More and more, manufacturers and utilities are discovering the many benefits of expanding their digital networks—but that can’t be effectively done without addressing the growing cybersecurity threats that come with it.
Cybersecurity Threats in Light of COVID-19
Manufacturing and utility operations are facing a wide variety of different cyber threats today. The latest? The theft of intellectual property, and malicious attacks capable of crippling critical infrastructures, like utilities, energy plants, and large-scale factories. These attacks can range from sophisticated, effective phishing schemes to ransomware demands and distributed denial of service (DDoS) attacks. (Just how quickly can this happen? Pretty quickly.)
With COVID-19, the stakes are even higher. Supply chain disruptions from recent cyberattacks like the ones mentioned above have drastically affected manufacturing, industrial plants and mills, and utility operations. Because there’s a mixture of small and medium-sized manufacturers, it is one of the more complex infrastructures needing protection. However, as more and more people become aware of these threats, more and more solutions are being made known. Awareness truly is the first line of defense.
The Industrial Internet of Things is growing rapidly. There’s a big push for the full digitization of manufacturing—this means that hackers are concentrating on the inner workings of factory-floor controls and automation. Cyberattacks are beginning to narrow in on operational technology (OT) instead of information technology (IT) systems. In fact, 30% of cyberattacks are now targeting OT. The consequences of this rise in OT attacks are higher, because potential breaches in these systems, especially while trying to recover from a pandemic, could seriously wound domestic production.
So, what are the biggest risks? The answer is unauthorized access to control systems used to manage industrial operations, which could pose a major threat in the form of operational disruption, employee health and safety, customer relationships, expensive equipment destruction, and in some cases, customer safety. Increased connectivity introduces additional vulnerabilities via a broader attack surface.
As manufacturers continue to invest more in automation, cybersecurity has to be a top concern.
Thanks to an overall lack of emphasis on cybersecurity, manufacturing and utility operations are often victims of intellectual property theft. Attacks on control systems are also not uncommon, and the risks are growing every day. They need to be addressed more in the industry.
With the COVID-19 crisis, experts see cyber threats evolving and adapting. Manufacturing supply chains are now being targeted more—instead of relying on random, automated attacks, cybercriminals are being very particular with who they target. They’re now going after industries that might be more willing to pay, like state governments, schools, and now healthcare.
The good news? A lot of these attacks can be prevented, simply by setting up a cybersecurity perimeter defense. Occasionally, criminals can still get in—but having this in place can significantly mitigate the damage. Whether or not your facility is able to recover after a cyber attack is wholly based on how your system is designed. If you have engineers who are suddenly working from home, you should have already had a plan in place, like using a VPN.
These risks have always been present, for COVID-19 has significantly raised the stakes. IT resources are spread thin, and a lot of people are working remotely—some will see these circumstances as the ideal opportunity to take advantage of you. Not to mention, there are new COVD-19-themed phishing emails that are tricking people into exposing their systems. During “unprecedented times” people are far less likely to question odd emails they get.
With so many people working from home, it should come as no surprise that the opportunity for cyber attacks is much greater. Workers are remotely accessing their operations in various ways, and those ways are all varied in their security.
It’s important to remember that cyber criminals are doing their best to prey on human nature. For example, our need for information in difficult and isolating times. They’ll use that knowledge to get you to click on malicious links. But, this is where the human side of things in terms of solutions comes into play. Make sure your people are well aware of the increased risks of cyber attacks, and what they might look like. They should be able to spot phishing emails. Your IT team should also make sure passwords are managed, and patches are implemented.
So, How Do You Protect Yourself?
It’s essential to have someone with IT expertise and OT control systems expertise implementing your cybersecurity measures. That’s because control systems cybersecurity and networking best practices aren’t exactly the same as traditional IT measures, and having an expert who understands the nuances of control systems cybersecurity is crucial.
That expert can protect you in many ways. There are a lot of technologies that can help minimize, or even prevent, incursions. For example, VPN, public-key infrastructure (PKI cards), multi-factor authentication, real-time equipment monitoring, and factor asset intelligence. For OT, companies should be embracing security in the cloud. If it’s done well, it can make things even more secure for your business. This will also allow for expanded remote operations and automation, without increasing the risk of cyber attacks.
It’s important to figure out which software meets your company’s needs when it comes to security and operations. As the line between OT and IT continues to blur, companies of all sizes should be adopting technologies like these.
Ready to talk solutions? Get in touch with Revere Control Systems today.