Vicki A. Barbur, Ph.D.08.12.16
Introduction:
Identity theft—none of us wants to think about it, yet we all know it exists and when it happens, it can be devastating for the individual. Cyber attacks likewise on an enterprise and/or its Industrial Control System (ICS) architecture are increasing in frequency and the after effects can be equally damaging for companies of all sizes, small, medium or large. The Center for Strategic and International Studies (https://www.csis.org), a Washington D.C. policy research group, and McAfee (http://www.mcafee.com/us/index.html), the technology security firm, carried out a recent study and identified the annual cost of cybercrime to the world economy at more than $400 billion, notwithstanding the broader impact on business reputations and personal lives. Moreover, Gartner (http://www.gartner.com/technology/topics/digital-risk-security.jsp ) estimates that globally there are over 500,000 cyber attacks every day and that spending to overcome these cyber attacks hit $86 billion in 2015.
So although it is expected that Fortune 500 companies will have invested significantly in their infrastructure, eliminated legacy systems and introduced relevant ‘patches’ to ward off any problems, they still remain targets. Small to mid-size companies may not have had the benefit of this type of investment, and ultimately in the interests of business returns, they have left gaps that could present increased problems, which are rife for potential attack vector sites that could impact them in the future. Study data supports these assertions in that it has been reported small companies, with annual revenues less than $100 million, reduced security spending by 20% in 2014, while medium—those with revenues of $100 million to $999 million—and large companies increased security investments by 5%, so who is most at risk?
(http://www.pwc.com/gx/en/consulting-services/information-security-survey/).
Be Aware of Significant vVulnerabilities:
Using the ‘Cloud’ provides the proverbial linkage between the shop floor, the manufacturing infrastructure, the business enterprise, and the external world. It provides the prospect for a complete and accurate ‘real-time’ view not only into the business enterprise, but also into ‘smart’ factory floor manufacturing networks. It aids ‘real’ time production control and remote system access for employees, suppliers and service maintenance vendors. Glavach (1) discusses a methodology for ensuring manufacturing resiliency. He advocates that establishing the appropriate Service Level Agreements (SLA) with a ‘Trust (meets security responsibilities) and Verify (meets security requirements)’ approach is an appropriate way to minimize attack vectors. This line of defense protects initial system vulnerabilities, around data loss, unauthorized access, encryption protocols, and disrupted availability for both the enterprise and the shop-floor. In this scenario, it is important to recognize that:
Data are extremely valuable,
Attacks are low risk yet represent high return opportunities,
All network installations are easy targets,
Routine business issues often take priority over cyber security, and
Threats today are more sophisticated, penetrate further and are more difficult to neutralize.
Be Aware of Your Own Attack Vectors:
The Global Enterprise within companies overall often falls victim to internal and external threats. Security breaches and resulting compromises are now known to be one of businesses most significant and often unappreciated risk factors. Several cyber attacks on well-known companies, e.g., The Home Depot, Target and Sony, indicate that no-one is immune; the payback can be injurious in terms of trust (even when the attack is not of one’s own doing), reputation, lost business, time-consuming audits and assessments to put in place those preventative attributes which should have been present previously, and which would have prevented the avoidable loss of information or malicious entry into the system to reap havoc on, for example, in the case of a manufacturing company, production – quality and performance.
Often the most significant, yet overlooked, vulnerabilities are presented internally to the company, so understanding the robustness of the operational systems to these internal threats can eliminate potential unexpected problems. Several recent and well respected surveys have shown that often employees do not fully understand the value of information. For example,
Over 50% of employees did not appreciate the consequence of company information loss,
Some 50% of employees have access to company Intellectual Property (IP) that they themselves deem is above their pay grade,
Lack of understanding is readily acknowledged in the boardroom, where the value of company information is often inadequately understood, and
Senior managers themselves do not see the significance of the ‘threat’.
An Insider Threat Vulnerability Assessment (similar in principal to an Enterprise Risk Management (ERM) Assessment) is one way forward whereby a team determines where the company is vulnerable to insider threats, and recommends company-specific solutions to reduce or minimize such risks. This assessment typically takes the form of interviews with Information Technology (IT) Departments, Human Resource (HR) Departments, data owners in both the Enterprise and Operational landscapes, procurement, contracts, security and counsel to identify assets, practices, culture, workforce issues and other factors affecting risks and solutions.
