Even with software supposedly eating the world, there are still plenty of companies that make physical things. These products may not be as sexy or profitable as software, but they are every bit as essential.
From a cybersecurity standpoint, not much has changed in manufacturing, until recently. From piecemeal work to the assembly line, from manual labor to automation, manufacturing has grown increasingly more efficient over time, but without a corresponding increase in security threats, until one thing happened.
Companies were already making the investments in advanced manufacturing equipment when someone got the bright idea to plug all that equipment into a network so it could all talk to each other. And while the idea of the fully networked manufacturer has been a boon for productivity and profitability, unfortunately it has also been a boon for cybercriminals who specialize in attacking networked equipment.
Unique Security Challenges of Manufacturers
It’s called the Internet-of-Things (IoT) and it’s been the driving force in manufacturing design for a while now. Once you plug a piece of manufacturing equipment into a network, it becomes an IoT device.
There are many advantages of networked manufacturing equipment. For starters, they can be operated and monitored remotely, so less local staff is required. IoT devices also enable capturing real-time data and optimizing performance based on that data. With all these benefits, manufacturing equipment will remain plugged into the network.
It’s getting hard to tell the difference between a manufacturing floor and a data center. After all, both are just rooms filled with equipment plugged into a network. But there’s one big difference. The manufacturing equipment plugged into the network was never designed from the beginning to defend itself from a cyber-attack.
The IoT Security Risk
Many IoT devices used in manufacturing come with serious limitations when it comes to security. Significant threats include the following:
- Limited computing and hardware: IoT devices have limited computational abilities, which leaves minimal space for the robust data protection and security required to defend against cyberattacks.
- Varied transmission technology: IoT devices use a range of transmission technology, making it challenging to implement sufficient security methods and protocols.
- Vulnerable components: The basic components of IoT devices are often vulnerable, which leaves millions of smart devices open to attack.
- User security awareness: Organizations’ users are one of the biggest security threats. A lack of security awareness and failure to implement best practices can leave IoT devices vulnerable to attacks.
As these IoT devices evolve over time, there’s no doubt that capabilities to defend themselves will be incorporated into their design. But there’s still a lot of legacy manufacturing IoT devices out there that need to be protected today. What are some ways to go about protecting them?
One way is with threat modeling. When you threat model a vulnerable IoT device it suddenly becomes no different than any other device you threat model. It’s just a device with a series of threats and mitigations.
Until these IoT devices can better defend themselves from network attacks, the best approach is to threat model your entire manufacturing environment. And a good way to do that is with ThreatModeler.
ThreatModeler is an automated, highly-scalable threat modeling platform that makes it easy to threat model any environment, and that includes manufacturing. To learn more about ThreatModeler, you can contact us here.