Safeguarding Comprehensively the Digital Thread from Beginning to End
Introduction
How does digitalization impact the manufacturing industry? Nowadays, whereby digitalization is omnipresent, the manufacturing industry’s embrace of digital technologies is a double-edged sword. While automation, Internet of Things (IoT), and cloud computing streamline operations and boost efficiency, they also expose manufacturers to an amplifying array of cyber threats. Recent unprecedented cyberattacks on industrial giants like Mondelez International, Clorox, Bridgestone Americas, Johnson Controls International PLC, Renault-Nissan-Mitsubishi Alliance, Colonial Pipeline, Applied Materials Inc., Norsk Hydro and JBS Foods Canada[1], alongside with data breaches and massive financial losses, serve as stark reminders that no manufacturer is immune to such attacks by hackers. In order for manufacturers to protect their operations, data, assets, clients and reputation, they must adopt a holistic approach to cybersecurity, addressing vulnerabilities across all domains. This is why the subject matter of this June 2024 Newsletter revolves, among others, around strategies to secure the manufacturing industry’s digital infrastructure.
Before digging deeper into our subject matter, let us briefly circumscribe the basic meaning of the term “manufacturing industry”. In a broad denotation, manufacturing refers to any industry that makes products out of raw materials by the use of manual labor or machinery and that is usually performed systematically through a structured division of labor[2]. Commonly designated as Industry 4.0, the 4th Industrial Revolution is unquestionably heralding an era of tremendous potential for innovation and growth in the manufacturing industry. Nevertheless, it is also bringing new risks and challenges. This is most evident in today’s manufacturing cyber landscape. Henceforth, cybersecurity in the manufacturing industry refers to the practices and controls that manufacturers implement in order to protect sensitive information and ensure the security, integrity, confidentiality and availability of data within their networks, systems and industrial processes.
[1] Artic Wolf. 22nd of March 2024. The Top 10 Manufacturing Industry Cyber Attacks.https://arcticwolf.com/resources/blog/top-8-manufacturing-industry-cyberattacks/
[2] Encyclopedia Britannica. https://www.britannica.com/technology/manufacturing
ICS Security, OT Security, SCADA Security & DCS Security: At the Heart of Manufacturing Production
Industrial Control System (ICS) Security, Operational Technology (OT) Security, Supervisory Control and Data Acquisition (SCADA) Security, and Distributed Control System (DCS) Security are the backbone of the manufacturing industry because they control and monitor critical processes, operations, decision-makings and equipment. Their compromise could have catastrophic consequences, as seen for example in the 2015 Ukrainian power grid attack, where hackers – using the BlackEnergy 3 malware – remotely damaged information systems of three (3) energy distribution companies and which resulted into widespread blackouts for nearly 225,000 customers in Ukraine[1]. Let us now delve succinctly into those fundamental concepts: ICS, OT, SCADA & DCS Security.
[1] CISA – Cybersecurity & Infrastructure Security Agency – America’s Cyber Defense Agency. 20th July 2021. Cyber-Attack Against Ukrainian Critical Infrastructure. https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01
Overview of Industrial Control System (ICS) Security
Industrial Control System (ICS) Security applies to the shielding of industrial control systems. ICS environments include a combination of hardware and software engineered to oversee and manage machinery and processes across a diverse range of industries. ICS systems are intrinsic to the operation of power plants, manufacturing facilities, and other critical infrastructure. Security measures instituted are designed to guard these complex systems against cyber threats, ensuring the integrity of data and the safety and continuous operation of the machinery they control. The core of ICS security is embedded in safeguarding the systems and networks that are integral to industrial operations. Given that ICS environments and control systems are intricately linked with the machinery they manage, security is not just digital. ICS security includes ensuring the physical safety of the operational environment. With the advent of networking and the integration of these systems into broader IT ecosystems, the need for robust security protocols has intensified. Each component, from Programmable Logic Controllers (PLC) to Human-Machine Interfaces (HMIs), requires specific security measures to mitigate the risks of unauthorized access, data breaches, and system malfunctions. A compromise in ICS security does not just risk data integrity but can lead to the disruption of industrial processes, leading to operational downtime, financial losses, and at its extreme, poses threats to human safety. The defense mechanisms and cyber security solutions in place are designed to be both preventive and responsive. This approach ensures potential threats are identified and mitigated before they can impact the system. Responsive measures remain at the ready to contain and neutralize threats that breach initial security perimeters.
