While rapid technology advances have improved manufacturing operations in recent years, combining new and legacy operational technology (OT) has created security gaps that many manufacturers are just beginning to close, according to a research report published by Information Services Group (ISG).
The report finds the complex mix of legacy OT and newer, connected technologies such as industrial IoT and machine learning has forced manufacturers to add security extensions for protection against cyberattacks.
“Manufacturers face a growing need for security tools to ensure seamless operations and defend themselves against attacks that can cause downtime, financial loss and reputational damage,” said Christian Decker, partner, ISG Smart Manufacturing. “More companies in heavy industry are beginning to recognize these threats and authorize funding for OT security throughout their facilities.”
Utilities, healthcare companies and some manufacturing firms have been the most aggressive about adopting defenses against cybersecurity threats, the report says. A growing number of advanced tools for launching cyber-physical attacks against industrial infrastructure are freely available online.
However, automotive and some other heavy industries have not yet implemented OT security and as a result have fallen victim to cyberattacks, such as a recent action against a Japanese automaker that resulted in several plants going offline.
OT security solutions preferences
Proactive enterprises are seeking OT security solutions that can be scaled up and applied to on-premises assets, including specialized infrastructure such as fuel sensor networks in oil refineries. They are also seeking solutions that can manage and secure all device types via an open platform. These include both detection and derailment of threats and decoy and deception features to prevent intrusions in the first place. New deception technologies can first disrupt attackers’ attempts to probe the network and then feed false information to them.
Many organizations are outgrowing point solutions and graduating to OT security systems that provide unified visibility across all assets. This is quickly becoming imperative for organizations that have begun introducing digitization, AI and cloud-based infrastructure. The most effective unified security systems encompass all OT and IT elements, including IoT, industrial IoT, mobile and wireless devices.
The next phase of OT security will be adopting stable cloud infrastructures for storing big data from both a manufacturer and its customers. By combining these in a data lake, companies will be able to apply machine-learning algorithms to gain additional insights and recommendations.
Mobility industries, especially automotive, are also facing security threats against vehicles, the report says. For example, experiments have shown manipulating the geolocation systems of connected cars could allow attackers to take control of steering and speed. OEMs and suppliers are integrating products from emerging automotive security vendors to defend against potential attacks and comply with increasingly strict regulations.