How does Zero-trust matter in manufacturing?

It is common to hear about Zero-trust in data-related, security applications, and business-related sectors. Still, it is equally as essential to the manufacturing industry as to the business-related sectors. The way manufacturing works today is that many processes are automated and digitalized, which means that potential vulnerabilities need to be addressed when securing access to information. In this article, we will take a closer look at Zero-trust in the manufacturing industry and how it can help to protect data from breaches.

What is Zero-trust?

John Kindervag came up with the concept of a Zero-trust model for cybersecurity. Zero-trust treats every network user as a possible danger, requiring vetting before access. The model emerged in the cybersecurity sector, but it applies to manufacturing, too. [1]

Zero-trust is a security approach that assumes no user, device, or network is trustworthy by default. It requires strict verification of all requests for access before granting any access. This typically involves using identity and authentication methods, like multi-factor authentication (MFA) or biometric authentication, to verify the identity of the person requesting access.

In the manufacturing industry, Zero-trust can be used to protect against threats like cyberattacks, data breaches, and unauthorized access. Manufacturers can ensure that only authorized personnel can access critical systems and data by implementing a Zero-trust security framework in factories and other production locations.

How does zero-trust work to safeguard manufacturing?

Regarding Zero-trust in the manufacturing industry, several components need to be implemented.

First, each user needs to be identified and authenticated using a unique ID or biometric authentication, which will help ensure that only authorized personnel has access.

Once this is in place, manufacturers can implement stricter access control policies and procedures. This includes establishing roles and permissions and setting up access management tools to limit who can view or edit certain documents. In addition, companies should monitor all activities to ensure that no unauthorized access occurs.

Finally, companies should also use encryption to protect data from potential threats. All sensitive information should be encrypted, and any data being sent or stored outside the production environment should also be encrypted to ensure that it remains secure.

Threat is Real

The Zero-trust model in manufacturing means that stakeholders never automatically give consent for a company to access the network. A study published in November 2020 showed that manufacturers are increasingly at risk of attacks that use encrypted channels to bypass existing security controls. More specifically, the manufacturing sector faced 1.1 billion of these threats, representing 17.4% of all episodes of this type. [2]

Manufacturing cyberattacks are on the rise

In the United States, 50% of manufacturing companies reported a data breach or cyberattack in the previous year, with 73% of attacks being financially motivated.

Key takeaways:

• The meat processing giant JBS was hacked by the Russian hacker group REvil, causing global meat distribution to be disrupted.
• The company paid $11 million to the cybercriminals to restore its systems after the ransomware attack.
• Such manufacturing cyber security breaches were virtually unheard of a decade ago. Nonetheless, ransomware experts estimate that hackers targeted 40 food processing companies a year before.
• This is part of a worrying trend of increased cyberattacks in the industry, like the attack on Colonial Pipeline and Norsk Hydro.
• These attacks brought critical industrial companies to a halt.
• While not all attempts are successful, 50% of manufacturing companies reported a data breach or cyberattack in the previous year, with 73% of attacks being financially motivated, which is sobering.
• Cybercriminals take advantage of the fact that manufacturers cannot afford to be down for extended periods.

Reliance on supply chains and remote access has increased during COVID. In addition, social distancing has necessitated remote access in unexpected ways and provided a backdoor for cybercriminals. Manufacturers often have a quality control system directly connected to the production line so that machines can be stopped if there are quality problems. Why, then, would a cybercriminal attack the manufacturer? Attack the supplier since that person likely has access to ten different production customers. According to Langer, a cybersecurity expert who works for the Israel Defense Forces, this classic supply chain attack tactic is becoming more common. [3]

A Case Study: Injecting Ransomware via Remote User Account Exfiltration

The cyber security consulting firm Halock shares an actual customer use case and explains the attack, how they resolved vulnerabilities, and what steps were taken to secure the organization. It is a potential threat that can be faced by any manufacturer, and learn how to mitigate it to gain more insight.[4]

THE ATTACK: Adversaries used data theft techniques to exfiltrate vulnerable information and hold internal ransom systems. The incident led to the company negotiating a Bitcoin payment to recover data increasing the financial impact on the organization.