The outcome will be a series of recommendations with company-specific solutions to mitigate the risks quickly. Waurzyniak (2) has forecasted that companies would overcome cybersecurity concerns and embrace the cloud with little hesitation.
The manufacturing industry, unlike the banking industry that has moved more quickly into the digital age, is not federally insured, and therefore there is heightened sensitivity in this domain.
In 2014, for example, records show that out of the total number of cyber incidents reported, some 27% were associated with the manufacturing sector, some of which were from ICS equipment manufacturers, yet notably compared with only 1% in the finance industry. There are a variety of reasons why the ICS community is a likely target for threat attacks for several reasons including economic espionage and reconnaissance. Incidents themselves spread across a range of intrusion points and represent a variety of methodologies for attempting to gain access to both the business and the operational environments, including by way of example, the following:
Unauthorized access and exploitation of internet facing ICS/Supervisory Control and Data Acquisition (SCADA) devices,
Exploitation of zero-day vulnerabilities in control system devices and software,
Malware infections within air-gapped control system networks,
SQL injection via exploitation of web application vulnerabilities,
Lateral movement between network zones,
Targeted spear-phishing campaigns,
Network scanning and probing, and
Strategic web site compromises.
The nonwovens manufacturing industry is not in any way immune to the issues discussed in this article. The industry consists of a portfolio of companies, some small, some mid-size and some large – so spans the breadth of the spectrum, yet as shown, the vulnerabilities exist to different degrees in all entities. Manufacturing systems and other equipment installations have become ‘smarter’ with advances in technology. Embedded sensors provide routine monitoring yet often now via wireless infrastructures. In addition, maintenance is often carried out by accessing a system remotely, perhaps from an outside vendor, and maybe even located in a different country. Parameters are fed into the factory floor networks to capture raw material properties; process conditions are set digitally, and then systems rely extensively on feedback control loops to deliver first class, high quality, product meeting specifications. It is assumed that the digital display readouts are appropriately reflecting the system performance.
Breach points exist in the system at several interfaces in a ‘digital’ production chain, often referred to nowadays as the ‘Digital Thread’ or ‘Digital Canvas.’ If any of these entry points are infiltrated, namely, the raw material characteristics, the process parameters, the design specifications, are manipulated, or altered to introduce undetected changes manually to the underlying specified input parameters, then the resulting product would be compromised in a number of ways.
If, with progress, companies now rely mostly on ‘in-line’ release, and ‘end of line’ testing is only by audit, these inappropriate perturbations in the system will be overlooked, and as a result, process integrity and product authenticity, robustness and consistency, will be compromised, and the supply chain will likely be impacted significantly.
Currently, there are some recommendations in terms of Best Practices that can help all companies ensure tighter boundaries and reduce the propensity for cyber attacks:
Be vigilant to threats from insiders and business partners through an enterprise-wide risk assessment,
Document and consistently enforce policies and controls,
Ensure insider threat awareness is included in periodic security training for all employees,
Routinely monitor and respond to suspicious or disruptive behavior,
Anticipate and manage negative issues in the work environment,
Understand the company’s assets,
Employ rigorous password and account management policies and practices,
Require separation of duties,
Identify explicit security agreements for any cloud services, especially with respect to access restrictions and monitoring capabilities,
Deploy rigorous access controls and monitoring policies on users,
Institutionalize system change controls,
Scrutinize and control remote access from all end points, including mobile devices,
Execute a routine, secure backup and recovery processes procedure,
Determine a baseline of normal network device behavior, and
Manage use of social media in the workplace.
Be Aware of What Can be Done to Overcome the Issues:
Companies are often their own worst enemy; high-profile data breaches and access to information continues to expand while mobile devices in the workplace have proven to be an insatiable target for cyber attackers, hence, more and more malware is targeting the mobile platforms.
Attacks on mobile devices undoubtedly spill over to target the enterprise infrastructure; where users unknowingly download malware and then in turn introduce malware inside a company’s perimeter, often designed to extract and transfer confidential data, perhaps related to confidential manufacturing processes.