How to Protect Industrial Control System (ICS)?
This section is summarized and adapted from two (2) documents identified within the footnotes below[1] [2]. Protecting ICS is crucial to ensure the safety, reliability, and security of critical infrastructure. Here are some feasible steps to defend ICS against cyber threats:
- Assess existing systems: evaluate your current ICS infrastructure to identify vulnerabilities and gaps in security.
- Document policies & procedures: establish clear guidelines for ICS security, including access controls, incident response & disaster recovery.
- Train staff and contractors: educate personnel on security best practices and raise awareness about potential risks.
- Segment the system into zones: divide the ICS network into isolated zones to limit the impact of a security breach.
- Control physical and logical access: restrict access to ICS components, both physically and through network permissions.
- Strengthen different components of the system: configure ICS devices & software with security in mind, applying necessary patches & updates.
- Monitor and maintain the system: continuously inspect network traffic, logs, and system behavior for anomalies.
- Test and audit the system: regularly evaluate ICS security via penetration testing and audits.
[1] Canadian Centre for Cybersecurity. Communications Security Establishment. Security Considerations for Industrial Control Systems. July 2021. https://www.publications.gc.ca/collections/collection_2021/cstc-csec/D97-1-00-050-2021-eng.pdf
[2] U.S. Department of Homeland Security. National Cybersecurity and Communications Integration Center (NCCIC). Seven Strategies to Defend ICS (Click for PDF).
Operational Technology (OT) Security at a Glance
Operational Technology (OT) Security encompasses the implementation of measures and controls to safeguard Operational Technology (OT) Systems from cybersecurity threats. These systems automate and manage industrial processes equipped with specialized software. OT Systems play a crucial role in critical infrastructure management. IT and OT convergence have increased the need for OT Security. Operational Technology (OT) Systems were once isolated and immune to online threats. The integration has resulted in enhanced automation, but also increased vulnerability to cyber threats. OT assets are now part of complex networks, exposing them to threats like malware and ransomware attacks. Security in this domain is complicated by OT Systems diversity, including Industrial Control Systems (ICS) like Supervisory Control and Data Acquisition (SCADA) Systems and Distributed Control Systems (DCS). Breaches can lead to disastrous consequences, including operational downtime, physical damage, and safety risks to personnel and the surrounding environment or community. System compromise can severely impact an organization’s operations and revenue. Security for OT incorporates technologies and practices that protect assets and information, monitor and control physical OT devices, and manage processes and events. For instance, this includes various security technologies and functions, including next-generation firewalls, security information and event management systems, and access control. Despite the complexities introduced by the convergence of IT and OT networks, effective OT Security is possible with comprehensive visibility across the attack surface and implementing security policies tailored to the unique OT environment requirements. The goal of OT Security remains protecting processes, people, and profit while minimizing cybersecurity vulnerabilities and incidents.
How To Safeguard Operational Technology (OT)?
This section is a synopsis of the two (2) documents acknowledged in the footnotes below[1] [2].
Securing operational technology (OT) in the workplace is crucial to prevent cyber threats and maintain stability. Here are some best practices:
- Establish a clear security Policy: define guidelines for OT security, including access controls, authentication, and incident response procedures.
- Conduct regular risk assessments: evaluate vulnerabilities and risks in OT systems and networks periodically.
- Implement security controls: Use firewalls, intrusion detection/prevention systems, and access controls.
- Employ virtual private networks (VPNs) and multi-factor authentication (MFA) for remote work access.
- Monitor for suspicious activity: continuously supervise OT systems and networks for signs of unauthorized access or anomalies.
- Train OT Personnel: educate employees on security awareness and best practices.
