Check out all the on-demand sessions from the Intelligent Security Summit here.
By making zero trust a high priority in 2023, manufacturers can close the IT and operational technology (OT) gaps that keep them open to attack. Despite millions spent on perimeter security, cyberattackers are targeting manufacturing companies and processing plants at record levels.
Attackers increased their reconnaissance of internet-connected SCADA networked devices and sensors a tremendous 2,204% in the first nine months of 2021, according to IBM’s 2022 X-Force Threat Intelligence Report. (SCADA long-distance operational control systems are commonly used to manage power transmission and pipelines.) The global economic impact of OT cyberattacks by next year is projected to reach $50 billion in losses. Through 2026, more than half of cyberattacks will be aimed at areas that zero-trust controls don’t cover and cannot mitigate.
Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) warned that advanced persistent threat (APT) criminal gangs are targeting many of the most popular industrial control system (ICS) and SCADA devices. Manufacturers’ vulnerabilities are becoming more widely known because of the rapid growth of new endpoint technologies including IoT, IIoT and remote-sensing devices deployed to deliver real-time data.
ICS sensors are designed not to protect data but to streamline data capture. That’s one of the challenges to implementing a zero-trust network architecture (ZTNA) framework and strategy in manufacturing today.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Manufacturing among the fastest-growing threatscapes
Twenty-three percent of all attacks remediated by IBM’s X-Force Threat Management platform originated in manufacturing. That makes manufacturing the most-attacked industry, per the company’s analysis — replacing financial services for the first time, in 2021. Gaps in IT and OT are a magnet for cyberattacks, with 61% of intrusion and breach incidents occurring at OT-based manufacturers. More than two-thirds (36%) of the attacks on manufacturers were launched with ransomware.
It’s concerning how fast the digital epidemic of attacks on manufacturers’ and ICS devices is growing. For example, Kasperksy ICS CERT found that one in three global ICS computers had blocked malicious objects at least once in the first half of 2022 alone. In the same period, there were 560 ICS-CERT-issued common vulnerabilities and exposures (CVEs), with 303 introduced in the first half of this year. Critical manufacturing was the most directly impacted sector, with 109 reported CVEs.
Manufacturers’ systems are down for an average of five days after a cyberattack. Of these, 50% respond to the outage in three days, and 15% respond within a day or less. “Manufacturing lives and dies based on availability,” Tom Sego, cofounder and CEO of BlastWave, told VentureBeat in a recent interview. “IT revolves on a three- to five-year technology-refresh cycle. OT is more like 30 years. Most HMI (human-machine interface) and other systems are running versions of Windows or SCADA systems that are no longer supported, can’t be patched and are perfect beachheads for hackers to cripple a manufacturing operation.”
Why it’s hard to implement zero trust in manufacturing
Manufacturers are rapidly adding endpoints, exposing threat surfaces and adding partners with unprotected third-party devices. Perimeter-based cybersecurity systems have proven too inflexible to keep up. Add to that how challenging it is to implement ZTNA across an ICS that’s designed more for efficiency, monitoring and reporting than for security, and the scope of the problem becomes apparent.
Configuring an ICS with physical gaps between systems, a technique called air gapping, no longer works. Ransomware attackers prey on these air gaps with USB drives, turning the exposed physical gaps between systems into attack vectors. Over one in three malware attacks (37%) on an ICS are designed to be delivered using a USB device. Ransomware attackers are copying the techniques of software supply chain attacks by relabeling executable files with common, legitimate file names. Once into an ICS, an attacker moves laterally through networks, captures privileged access credentials, exfiltrates data and tries to gain control of the facility.
Another challenge is that many legacy sensors and endpoints, from programmable logic controllers (PLCs) to basic motion and temperature sensors, rely on a broad spectrum of protocols such that many legacy devices can’t be assigned an IP address. Sensors that an ICS relies on are designed more for constant, real-time data transfer at low latencies than for supporting encryption and security. Unsurprisingly, 86% of manufacturers have little to no visibility into their ICS systems and the production processes they support.
