Cyber resilience in manufacturing: addressing challenges in Industry 4.0.  

Recent findings reveal a notable surge in threat actors targeting cyber physical systems such as operational technology (OT) and Internet of Things (IoT) within the manufacturing industry. The latest OT and IoT security report serves as a clear alarm for business leaders, highlighting how the critical manufacturing sector has become the prime target, with related Common Vulnerabilities and Exposures (CVEs) surging by a staggering 230 percent over the past six months. The manufacturing industry has seen rapid evolution, including significant digitalization which brought significantly more connected devices, new wireless connectivity, and expedited integration of OT and IT. This convergence, aimed at enhancing effectiveness, efficiency, and competitiveness, also potentially exposed legacy OT systems originally designed to be air-gapped, to cyber threats. 

For manufacturers, digital transformation became essential for staying competitive. However, it also entails heightened cybersecurity challenges. To navigate this dual imperative effectively, manufacturers must develop a strategy that balances innovation with security. Key considerations in this journey include: 

Visibility: With decisions regarding OT and IoT devices and systems increasingly decentralized across supply chains, manufacturers require comprehensive visibility into all connected devices – including devices connected to wireless networks. 

Technology: The longevity and efficiency of manufacturing operations can be compromised by aging devices and outdated operating systems, thus recognizing which devices are still viable can enhance operational efficiency and mitigate the risk of downtime. 

Compliance: Manufacturers must grasp the regulatory landscape to ensure adherence to relevant standards for each device category. This understanding is vital for establishing and maintaining robust security measures while remaining compliant with industry regulations. 

Challenges of integration in Industry 4.0 

Manufacturing organizations face several obstacles on this path to integration. Firstly, achieving IT/OT cybersecurity convergence necessitates close collaboration between previously siloed departments. 

Furthermore, technology constraints hinder seamless integration. Many manufacturing companies operate outdated software systems, with some relying on antiquated Windows ’98 machines. Given the imperative of continuous operation in critical manufacturing, teams cannot afford to halt processes for machinery updates, so stakeholders must ensure continuity amidst evolving technological landscapes. 

Business leaders must navigate the delicate balance between resilience and continuity, as interruptions in production not only incur reputational damage but also commercial losses. Bridging this gap is crucial to unlocking the benefits of IT/OT integration and ensuring the resilience of manufacturing operations. 

The imperative of cyber resilience 

While the focus on safety and continuity remains paramount in the critical manufacturing sector, the significance of cyber resilience cannot be overstated. As it was previously discussed, organizational structure poses a significant obstacle to IT/OT integration, necessitating a shift towards a more unified approach. This entails the creation of an authoritative body with a comprehensive understanding of both IT and OT domains, capable of assessing visibility issues and vulnerabilities, with the main objective of implementing preventive strategies to proactively address vulnerabilities rather than merely reacting to them. 

Furthermore, ensuring robust security hinges on comprehensive visibility – you can only protect what you can see. Implementing a specialized OT threat management solution enables mapping of the OT environment and establishing baselines for OT processes, enhancing transparency and pinpointing vulnerabilities within the equipment. Modern scanning methods use passive detection and authentic ICS protocol requests to gather detailed information from assets without causing any disruption to OT devices. Activating the platform’s protection mode enables system alerts to flag security threats and potential process anomalies, providing critical insights. 

Manufacturing companies can adopt scalable solutions with a dynamic, non-static approach, ensuring that resilience remains at the forefront of their cybersecurity. The solution should provide threat intelligence tailored to the industry context and customized to meet the specific needs of each company, enabling them to stay abreast of the constantly shifting threat landscape. 

Governmental frameworks 

Government regulations play a pivotal role in setting essential security standards and fostering a culture of compliance within the industry. Two prominent security frameworks, namely the NIST Cybersecurity Framework Manufacturing Profile and IEC 62443, offer comprehensive guidelines for manufacturers to mitigate cyber risks across their operations. While these frameworks provide a roadmap for enhancing cybersecurity posture and evaluating control environments, they also emphasize the importance of developing a continuous cybersecurity strategy. 

However, achieving compliance doesn’t equate to absolute security. It is essential for organizations to cultivate a security-oriented mindset, where cybersecurity is woven into the company’s DNA and is viewed as an ongoing process rather than a one-time obligation. 

The future of OT/IT integration 

In the realm of modern manufacturing, the seamless integration of IT and OT systems is not just a strategic imperative but a critical necessity. Business leaders should foster a culture of collaboration between traditionally siloed IT and OT teams, breaking down barriers to knowledge sharing and establishing unified approaches to cybersecurity and operational continuity. This collaborative leadership should drive strategic investments in technology modernization, prioritizing the upgrade of outdated systems and the implementation of robust cybersecurity measures across both IT and OT environments. While the imperative of continuous operation presents challenges, phased implementation and strategic planning can mitigate risks, ensuring that modernization efforts align with operational imperatives.   

For a list of the sources used in this article, please contact the editor.  

By Mick Cassell and Oliver Feiler 

Mick Cassell, is a Cyber Security Product Specialist at BT. 

Oliver Feiler is Head of Global Alliances and Strategic Partnerships at Nozomi Networks.