An additional concern in the new digital workspace is therefore the use of and deployment of mobile device platforms, and creeping up slowly, although not far behind, is the use of wearable wireless devices, not only health monitoring devices, yet also the recently launched Microsoft ‘HoloLens’ (https://www.microsoft.com/microsoft-hololens/en-us) which can be used in a manufacturing environment to supplement maintenance training and development. Developing and deploying a rigorous process for managing these platforms, in advance of any roll-out, will be essential going forward so as to combine the value of technology advancements with the right corporate framework and protocols to create appropriate barriers and deter intrusion.
Attempts to improve systems, close gaps, minimize attack vectors, are ongoing, yet cyber threats are complex and often unique so routinely outpace the attempts to ‘lock-up’ the networks. Unfortunately, there is no standard approach, each attack needs to be addressed separately at present so until there is industry specific tailoring, these issues will persist.
Even geographically, differences occur yet these issues are sometimes beyond the technical and business focus for many small to mid-sized companies. There are several country-wise initiatives ongoing currently to assess the standardization issues with respect to the responses and focusing on gap closure, namely:
NIST (National Institute of Standards and Testing) - Framework for Improving Critical Infrastructure Cybersecurity – continues to be in development (http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf )
NDIA (National Defense Industrial Association) - Cyber Security for Advanced Manufacturing - Identifying gap closure initiatives (http://www.ndia.org/Divisions/Divisions/Manufacturing/Documents/519B/3-150219-McGrath-NDIA-Mfg-Div-Cybersecurity-Update.pdf )
Nevertheless, carrying out an in-depth assessment of the enterprise, and more importantly, the potential vulnerabilities that exist on the factory floor of a manufacturing company, is essential to begin this process of protection. Above all, understanding the possible weak zones presented from an insider threat perspective is a key first step into a complex but more secure landscape.
References:
1. Trust and verify is key to manufacturing cyber resilience – Glavach, D., (2015) SME (https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20AM%20Now%20Concurrent%20Tech.pdf)
2. Locking down the factory Floor –Waurzyniak, P., (2015) SME (https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20f2%20Cybersecurity.pdf)
About the author: Vicki Barbur works with companies in their efforts to promote innovation through portfolio management and technology partnering, and can be reached at vbarbur@gmail.com.
Identity theft—none of us wants to think about it, yet we all know it exists and when it happens, it can be devastating for the individual. Cyber attacks likewise on an enterprise and/or its Industrial Control System (ICS) architecture are increasing in frequency and the after effects can be equally damaging for companies of all sizes, small, medium or large. The Center for Strategic and International Studies (https://www.csis.org), a Washington D.C. policy research group, and McAfee (http://www.mcafee.com/us/index.html), the technology security firm, carried out a recent study and identified the annual cost of cybercrime to the world economy at more than $400 billion, notwithstanding the broader impact on business reputations and personal lives. Moreover, Gartner (http://www.gartner.com/technology/topics/digital-risk-security.jsp ) estimates that globally there are over 500,000 cyber attacks every day and that spending to overcome these cyber attacks hit $86 billion in 2015.
So although it is expected that Fortune 500 companies will have invested significantly in their infrastructure, eliminated legacy systems and introduced relevant ‘patches’ to ward off any problems, they still remain targets. Small to mid-size companies may not have had the benefit of this type of investment, and ultimately in the interests of business returns, they have left gaps that could present increased problems, which are rife for potential attack vector sites that could impact them in the future. Study data supports these assertions in that it has been reported small companies, with annual revenues less than $100 million, reduced security spending by 20% in 2014, while medium—those with revenues of $100 million to $999 million—and large companies increased security investments by 5%, so who is most at risk?
(http://www.pwc.com/gx/en/consulting-services/information-security-survey/).
Be Aware of Significant vVulnerabilities:
Using the ‘Cloud’ provides the proverbial linkage between the shop floor, the manufacturing infrastructure, the business enterprise, and the external world. It provides the prospect for a complete and accurate ‘real-time’ view not only into the business enterprise, but also into ‘smart’ factory floor manufacturing networks. It aids ‘real’ time production control and remote system access for employees, suppliers and service maintenance vendors. Glavach (1) discusses a methodology for ensuring manufacturing resiliency. He advocates that establishing the appropriate Service Level Agreements (SLA) with a ‘Trust (meets security responsibilities) and Verify (meets security requirements)’ approach is an appropriate way to minimize attack vectors. This line of defense protects initial system vulnerabilities, around data loss, unauthorized access, encryption protocols, and disrupted availability for both the enterprise and the shop-floor. In this scenario, it is important to recognize that:
Data are extremely valuable,
Attacks are low risk yet represent high return opportunities,
All network installations are easy targets,
Routine business issues often take priority over cyber security, and
Threats today are more sophisticated, penetrate further and are more difficult to neutralize.