>>Don’t miss our special issue: Zero trust: The new security paradigm.<<
Manufacturing CISOs tell VentureBeat that their legacy perimeter security networks commonly lack adequate protections for web applications, browser sessions and third-party hardware, and have no options for remote-access policies. Open ports, misconfigured firewalls and unmanaged wireless connections permeate these networks. Add to that a lack of control over federated identities and privileged access credentials, and it becomes evident how difficult it is to implement zero trust across a legacy manufacturing environment.
These risk liabilities are why manufacturing must make implementing ZTNA frameworks and adopting a zero-trust security posture a high priority in 2023.
How manufacturing CISOs can get started now
Partly because the industry is so competitive, security has lagged behind other priorities for manufacturers. In 2023 that needs to change, and security needs to become a business enabler.
“Companies that embrace this will gain a competitive advantage and enable remote capabilities that can increase efficiencies across a global supply chain,” BlastWave’s Tom Sego told VentureBeat. “Companies that bury their heads in the sand, thinking, ‘It can’t happen to me’ or ‘I’m covered,’ are deluding themselves into the inevitable cyberattack, which will create an existential crisis that could have been avoided. An ounce of prevention is worth pounds of detection and remediation.”
As manufacturers increase the speed of their operations, they need to secure web applications using zero trust. Microsegmentation needs to go beyond defining an entire production facility as a single trusted zone. Most of all, a ZTNA framework needs to be based on a solid business case that factors in multicloud configurations.
The following areas are core to a practical ZTNA framework, adapted by manufacturers to their unique business and operating requirements.
Getting zero trust right needs to start in each browser session, companywide
Manufacturers sometimes need to rush to reshore production because of labor, political and cost uncertainties. Web applications and browser sessions are critical to making this happen. Remote browser isolation (RBI) is a must-have, given how fast these reshoring transitions have to happen. The goal is to use zero trust to protect each web application and browser session against intrusions and breach attempts.
Manufacturers are evaluating and adopting RBI because it doesn’t force an overhaul of their tech stacks. RBI takes a zero-trust security approach to browsing by assuming no web app or browser session content is safe. Leading RBI providers include Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler.
RBI is also being used to protect applications like Office 365 and Salesforce — and the data they contain — from potentially malicious unmanaged devices, like those used by contractors or partners.
Ericom is a leader in the field, evidenced by its approach to preserving native browser performance and user experience while protecting every endpoint from advanced web threats. Ericom’s solution is ideal for manufacturers facing the daunting challenge of reshoring production, as it even secures users and data in virtual meeting environments like Zoom and Microsoft Teams. Manufacturers VentureBeat has spoken with about reshoring are having back-to-back Zoom and Teams calls as they work to get production back to the United States to gain control of labor and material costs.
Multifactor authentication (MFA) is table stakes, and part of a complete ZTNA framework.
CISOs have told VentureBeat that MFA is a quick win and one they can use to build strong support for their future budgets. In a recent interview titled A Look Ahead: John Kindervag’s Zero Trust Outlook for 2023, zero trust’s creator commented on MFA, saying, “we’ve put too much reliance on multifactor authentication, which we used to call two-factor authentication, and then we change the numeral two to the letter M and suddenly became new and sexy, but it’s been the same thing forever. And, you know, it’s a powerful tool that should be in our war chest. But at the same time, if you rely on that only, that will be a problem.”
The speed of deploying MFA needs to be balanced with its effectiveness as part of a total ZTNA framework. Forrester senior analyst Andrew Hewitt told VentureBeat that the best place to start when securing endpoints is “always around enforcing multifactor authentication. This can go a long way toward ensuring that enterprise data is safe. From there, it’s enrolling devices and maintaining a solid compliance standard with the unified endpoint management (UEM) tool.”
Why manufacturers also need microsegmentation
Microsegmentation is designed to segregate and isolate specific network segments to reduce the number of attack surfaces and limit lateral movement. It’s one of the core elements of zero trust as defined by the NIST SP 800-27 zero-trust framework.
Manufacturers are using microsegmentation to protect their most valuable assets and network segments, starting with connected shop floor machinery. They’re also using microsegmentation to enable contractors, third-party services and supply chain suppliers to access their networks. The manufacturers most advanced in ZTNA adoption are ultimately using microsegmentation to replace legacy software-defined networking (SDN) architectures.