ATTACK EXECUTION: Through a phishing campaign, adversaries could obtain user credentials and VPN settings to gain internal network access. Mimikatz was then installed on vulnerable systems to recover Windows Service Accounts. Internal assets were infected with Medusalocker ransomware using data transfer services. Attackers held internal ransom assets and exfiltrated valuable data for financial gain.

VULNERABILITY MITIGATION: It was discovered that the VPN authentication utilized the same credential as Active Directory. The endpoint detection capabilities of the anti-virus solution lacked anti-exploit monitoring to restrict the execution of Mimikatz, which allows users to view and save authentication credentials and the ransomware Medusalocker. The HALOCK team identified the attack vector malicious binary code, shut down all external access, including O365 replication, and reset all user passwords. Recovered systems that had capable backups. The organization paid the ransom for unrecoverable critical data through an insurance-appointed ransom negotiator. The consultants developed a comprehensive security plan to continually protect and monitor the manufacturer's network.?

Among the safeguards were:?

? Implementation of MFA for VPN authentication and Microsoft 365?

? Upgrading endpoint protection?

? Launched a robust email filtering system?

? Conducting security awareness training on phishing campaigns?

? IT training on new protective measures?

? Developed critical system backup plan to ensure they are recoverable from malware attacks?

? Scheduling regular vulnerability scans and threat monitoring to identify risky login attempts

Possible Solutions

Fortunately, implementing Zero-trust manufacturing and appropriately managing all the components that fall within it can help avoid attacks like those noted above. It is beneficial for manufacturers to follow several best practices, such as introducing device-based, tamper-resistant hardware secure elements and enabling end-to-end encryption.

• Hardware-based security:?Tamper-resistant hardware secure elements create a trustworthy foundation.
• On-device key generation:?Devices can verify their identity by securely generating and storing private keys.
• PKI management:?Standardizing PKI and certificate lifecycle management can prevent outages.
• Secure communication with end-to-end encryption:?Using encrypted SSL/TLS or IP VPN communications ensures data security.
• Secure bootstrap certificate:?When the bootstrap certificate is updated, the device boots up with the correct firmware.
• Enable mutual M2M authentication:?Enabling machine-to-machine (M2M) mutual authentication provides two-way verification.
• Centralized code signing:?Ensuring firmware updates are signed by the developer and authenticated by the device avoids compromising situations. [5]

As you can see, incorporating full-blown Zero-trust manufacturing security measures goes beyond accepting anyone who enters the correct password.

Another way is to segment your data and limit the number of users accessing it. Hackers may get access to one data segment or a single resource, but they'd have to successfully enter numerous others before causing damage. Yet, this creates another problem as data sources become scattered and siloed, often not optimal. However, in reality, for many legacy companies, like the majority of manufacturers, this is still a common practice. [1]

Conclusion

Zero-trust implementation can be a daunting challenge for any company, including the best IT companies. For manufacturers, it would be that much more difficult and require a lot of resources and expertise to put such infrastructure in place. Still, Zero-trust security architecture can help protect against cyber threats, unauthorized access, and malicious activity while providing enhanced visibility into connected devices on the factory floor. As the manufacturing industry continues to become more digitalized, manufacturers must ensure that their data remains secure and protected. Zero-trust is a great way to provide extra security and peace of mind.?

TPC was digitized earlier than most manufacturers in our class due to its early adoption of cloud technologies and workflow management. From robotics to 3D printers, our dedicated digital transformation team is committed to securing our digital assets while aligning with our company's growth plans. Get the latest industry perspectives and company updates by subscribing to the newsletter.

Contact us at @TPC as you plan your next factory automation project, and we'll make sure that your concerns are addressed from the ground up, from manufacturing to digitization to automation.