[1] Canadian Centre for Cybersecurity. Communications Security Establishment. Protect Your Operational Technology. July 2022.https://www.cyber.gc.ca/sites/default/files/itsap00051-protect-your-operational-technology.pdf
[2] Fortinet. 5 Best Practices for Operational Technology (OT) Security. https://www.fortinet.com/resources/cyberglossary/ot-security-best-practices
Supervisory Control and Data Acquisition (SCADA) Security
Supervisory Control and Data Acquisition (SCADA) Security is focused on protecting Supervisory Control and Data Acquisition Systems, essential for automating and managing complex industrial processes. These networks are instrumental in utilities, manufacturing, and transportation. SCADA Systems are designed for real-time data collection, process monitoring, and operational control. With the adoption of open architectures and IP-based communications, the vulnerability of SCADA systems to cyber threats has increased. This makes security protocols crucial for safeguarding operational integrity and public safety. A comprehensive SCADA Security framework integrates governance, risk management, and compliance controls alongside specific SCADA and data application security measures. It ensures the resilience and adaptability of defenses to counter evolving cyber threats while upholding system availability and process integrity. Third-party vendors are often responsible for developing and maintaining SCADA systems. They are also held to stringent security standards, reinforcing the overall defense architecture. The potential impacts of SCADA breaches are similar to those associated with OT and ICS systems. Consequences include operational disruptions, financial losses, and public safety risks. These systems control and monitor essential services such as water, electricity, and transportation. Consequently, SCADA Security extends beyond data and system protection, linking directly to the uninterrupted provision of critical services and the physical safety of the population.
How to Shield Supervisory Control and Data Acquisition (SCADA) Security?
Shielding SCADA is crucial to ensure its security and reliability. Here are some best practices you can implement[1]:
- Network segmentation and isolation: divide your network into subnetworks or isolated segments using firewalls or Access Control Lists (ACLs). Limit entry points for potential cyber-attackers and detect suspicious activities more easily within various segments.
- Access control measures: implement role-based access control (RBAC) based on user job roles. Use multi-factor authentication (MFA) for stronger security. restrain actions and access to prevent insider threats and facilitate auditing tracking.
- Regular patching and updates: keep SCADA software, devices, and systems up-to-date with security patches. Regularly review and apply updates provided by vendors.
- Intrusion Detection Systems (IDS): deploy IDS to monitor network traffic and detect suspicious behavior. Set up alerts for potential security breaches.
- Security audits and assessments: conduct regular risk assessments and vulnerability scanning. Proactively identify and resolve security gaps.
- Secure communication protocols: use secure communication protocols (e.g.: HTTPS, SSH) to protect data in transit. Avoid relying solely on proprietary protocols.
- Incident Response Planning (IRP): develop an Incident Response Plan (IRP) to handle security incidents effectively. Clearly define roles, responsibilities and communication procedures.
[1] CSE Icon. 7 SCADA Security Best Practices: How to Protect Your Systems. 19th November 2023. https://www.cse-icon.com/scada-security-best-practices/
Distributed Control System (DCS) Security Briefly Explained
A Distributed Control System (DCS) is a Computerized Control System (CCS) that automates and controls an industrial process or a manufacturing plant with may control loops[1]. A DCS system uses multiple sensors and controllers that are distributed throughout the system, rather than a single central computer. This makes the system less susceptible to single points of failures. A DCS is used for continuous and batch processes such as blending, evaporation, filling. Distributed Control Systems (DCSs) are found across a wide range of applications including mining extraction, transportation and processing, chemical manufacturing plants, water treatment and wastewater management, electric power generation plants, and pharmaceutical processing facilities[2].
[1] Eloranta Veli-Pekka, Johannes P. Koskinen, Marko V. Leppänen & Ville M. Reijonen, 9th June 2014. Designing Distributed Control Systems: A Pattern Language Approach,Hard Cover Student Edition, 1st Edition, Wiley & Sons Publishing Company, 512 p.
[2] Raffaello D’Andrea & Geir E. Dullerud, 9th September 2003. “Distributed Control Design for Spatially Interconnected Systems” in IEEE Transactions on Automatic Control. Volume 48, Number 9, IEEE Xplore, pp. 1478-1495. https://ieeexplore.ieee.org/document/1231245/authors#authors
How to Protect Distributed Control System (DCS) Security?
The following practical tips are summarized and adapted from three (3) documents identified within the footnotes below[1] [2] [3]. Securing Distributed Control Systems (DCS) is crucial to prevent espionage, sabotage, and unauthorized access. Here are some key steps to enhance DCS Security:
- Decentralized architecture: design a decentralized system to improve security.
