With the ongoing digital surge in heavy industries such as energy, manufacturing, and mining, cybersecurity concerns continue to grow due to the convergence of distributed systems coupled with complex technology – often consisting of not only connected assets but also digital networks of supply chains and partners. As the scope of the Industrial Internet of Things expands to factory floors and externally connected assets, the possibilities of cyber-attacks increase manifold and not least due to voluminous data transfer including exposure to third party networks. 

Rather alarmingly, IBM X-Force Research identifies manufacturing as the second most cyber-attacked industry, after healthcare. To be sure, almost 40% of manufacturing companies have faced cyber-attacks during the last one year(Re: Deloitte). And, thirty-eight percent of the companies had suffered more than $1 million in losses.  

Critical areas of the manufacturing ecosystem 

The key assets of manufacturing organizations include – IT, OT, and management assets. IT assets include system logs, network access details, and network structure. OT assets include SCADA systems and system configuration. Management assets include customer and employee data and internal communications. Cyber criminals often exploit loopholes of the operational control systems like SCADA and ICS. As per the 2018 Forrester SCADA report, 56% of organizations having operational systems of SCADA or ICS had faced a security incident. 

The threat of cyber-attacks not only poses the usual business problems such as intellectual property and data theft, but also a threat of infiltration in the operations resulting in complete plant shutdown, quality issues which can go undetected leading to consequences affecting human lives most adversely.

Despite the looming risks, heavy industries lag behind the other industries considerably in terms of cybersecurity spending. As per Mckinsey, industries like financial services, insurance, and education spend on an average ~6.2 percent of their IT budget on cybersecurity; whereas, the average spending of just 4.9 percent, in the cases of electrical and energy companies, is starkly in contrast.

Understanding cyber-attacks in manufacturing

Cyber-attacks consisting of social engineering scams, phishing, and malware have proliferated during the ongoing pandemic due to an increase in remote operations.

As per NAM, the manufacturers have experienced the following types of attacks in recent months.

Hands-on the keyboard: Advanced Persistent Threat (APT) malware usually forms remote command and control channels that enable attackers to have “hands on the keyboard” access to the target environment and steal highly sensitive data. Such an attack can result in intellectual property theft, exposure of highly confidential data, or a complete takeover of the organizational infrastructures such as databases. 

Malware: Malware is a malicious intrusion designed to infect either individual computers or an entire organization's network. Ransomware is a widely used form of malware where an entire environment and back-up systems are sabotaged to create massive disruptions. In October 2019, a German manufacturer Pilz was attacked by major ransomware, resulting in an operational shut down for more than a week. As per a report, the average ransomware payments have increased by 184% at the beginning of 2019 and affected businesses for an average of 9.6 days.Ransomware is rising globally and expected to result in a loss of $20 billion by 2021.

Culture-based attacks: This includes social engineering attacks consisting of malicious human interaction and psychological manipulation. Such attacks take place in more than one step where the attackers investigate the potential victims beforehand to know potential entry points for accessing the critical systems. Popular types of techniques involved here are: 

• Phishing: This is one of the most widely used scams where attackers send fake emails giving out the impression that they are from a legitimate government or organizational entity. The messages often contain branded messages to convince victims of their legitimacy. For example, during the ongoing pandemic, there was a wide surge in fraudulent emails, claiming to have been sent from WHO which offered to provide information about the coronavirus spread. 
• Spear Phishing: It is a highly targeted form of phishing where attackers address a specific person or an organizational entity. The messages are customized to suit the target's job profile and contacts. For example, a fake message is sent as claiming to have come from an organizational leader such as the CEO and it might request information about the credentials of industrial control systems.
• Pretexting: Such attacks use clever lies in the emails, posing to need sensitive information to perform a critical task. They are designed to lure the victims in sharing their personal information resulting in identity theft, or malware installation.
• Scareware: In this attack, victims are sent false alarms and threats that are designed to infect the target's system with malware through seemingly legitimate pop-ups. For example, emails pretending to have been from the medical service providers were sent to targets in Japan during the early months of this year, containing attachments claiming to include secret cures for the coronavirus.  

Vulnerability Detection with Eugenie

Eugenie’s robust AI workbench enables organizations to locate threats relating to IT and OT in real-time, which can be indicative of potential security breaches. Eugenie can track and notify anomalous behaviors that can help in mitigating serious security risks such as data theft, malware, phishing, etc. In digital manufacturing, SCADA and ICS systems are the most vulnerable to external threats. Proactive identification of threats through asset and network monitoring can prevent attacks and protect organizational assets and people. Eugenie’s predictive insights can generate a comprehensive analysis of various risk-factors with their corresponding severity as well as suggested preventive actions. 

Eugenie’s machine learning-based unsupervised algorithms can monitor networks as well as device usage patterns to learn any behavioral deviations with proven efficiency. The framework for Spot, Explore, Exploit of Eugenie assists organizations in harnessing the value of data by helping decision-makers in mitigating risks. Recently, Eugenie had successfully detected cyber attacks with high accuracy in a secure water distribution network. 

Conclusion

The manufacturing sector is going through a sea change with a plethora of opportunities in terms of new processes, technologies, and products. But along with the available opportunities, the threat landscape has expanded, resulting in a need for a strong organizational cybersecurity strategy. Cybersecurity is not merely an IT problem, but an all-encompassing organizational risk challenge. 

Establishing effective cybersecurity practices, risk assessments, audits, forming incidents plans will be critical in protecting informational infrastructure. For protecting the critical assets of data, people, infrastructure, and applications, manufacturing companies need to deviate to risk-based decision making consisting of increased awareness of threat assessment and measures of detection and prevention.