Manufacturing Security: Managing Machines in Motion

The manufacturing industry — including, but not limited to, automotive, electronics, food and beverage, textile and pharmaceutical companies — depends on production processes running at optimum efficiency to satisfy market demand. What happens when these processes are altered unintentionally or maliciously? The consequences could range from financial loss due to lower productivity to employees being subjected to dangerous work conditions.

Industrial control systems (ICS) consisting of servers that could appear on any network are key to keeping production lines running smoothly. Security gaps exist in many ICS networks because their focus has been primarily on performance and safety, not necessarily cybersecurity.

These systems have also been growing in complexity over the last several years, resulting in large, specialized network infrastructures. Typically, there isn’t a consistent security policy across all systems, which adds to the challenge of managing these complicated environments.

Multiple Layers of Risk in Manufacturing

Manufacturers are also at risk of being the target of industrial and economic espionage, with intellectual property as the prime prize, along with internal operational information. Both offer the potential for significant financial reward to threat actors targeting the industry. Trade secret theft appears to be escalating, and the potential points of entry are multiplied by extensive networks of supply chain partners.

The supply chain can also be the weak point for attacks on the products themselves. For example, the firmware for a vehicle electronic control unit (ECU) could be maliciously modified to malfunction, or an attacker could install a Trojan in the software for an in-vehicle entertainment system. It is important that supply chain managers understand how their suppliers’ cybersecurity practices could affect them and take steps to mitigate those risks.

Prevalent Attack Types

Although running industrial control systems can pose certain security challenges, the manufacturing industry is also affected by the same mainstream attack vectors that most other industries experience. Phishing, drive-by downloads, SQL injection attempts and distributed denial-of-service (DDoS) attacks are all plausible choices on the attack vector menu.

Manufacturers strive to keep their cost footprint down in order to make the highest profit on their products. The challenges of the modern production environment, coupled with the expense required to keep infrastructure secure, can put a strain on competitiveness.

A new IBM research paper focuses on the top attacks detected against this industry in 2015, along with a geographical representation of their origins and targets. We also take a look at how to reduce the attack surface in production ICS environments as well as some general manufacturing best practices to strengthen network controls and policies.

Read the complete research report: Security trends in the manufacturing industry

Share this Article:
Dave McMillen

Senior Threat Researcher, IBM Managed Security Services

Dave brings over 25 years of network security knowledge to IBM. Dave began his career in IBM over 15 years ago where he was part of a core team of six IBMers that created the IBM Emergency Response Service which eventually grew and evolved into Internet Security Systems. As an industry-recognized security expert and thought leader, Dave's background in security is full featured. Dave thrives on identifying threats and developing methods to solve complex problems. His specialties are intrusion detection/prevention, ethical hacking, forensics and analysis of malware and advanced threats. As a member of the IBM MSS Threat Research Team, Dave takes the intelligence he has gathered and turns out immediate tangible remedies that can be implemented within a customer’s network or on IBM MSS's own proprietary detection engines. Dave became interested in security back in the late 1980's and owned and operated a company that provided penetration and vulnerability testing service, one of the first of its kind. As the internet's footprint began to grow, it became clear to him there was a new problem on the horizon; protecting data. Dave worked with WheelGroup (later acquired by Cisco) where he helped develop NetRanger IDS and NetSonar. Dave also assisted with development of the very first IBM intrusion detection system, BillyGoat. Dave also has developed several other security based methods and systems which were patented for IBM.