- Avoid single points of failure and reduce the impact of breaches.
- Encryption: use encryption algorithms to protect data both in transit and at rest.
- Encrypt communication channels and any connections to and from applications.
- Access control: implement strong authentication and authorization mechanisms.
- Restrict access to authorized personnel only. Use firewalls to limit access to specific ports and cables.
- Intrusion Detection Systems (IDS): deploy IDS to identify anomalous behavior among network services.
- Monitor for any signs of unauthorized access or suspicious activity.
- Regular testing and updates: Regularly test the system for vulnerabilities.
- Keep software and firmware up-to-date to address known security issues.
[1] RTI Resource Library. RTI Whitepaper. Four Keys to Securing Distributed Control Systems. https://info.rti.com/hubfs/whitepapers/Securing_Distributed_Control_Systems.pdf
[2] Geeks for Geeks Tutorials. Important Topics for Distributed Control Systems. https://www.geeksforgeeks.org/distributed-control-systems/
[3] Canadian Centre for Cybersecurity. Communications Security Establishment. Security Considerations for Industrial Control Systems. July 2021.https://www.cyber.gc.ca/sites/default/files/cyber/2021-07/ITSAP.00.050-Security-considerations-for-industrial-control-systems_e.pdf
Additionally, the Guide to Industrial Control Systems (ICS) Security Including Distributed Control Systems (DCS) Security[1] offers ten (10) comprehensive cybersecurity recommendations specific to mandatory control systems regulating various industries (i.e., ICS) and computerized systems protecting manufacturing plants (i.e., DCS). Such ten (10) valuable protection best practices are clarified as follows:
- Timeliness and Performance Requirements. ICS and DCS are generally time-critical, with the criterion for acceptable levels of delay and jitter dictated by the individual installation. Some systems require reliable, deterministic responses. High throughput is typically not essential to ICS and DCS. In contrast, IT systems typically require high throughput, and they can typically withstand some level of delay and jitter. For some ICS and DCS, automated response time or system response to human interaction is very critical. Some ICS and DCS are built on Real-Time Operating Systems (RTOS), where real-time refers to timeliness requirements. The units of real-time are very application dependent and must be explicitly stated.
- Availability Requirements. Many ICS and DCS processes are continuous in nature. Unexpected outages of systems that control industrial processes are not acceptable. Outages often must be planned and scheduled days or weeks in advance. Exhaustive pre-deployment testing is essential to ensure high availability (i.e., reliability) for the ICS and DCS. Control systems often cannot be easily stopped and started without affecting production. In some cases, the products being produced or equipment being used is more important than the information being relayed. Therefore, the use of typical IT strategies such as rebooting a component, are usually not acceptable solutions due to the adverse impact on the requirements for high availability, reliability and maintainability of the ICS and DCS. Some ICS and DCS employ redundant components, often running in parallel, to provide continuity when primary components are unavailable.
- Physical Effects. ICS and DCS field devices (e.g., PLC, operator station, DCS controller) are directly responsible for controlling physical processes. ICS and DCS can have very complex interactions with physical processes and consequences in the ICS and DCS domain that can manifest in physical events. Understanding these potential physical effects often requires communication between experts in control systems and in the particular physical domain.
- System Operation. ICS and DCS Operating Systems (OS) and control networks are often quite different from IT counterparts, requiring different skill sets, experience, and levels of expertise. Control networks are typically managed by control engineers, not IT personnel. Assumptions that differences are not significant can have disastrous consequences on system operations.
- Resource Constraints. ICS and DCS and their real time OSs are often resource-constrained systems that do not include typical contemporary IT security capabilities. Legacy systems are often lacking resources common on modern IT systems. Many systems may not have desired features including encryption capabilities, error logging, and password protection. Indiscriminate use of IT security practices in ICS and DCS may cause availability and timing disruptions. There may not be computing resources available on ICS and DCS components to retrofit these systems with current security capabilities. Adding resources or features may not be possible.
- Communications. Communication protocols and media used by ICS and DCS environments for field device control and intra-processor communication are typically different from most IT environments, and may be proprietary.