Be Aware of Your Own Attack Vectors:
The Global Enterprise within companies overall often falls victim to internal and external threats. Security breaches and resulting compromises are now known to be one of businesses most significant and often unappreciated risk factors. Several cyber attacks on well-known companies, e.g., The Home Depot, Target and Sony, indicate that no-one is immune; the payback can be injurious in terms of trust (even when the attack is not of one’s own doing), reputation, lost business, time-consuming audits and assessments to put in place those preventative attributes which should have been present previously, and which would have prevented the avoidable loss of information or malicious entry into the system to reap havoc on, for example, in the case of a manufacturing company, production – quality and performance.
Often the most significant, yet overlooked, vulnerabilities are presented internally to the company, so understanding the robustness of the operational systems to these internal threats can eliminate potential unexpected problems. Several recent and well respected surveys have shown that often employees do not fully understand the value of information. For example,
Over 50% of employees did not appreciate the consequence of company information loss,
Some 50% of employees have access to company Intellectual Property (IP) that they themselves deem is above their pay grade,
Lack of understanding is readily acknowledged in the boardroom, where the value of company information is often inadequately understood, and
Senior managers themselves do not see the significance of the ‘threat’.
An Insider Threat Vulnerability Assessment (similar in principal to an Enterprise Risk Management (ERM) Assessment) is one way forward whereby a team determines where the company is vulnerable to insider threats, and recommends company-specific solutions to reduce or minimize such risks. This assessment typically takes the form of interviews with Information Technology (IT) Departments, Human Resource (HR) Departments, data owners in both the Enterprise and Operational landscapes, procurement, contracts, security and counsel to identify assets, practices, culture, workforce issues and other factors affecting risks and solutions.
The outcome will be a series of recommendations with company-specific solutions to mitigate the risks quickly. Waurzyniak (2) has forecasted that companies would overcome cybersecurity concerns and embrace the cloud with little hesitation.
The manufacturing industry, unlike the banking industry that has moved more quickly into the digital age, is not federally insured, and therefore there is heightened sensitivity in this domain.
In 2014, for example, records show that out of the total number of cyber incidents reported, some 27% were associated with the manufacturing sector, some of which were from ICS equipment manufacturers, yet notably compared with only 1% in the finance industry. There are a variety of reasons why the ICS community is a likely target for threat attacks for several reasons including economic espionage and reconnaissance. Incidents themselves spread across a range of intrusion points and represent a variety of methodologies for attempting to gain access to both the business and the operational environments, including by way of example, the following:
Unauthorized access and exploitation of internet facing ICS/Supervisory Control and Data Acquisition (SCADA) devices,
Exploitation of zero-day vulnerabilities in control system devices and software,
Malware infections within air-gapped control system networks,
SQL injection via exploitation of web application vulnerabilities,
Lateral movement between network zones,
Targeted spear-phishing campaigns,
Network scanning and probing, and
Strategic web site compromises.
The nonwovens manufacturing industry is not in any way immune to the issues discussed in this article. The industry consists of a portfolio of companies, some small, some mid-size and some large – so spans the breadth of the spectrum, yet as shown, the vulnerabilities exist to different degrees in all entities. Manufacturing systems and other equipment installations have become ‘smarter’ with advances in technology. Embedded sensors provide routine monitoring yet often now via wireless infrastructures. In addition, maintenance is often carried out by accessing a system remotely, perhaps from an outside vendor, and maybe even located in a different country. Parameters are fed into the factory floor networks to capture raw material properties; process conditions are set digitally, and then systems rely extensively on feedback control loops to deliver first class, high quality, product meeting specifications. It is assumed that the digital display readouts are appropriately reflecting the system performance.