Leading vendors include Akamai, Airgap Networks, Aqua Security, Cisco, ColorTokens, Illumio, Palo Alto Networks, TrueFort, vArmour, VMware and Zscaler. Of the many options available to manufacturers, Airgap’s Zero Trust Everywhere solution is the most adaptive to manufacturers’ constantly changing endpoints, which comprise the most fluid attack surfaces they need to protect. A bonus is that it’s born in the cloud, can protect hybrid and multicloud configurations, and can be part of an organization’s playbook for managing least privileged access and ZTNA permissions network-wide.
Manufacturing runs on endpoints, making them indispensable in ZTNA frameworks
Endpoints are the most challenging area of implementing a ZTNA framework in a manufacturing business — and the most vital. Endpoints serve as the conduits for every transaction a manufacturing business has, and they are too often left unprotected. Cloud-based endpoint protection platforms (EPP) are ideal for manufacturers pursuing a ZTNA framework and strategy because they can be quicker to deploy and customize for a manufacturing operation’s unique needs.
Self-healing endpoints are crucial in manufacturing, as the IT staff often covers a short-handed or nonexistent cybersecurity team. By definition, a self-healing endpoint will shut itself off, recheck all OS and application versioning, including patch updates, and reset itself to an optimized, secure configuration. All these activities happen without human intervention. Absolute Software, Akamai, CrowdStrike, Ivanti, McAfee, Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro and Webroot are delivering self-healing endpoints today.
Forrester’s report, The Future Of Endpoint Management, provides a useful guide and vision for the future of self-healing endpoints. Its author, Andrew Hewitt, writes that for self-healing to be the most effective, it needs to happen at multiple levels, starting with the application, then the operating system, and finally the firmware. Forrester’s report states that self-healing embedded in the firmware will prove the most essential because it will ensure that all the software running on an endpoint, even agents that conduct self-healing at an OS level, can effectively run without disruption.
Hewitt told VentureBeat that “firmware-level self-healing helps in a number of ways. First, it ensures that any corruption in the firmware is healed in and of itself. Secondarily, it also ensures that agents running on the devices heal. For example, suppose you have an endpoint security agent running on an endpoint, and it crashes or becomes corrupted in some way. In that case, firmware-level self-healing can help to fix it quickly and get it properly functioning again.”
Absolute Software’s Resilience is the industry’s first self-healing zero-trust platform that provides asset management, device and application control, endpoint intelligence, incident reporting, resilience and compliance.
Every identity, whether human or machine, is a new security perimeter
Seeing every machine and human identity as a new security perimeter is core to creating a strong security posture based on zero trust. Protecting identities deserves just as much attention and intensity as the early wins manufacturers can gain with MFA.
CISOs tell VentureBeat that as they adopt a more robust zero-trust posture in their organizations, they’re also looking to consolidate their tech stacks. The goal many of them are pursuing is to find a cloud-based cybersecurity platform with identity and access management (IAM) integrated at its core. That’s been proving to be a good decision, as CISOs warn that getting IAM right early helps strengthen a security posture fast.
Leading cybersecurity providers that offer an integrated platform include Akamai, Fortinet, Ericom, Ivanti, and Palo Alto Networks. Ericom’s ZTEdge platform combines ML-enabled identity and access management, ZTNA, micro-segmentation and secure web gateway (SWG) with remote browser isolation (RBI).
Think long term when it comes to zero trust in manufacturing
Getting zero trust right in manufacturing is not a one-and-done project. It concentrates on continually strengthening an entire organization’s security posture. The more distributed a manufacturer’s operations, the more advanced integrations and skills using APIs are needed.
For manufacturers targeted by attackers, there is no time to lose. Gaps and open ports in IT and OT systems are easily identified by attackers scanning manufacturers’ networks. For many, there is no security in place for remote access services. There is much work to be done to protect production centers, utilities and the infrastructure they rely on.
Implementing a ZTNA framework doesn’t have to be expensive or require an entire staff. Gartner’s 2022 Market Guide for Zero Trust Network Access is a valuable reference that can help define guardrails for any ZTNA framework.
With every identity a new security perimeter, manufacturers must prioritize ZTNA going into 2023.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.