- Change Management. Change management is paramount to maintaining the integrity of both IT and control systems. Unpatched software represents one of the greatest vulnerabilities to a system. Software updates on IT systems, including security patches, are typically applied in a timely fashion based on appropriate security policy and procedures. In addition, these procedures are often automated using server-based tools. Software updates on ICS and DCS cannot always be implemented on a timely basis. These updates need to be thoroughly tested by both the vendor of the industrial control application and the end user of the application before being implemented. Furthermore, the ICS and DCS owners must plan and schedule ICS and DCS outages days/weeks in advance. The ICS and DCS may also require revalidation as part of the update process. Another issue is that many ICS and DCS utilize older versions of operating systems that are no longer supported by the vendor. Consequently, available patches may not be applicable. Change management is also applicable to hardware and firmware. The change management process, when applied to ICS and DCS, requires careful assessment by ICS and DCS experts (e.g.: control engineers) working in conjunction with security and IT personnel.
- Managed Support. Typical IT systems allow for diversified support styles, perhaps supporting disparate but interconnected technology architectures. For ICS and DCS, service support is sometimes via a single vendor, which may not have a diversified and interoperable support solution from another vendor. In some instances, third-party security solutions are not allowed due to ICS and DCS vendor licenses and service agreements, and loss of service support can occur if third party applications are installed without vendor acknowledgement or approval.
- Component Lifetime. Typical IT components have a lifetime on the order of 3 to 5 years, with brevity due to the quick evolution of technology. For ICS and DCS where technology has been developed in many cases for very specific use and implementation, the lifetime of the deployed technology is often in the order of 10 to 15 years and sometimes longer.
- Component Location. Most IT components and some ICS and DCS are located in business and commercial facilities physically accessible by local transportation. Remote locations may be utilized for backup facilities. Distributed ICS and DCS components may be isolated, remote, and require extensive transportation effort to reach. Component location also needs to consider necessary physical and environmental security measures.
[1] U.S Department of Commerce. National Institute of Standards and Technology (NIST). Guide to Industrial Control Systems (ICS) Security Including Distributed Control Systems (DCS) Security. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
Differentiations but Intersections Between OT, ICS and SCADA Security
Operational Technology (OT) Security
OT Security focuses on securing the systems that manage, monitor, and control industrial operations, particularly in the context of increased connectivity and integration with information technology systems. It encompasses a wide range of systems, including ICS and SCADA, and is concerned with protecting people, processes, and profit from cybersecurity threats.
Industrial Control Systems (ICS) Security
ICS Security is more specialized. It specifically focuses on the systems that directly control industrial processes and machinery. These systems are essential to the operation of various sectors, from power generation to manufacturing. The security of ICS is paramount because the consequences of breaches are severe. Each component within an ICS network, from PLCs to HMIs, needs tailored security measures to counteract the unique threats they face due to their operational and network integration.
Supervisory Control & Data Acquisition (SCADA) Security
SCADA Security is a subset of ICS Security, focusing particularly on the systems used for real-time data acquisition, process control, and monitoring in various industrial settings. The security of SCADA is accentuated by its real-time operational needs and the critical services it supports. It is inherently connected to public safety and service continuity, demanding a multi-faceted approach that integrates governance, risk management, and compliance controls alongside technical and physical security measures.
What Are the Main Dissimilarities Between OT, ICS and SCADA Security?
Below are the main dissimilarities between Operational Technology (OT) Security, Industrial Control System (ICS) Security, and Supervisory Control and Data Acquisition (SCADA) Security.
OT vs. ICS vs. SCADA Security
Operational Technology (OT) Security
- Covers a wide range of systems.
- Protects people, processes & profits.
- Defends against online threats.
- Manages physical devise & processes.
Industrial Control Systems (ICS) Security
- Focusses on industrial machine control.
- Ensures data integrity and machinery safety.
- Links to physical safety.
- Utilizes preventative & responsive defenses.
Supervisory Control & Data Acquisition (SCADA) Security
- Centers on real-time data & control.
- Involves risk & compliance management.
- Essential for national/domestic security.
- Focusses on public safety & services continuity.
Important Fortification Strategies for ICS, OT and SCADA Security
- Network segmentation to isolate ICS, OT and SCADA Security from less secure networks.