Breach points exist in the system at several interfaces in a ‘digital’ production chain, often referred to nowadays as the ‘Digital Thread’ or ‘Digital Canvas.’ If any of these entry points are infiltrated, namely, the raw material characteristics, the process parameters, the design specifications, are manipulated, or altered to introduce undetected changes manually to the underlying specified input parameters, then the resulting product would be compromised in a number of ways.
If, with progress, companies now rely mostly on ‘in-line’ release, and ‘end of line’ testing is only by audit, these inappropriate perturbations in the system will be overlooked, and as a result, process integrity and product authenticity, robustness and consistency, will be compromised, and the supply chain will likely be impacted significantly.
Currently, there are some recommendations in terms of Best Practices that can help all companies ensure tighter boundaries and reduce the propensity for cyber attacks:
Be vigilant to threats from insiders and business partners through an enterprise-wide risk assessment,
Document and consistently enforce policies and controls,
Ensure insider threat awareness is included in periodic security training for all employees,
Routinely monitor and respond to suspicious or disruptive behavior,
Anticipate and manage negative issues in the work environment,
Understand the company’s assets,
Employ rigorous password and account management policies and practices,
Require separation of duties,
Identify explicit security agreements for any cloud services, especially with respect to access restrictions and monitoring capabilities,
Deploy rigorous access controls and monitoring policies on users,
Institutionalize system change controls,
Scrutinize and control remote access from all end points, including mobile devices,
Execute a routine, secure backup and recovery processes procedure,
Determine a baseline of normal network device behavior, and
Manage use of social media in the workplace.
Be Aware of What Can be Done to Overcome the Issues:
Companies are often their own worst enemy; high-profile data breaches and access to information continues to expand while mobile devices in the workplace have proven to be an insatiable target for cyber attackers, hence, more and more malware is targeting the mobile platforms.
Attacks on mobile devices undoubtedly spill over to target the enterprise infrastructure; where users unknowingly download malware and then in turn introduce malware inside a company’s perimeter, often designed to extract and transfer confidential data, perhaps related to confidential manufacturing processes.
An additional concern in the new digital workspace is therefore the use of and deployment of mobile device platforms, and creeping up slowly, although not far behind, is the use of wearable wireless devices, not only health monitoring devices, yet also the recently launched Microsoft ‘HoloLens’ (https://www.microsoft.com/microsoft-hololens/en-us) which can be used in a manufacturing environment to supplement maintenance training and development. Developing and deploying a rigorous process for managing these platforms, in advance of any roll-out, will be essential going forward so as to combine the value of technology advancements with the right corporate framework and protocols to create appropriate barriers and deter intrusion.
Attempts to improve systems, close gaps, minimize attack vectors, are ongoing, yet cyber threats are complex and often unique so routinely outpace the attempts to ‘lock-up’ the networks. Unfortunately, there is no standard approach, each attack needs to be addressed separately at present so until there is industry specific tailoring, these issues will persist.
Even geographically, differences occur yet these issues are sometimes beyond the technical and business focus for many small to mid-sized companies. There are several country-wise initiatives ongoing currently to assess the standardization issues with respect to the responses and focusing on gap closure, namely:
NIST (National Institute of Standards and Testing) - Framework for Improving Critical Infrastructure Cybersecurity – continues to be in development (http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf )
NDIA (National Defense Industrial Association) - Cyber Security for Advanced Manufacturing - Identifying gap closure initiatives (http://www.ndia.org/Divisions/Divisions/Manufacturing/Documents/519B/3-150219-McGrath-NDIA-Mfg-Div-Cybersecurity-Update.pdf )
Nevertheless, carrying out an in-depth assessment of the enterprise, and more importantly, the potential vulnerabilities that exist on the factory floor of a manufacturing company, is essential to begin this process of protection. Above all, understanding the possible weak zones presented from an insider threat perspective is a key first step into a complex but more secure landscape.
References:
1. Trust and verify is key to manufacturing cyber resilience – Glavach, D., (2015) SME (https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20AM%20Now%20Concurrent%20Tech.pdf)
2. Locking down the factory Floor –Waurzyniak, P., (2015) SME (https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20f2%20Cybersecurity.pdf)
About the author: Vicki Barbur works with companies in their efforts to promote innovation through portfolio management and technology partnering, and can be reached at vbarbur@gmail.com.