s ahead even when designing systems for today and update defense devices, like firewalls, so that we can strengthen our protection.

Speaking of what’s ahead, what do you foresee in terms of cyber threats in 2024?

SD: It’s very difficult to predict anything because you can’t always foresee how the threat actors will attack. But one of the main trends we are seeing is that threat actors are going much deeper into operations and systems than ever before – going down to component level, as in sensors and valves. These components are all connected now, and it’s here that the threat actor can attempt to sabotage without being detected.

But how can a cyber-attack on a small component be so detrimental to the operation?

SD: Everything is calibrated, and if you mess with one small component, it can have ripple effects across the operation. Think of it like the thermostat in your living room. Perhaps it is usually set at 22°C (72°F), but if adjusted up to 24°(75°F), you may not even notice, but you’ll certainly see it when your invoice arrives. So, these compromised components may be difficult to detect but they can lead to significant economic consequences

Why does the threat actor want to go undetected?

SD: Threat actors may have several motivations. They are likely paid to achieve a goal, whether that’s to retrieve information or do something that will cause reputational damage. The threat actor doesn’t want to risk exposure, which puts an end to their game. Rather, they move slowly and steadily, every day, making small moves to remain as invisible as possible – and eventually wreak as much havoc as possible.

Are only the big and well-known manufacturing companies targets for cyber-attack?

SD: Everyone thinks that it’s just the bigger players with more financial resources that are subject to an attack. But that’s not the reality. Typically, the threat actor has more to gain by targeting many smaller entities and remaining undetectable for longer periods versus one large attack. 

So, what can manufacturers do to stay ahead of the cyber threats?

SD: You can learn a lot by looking into previous methods of attack. The attack may not be exactly the same in the future, but sometimes they can be repetitive. By applying previous attack methodologies on your organization, you can start to make predictions as to how the threat actor may get in, where they can go, and what damage they can do. 

But how do you protect everything when cyber-attacks are so unpredictable?

SD: Preparedness and building resilience force you to think about what’s most important to your operations. You need to identify your ‘crown jewels’, the most critical assets you have, and focus there. You need to look at the common vulnerabilities of these crown jewels, as well as the common vulnerabilities of the devices that connect to or impact these assets. And from there, take specific mitigation actions to protect them. 

What’s a common mistake that manufacturers make in setting up their cyber defenses?

SD: I see the industry taking good and important steps to get an overview of their operations, analyze potential attacks, look for patterns, and build their defenses accordingly. What many forget are all the subcontractors who may have access to their systems, and who may not be taking the same steps to protect themselves. It’s important for any manufacturer to put expectations on all third parties connecting to their system – big or small – so that they meet your strict security standards. You wouldn’t give your house key to just anyone, would you?

We share the insight of our in-house experts in articles like this in our OT Security Academy. To get more articles like this, subscribe to our blog and be notified when we release new articles.