- Intrusion detection systems (IDS) to monitor for anomalies.
- Regular vulnerability assessments and patching.
- Strict controls and strong authentication (e.g.: MFA) for remote access.
How To Safeguard Your Manufacturing Company Against Cyber Threats?
There is no singular tool or approach that will keep your manufacturing company safe. Just as IoT devices speak to endpoints which connect to users across the world, who then transmit data up and down the supply chain, a comprehensive cybersecurity approach is as complicated as your operations, and it should be one that considers every aspect of an organization’s environment and how each part interacts with another. Some useful steps a manufacturing company can take to improve its security journey and protect their valuable data include:
- Invest in 24/7 monitoring that offers broad visibility into your organization’s environment. Given that you cannot protect what you cannot see, implementing a tool that offers eyes on everything can go a long way in not only evaluating your own security architecture, but fast action when an incident occurs.
- Practice strong identity security, including following zero trust guidelines and implementing multi-factor authentication (MFA). As organizations digitize, identities become the new firewalls, holding the credentials that can stop threat actors, or let them enter an environment with ease. By implementing strong Identity and Access Management (IAM) and ensuring that your monitoring software includes Identity Threat Detection and Response Capabilities (ITDR), your organization can reinforce your environment by protecting user identities.
- Employ user awareness training to reduce human risk. You can strengthen identities through techniques and tools, but tools cannot stop an employee from clicking on a phishing email and opening the door to malware. By implementing Security Awareness Training that offers relevant, industry-specific content, relies on micro-learning techniques, and works with compliance requirements, your business can reduce human risk while increasing resilience.
- Work with a trusted cybersecurity partner. When it comes to reducing cyber risk, no organization can do it alone. By working with a Cybersecurity Operations Partner who is well versed in the threats, compliance, and security needs of your manufacturing company, and who can help you with detection, response, and risk management, your IT team can focus on what matters, knowing that protection work is being continually done to fortify your attack surface.
Manufacturing Companies IT Systems: The Brain of Manufacturing Operations
Manufacturing companies IT systems store valuable business data, from financial records to intellectual property. A breach, such as the 2020 ransomware attack on Norsk Hydro[1], can disrupt operations and cause significant financial losses. As a matter of fact, the breach affected all 35,000 Norsk Hydro employees across 40 countries, locking the files on thousands of servers and PCs. The financial impact amounted to $71 million. All of that damage had been set in motion three (3) months earlier when one employee unknowingly opened an infected email from a trusted customer. That allowed hackers to invade the IT infrastructure and covertly plant their virus.
Essential Protection Approaches for Manufacturing Companies IT Systems
- Robust endpoint security (antivirus, firewalls).
- Rigorous patch management.
- Strong access controls (strong passwords, MFA, least privilege).
- Comprehensive employee cybersecurity training.
[1] Microsoft News. https://news.microsoft.com/source/features/digital-transformation/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/
NIST Cybersecurity Framework Manufacturing Profile
The NIST Cybersecurity Framework Manufacturing Profile[1] provides a very handy framework for protecting both IT and OT infrastructure. As the Internal Report observes: the reliance on technology, communication, and interconnectivity of ICS (Industrial Control System) and IT systems has changed and expanded the potential vulnerabilities and increased potential risk to manufacturing system operations. NIST takes a broad view of manufacturers, addressing the needs of process-based manufacturers, both continuous and batch, as well as the needs of discrete-based manufacturers. The Manufacturing Profile builds on the five (5) concurrent and continuous functions at the core of the NIST Cybersecurity Framework, namely:
- Identify
- Protect
- Detect
- Respond
- Recover
The Manufacturing Profile of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and manufacturing industry best practices.
The Manufacturing Profile of the Cybersecurity Framework gives:
- Manufacturing companies a method to identify opportunities for improving the current cybersecurity posture of their manufacturing systems.
- Manufacturing organizations an evaluation of their ability to operate the Industry Control System (ICS) environment at their acceptable risk level.
- Manufacturing companies a standardized approach to prepare the cybersecurity plan for ongoing assurance of the manufacturing systems security (ICS, OT & SCADA).
[1] U.S Department of Commerce. National Institute of Standards and Technology (NIST). NIST Internal Report 8153 – Cybersecurity Framework Manufacturing Profile. https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8183.pdf
The five (5) functions of the NIST Cybersecurity Framework Manufacturing Profile can be performed concurrently and continuously to form an operational culture that addresses the dynamic cybersecurity risks of the manufacturing industry. Below are those five (5) concurrent and continuous functions in a table format:
Functions & Categories of the Manufacturing Industry Cybersecurity Framework
FUNCTIONS UNIQUE IDENTIFIERS | FUNCTIONS |
CATEGORIES UNIQUE IDENTIFIERS |
CATEGORIES |
ID |
IDENTIFY |
ID.AM |
Asset Management |
ID.BE |
Business Environment |
||
ID.GV |
Governance |
||
ID.RA |
Risk Assessment |
||
ID.RM |
Risk Management Strategy |
||
PR |
PROTECT |
PR.AC |
Access Control |
PR.AT |
Awareness and Training |
||
PR.DS |
Data Security |
||
PR.IP |
Information Protection Processes & Procedures |
||
PR.MA |
Maintenance |
||
PR.PT |
Protective Technology |
||
DE |
DETECT |
DE.AE |
Anomalies and Events |
DE.CM |
Security Continuous Monitoring |
||
DE.DP |
Detection Processes |
||
RS |
RESPOND |
RS.RP |
Response Planning |
RS.CO |
Communications |
||
RS.AN |
Analysis |
||
RS.MI |
Mitigation |
||
RS.IM |
Improvements |
||
RC |
RECOVER |
RC.RP |
Recovery Planning |
RC.IM |
Improvements |
||
RC.CO |
Communications |
The above five (5) functions of the Manufacturing Industry Cybersecurity Framework are briefly explained as follows:
Function I: IDENTIFY – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Manufacturing Industry Cybersecurity Framework. Understanding the business context, the resources that support critical functions and the related cybersecurity risks enables a manufacturing company to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.
Function II: PROTECT – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services within the Manufacturing Industry. The activities in the Protect Function support the ability to limit or contain the impact of a potential cybersecurity events which may have serious consequences on the systems, data and capabilities of the manufacturing sector. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
Function III: DETECT – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity events. The activities in the Detect Function enable timely discovery of cybersecurity incidents, thereby preventing the occurrence of serious harm to the systems, data, assets and capabilities of a manufacturing company. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
Function IV: RESPOND – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The activities in the Respond Function support the ability to contain the impact of a potential cybersecurity incident from damaging the systems, data, assets and capabilities of a manufacturing company. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.
Function V: RECOVER – Develop and implement the appropriate activities to maintain plans for resilience and to restore any resources or services that were impaired due to a cybersecurity event. The activities in the Recover Function support timely recovery to normal operations in order to reduce the impact a cybersecurity from incident harming systems, data, assets and capabilities of a manufacturing company. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
Conclusion
Is cybersecurity important for the manufacturing industry? Cybersecurity is indeed gaining more and more importance in the manufacturing sector because of the following emerging realities:
- Increasing Cyber Threats: the manufacturing sector is facing an expanding number of cyberattacks. In 2022, it had the highest share of cyber incidents among leading industries worldwide. These cyber threats keep on escalating, with a 15% increase in the third quarter of 2023 compared to the previous period[1].
- Phishing, Vishing and Smishing Attacks: cybercriminals are using deceptive emails, smartphones and SMS attacks to trick employees into revealing sensitive information.
- Ransomwares: more and more malicious software are encrypting data and demanding payment for decryption.
- Intellectual Property Theft: cyber-attackers are stealing valuable trade secrets and industrial designs.
- Supply Chain Attacks: vulnerabilities in suppliers’ systems are impacting manufactures.
- Industrial IoT Attacks: connected devices in factories are becoming more and more potential targets.
- Strategic Investment: manufacturers must prioritize cybersecurity as an imperative, not just as a defensive measure. By involving stakeholders and considering people, processes and technologies, companies can create significant value while safeguarding their industrial operations.
Concisely speaking, cybersecurity is crucial for the digital transformation of the manufacturing industry because it will help manufacturing companies to protect themselves against more and more sophisticated cyberattacks, business disruptions, intellectual property theft, and financial losses. The ultimate sustainability of factories requires proactive actions today.
[1] World Economic Forum. How Advanced Manufacturing Can Improve Supply Chain Resilience and Cybersecurity? 31st January 2024. https://www.weforum.org/agenda/2024/01/advanced-manufacturing-improve-supply-chain-resilience-cybersecurity/
Resources and References
Artic Wolf. 22nd of March 2024. The Top 10 Manufacturing Industry Cyber Attacks. https://arcticwolf.com/resources/blog/top-8-manufacturing-industry-cyberattacks/
Encyclopedia Britannica. https://www.britannica.com/technology/manufacturing
Palo Alto Networks Cyberpedia – Network Security. What Are the Differences Between OT, ICS & SCADA Security? https://www.paloaltonetworks.com/cyberpedia/ot-vs-ics-vs-scada-security
CISA – Cybersecurity & Infrastructure Security Agency – America’s Cyber Defense Agency. 20th July 2021.Cyber-Attack Against Ukrainian Critical Infrastructure. https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01
Canadian Centre for Cybersecurity. Communications Security Establishment. Security Considerations for Industrial Control Systems (ICS). July 2021. https://www.publications.gc.ca/collections/collection_2021/cstc-csec/D97-1-00-050-2021-eng.pdf
U.S. Department of Homeland Security. National Cybersecurity and Communications Integration Center (NCCIC). Seven Strategies to Defend ICS. (Click for PDF)
Canadian Centre for Cybersecurity. Communications Security Establishment. Protect Your Operational Technology. July 2022. https://www.cyber.gc.ca/sites/default/files/itsap00051-protect-your-operational-technology.pdf
Fortinet. 5 Best Practices for Operational Technology (OT) Security. https://www.fortinet.com/resources/cyberglossary/ot-security-best-practices
CSE Icon. 7 SCADA Security Best Practices: How to Protect Your Systems. 19th November 2023. https://www.cse-icon.com/scada-security-best-practices/
Eloranta Veli-Pekka, Johannes P. Koskinen, Marko V. Leppänen & Ville M. Reijonen, 9th June 2014. Designing Distributed Control Systems: A Pattern Language Approach, Hard Cover Student Edition, 1st Edition, Wiley & Sons Publishing Company, 512 p.
Raffaello D’Andrea & Geir E. Dullerud, 9th September 2003. “Distributed Control Design for Spatially Interconnected Systems”, scientific paper published in IEEE Transactions on Automatic Control. Volume 48, Number 9, IEEE Xplore, pp. 1478-1495. https://ieeexplore.ieee.org/document/1231245/authors#authors
RTI Resource Library. RTI Whitepaper. Four Keys to Securing Distributed Control Systems. https://info.rti.com/hubfs/whitepapers/Securing_Distributed_Control_Systems.pdf
Geeks for Geeks Tutorials. Important Topics for Distributed Control Systems. https://www.geeksforgeeks.org/distributed-control-systems/
Canadian Centre for Cybersecurity. Communications Security Establishment. Security Considerations for Industrial Control Systems. July 2021. https://www.cyber.gc.ca/sites/default/files/cyber/2021-07/ITSAP.00.050-Security-considerations-for-industrial-control-systems_e.pdf
U.S Department of Commerce. National Institute of Standards and Technology (NIST). Guide to Industrial Control Systems (ICS) Security Including Distributed Control Systems (DCS) Security. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
Microsoft News. https://news.microsoft.com/source/features/digital-transformation/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/
U.S Department of Commerce. National Institute of Standards and Technology (NIST). NIST Internal Report 8153 – Cybersecurity Framework Manufacturing Profile https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8183.pdf .
World Economic Forum. How Advanced Manufacturing Can Improve Supply Chain Resilience and Cybersecurity? 31st January 2024. https://www.weforum.org/agenda/2024/01/advanced-manufacturing-improve-supply-chain-resilience-cybersecurity/
Contributions
Special thanks for the financial support of the National Research Council Canada and its Industrial Research Assistance Program (IRAP).
Authors: Peter Skaronis et al.
Executive Editor: Alan Bernardi
Reviser, Proofreader & Translator: Ravi Jay Gunnoo