Share This:    

Cybersecurity for Smart Manufacturing

Traditional factories have long been an information silo with fewer cybersecurity concerns than enterprise networks, which typically have numerous external access points. Nowadays, smart factories involve mass-customization and cloud services, which requires IT and OT to be integrated by connections to sensors, machines, and production lines. Through technology, smart factories can consolidate data, making the ICS (Industrial Control System) network in these factories more vulnerable to the external and internal threats such as hacking, malicious attacks, or even malpractice by employees. 

To address these issues, the top priority when enabling cybersecurity is to allow only necessary traffic on mission-critical networks. In other words, you need to create a “clean” network environment to protect smart machines, production lines and ultimately your entire factory. This level of protection is achieved with industrial firewalls and other industrial networking devices that comply with the IEC 62443 industrial security standard. IEC 62443 defines guidelines for different parts of a network and those who perform different responsibilities on the network.


Protect Your Smart Machines

General firewalls can filter data at the IP or MAC layer to prevent any unauthorized access to critical machine and equipment. Traditionally, firewalls deny all inbound traffic and allow only one-way or round-trip traffic that are on firewall whitelists. However, whitelisting only blocks un-authorized hosts but grants access to all authorized hosts at the IP or MAC layer. As network complexity increases with smart factories connected to the industrial internet of things, whitelisting traffic control becomes inadequate to provide effective network security for industrial applications. What is needed are well-designed firewalls that can allow or deny traffic based on protocols, to enable checks on control data commands at the application layer, such as Modbus TCP deep packet inspection.

For more details, download our white paper on How to Choose the Right Industrial Firewall: The Top 7 Considerations.


Protect Your Smart Production Line

Mass-customization production lines are comprised of heterogeneous machines that communicate in different languages (protocols). It’s always a challenge for general industrial users to configure security-related parameters. In order to manage the complex network with ease and prevent unauthorized access, utilize a comprehensive automation profile function that supports most common fieldbus protocols, including EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, Modbus/TCP, and PROFINET. Users can easily create a secure Ethernet Fieldbus network from a user-friendly web UI with a single click. 



Protect Your Smart Factory

To enhance the entire network security of your smart factory, the traffic that passes between the ICS network and enterprise network must be scrutinized and filtered. Cybersecurity experts believe that one of the best methods to filter traffic is to pass the data through a demilitarized zone (DMZ). By utilizing a DMZ, there is no direct connection between the secure ICS network and the enterprise network, but the data server is still accessible by both. Eliminating a direct connection between secure and enterprise networks significantly reduces the possibility that unauthorized traffic can pass through to different zones, which have the potential to jeopardize the security of the entire Smart Factory network. For more information on industrial network security, here are 3 Aspects to Consider When Securing IACS Networks.


Threat Hunting in ICS Networks

To proactively identify ICS cyber threats before they impact your business, threat hunting is a practice used to search through networks for indicators of abnormal behavior caused by potential cyber threats. Since it’s not possible to catch 100% of cyber threats through existing security measures, threat hunting has become a popular approach to detect possible issues.


Damiano Bolzoni, CEO of SecurityMatters writes:

While threat hunting is not specific to IT, one may wonder why this discipline should be relevant for industrial environments. After all, there have been relatively few documented cyber-attacks impacting ICS networks.

The truth is that, while the likelihood of a cyber-attack against ICS is low, cyber incidents happen daily. Cyber incidents include small to major disruptions due to misconfiguration, erroneous commands/operations, software errors or device failures which are not intentional, but nevertheless impact the asset owner’s bottom line. Hence, hunting for anomalous behavior becomes crucial for every critical infrastructure and manufacturing organization to anticipate potentially disruptive events and minimize unexpected downtime.

Here are a few use cases that demonstrate how threat hunting can be applied to anticipate and effectively prevent cyber incidents in ICS networks:

  • WannaCry: Analysts can analyze SMB network communications to identify vulnerable device and entry points for the malware spread.
  • PLC/RTU malfunction: Looking at indicators within industrial protocol messages, analysts can identify PLCs and RTUs which are not operating as expected, due to a malfunction or misconfiguration.
  • Predictive maintenance: The behavior of field devices such as PLCs and RTUs can often suggest when the device is near end of life or needs replacement. Catching early indicators allows operators to replace the device before its failure.


The Keys to Successful ICS Threat Hunting

In threat hunting, analysts create “assumptions” or “behavioral patterns” that are then automated to quickly search the network for threat indicators. Cyber threats could manifest in various ways, leveraging weaknesses unique to a specific environment. Thus, it is essential that analysts have a clear picture of their underlying environment and its expected operation.

ICS environments are very well suited for this. Compared to IT networks, ICS networks are less dynamic and diverse in terms of applications being used, number of end users and network assets, as well as the number of information flows. These factors make the task of determining the normal behavior of an ICS network much easier.

Baselining normal network behavior provides threat hunters with good real-time visibility into network assets and events, as well as the required knowledge about existing system vulnerabilities and suspicious network activity. Constraints imposed by vendors make the use of active asset inventory or agent-based solutions a no-go for ICS networks, but automatic passive asset inventory and real-time network monitoring tools have repeatedly proven successful in this space.


The Way Ahead

In the years to come, we expect threat hunting to become part of the cyber security strategy of every critical infrastructure and manufacturing operator. Threat hunting teams will play a crucial role in the protection of ICS networks from cyber threats and cyber incidents, bringing benefits to both security and productivity. For effective threat hunting, it is essential to equip skilled analysts with flexible automated tools that allow searching the network for threat indicators or compare assumptions with normal network behavior.

SecurityMatters empowers critical infrastructure and manufacturing organizations with the ability to identify, analyze and respond to industrial threats and flaws, minimizing troubleshooting costs and unexpected downtime. SecurityMatters’ SilentDefense leverages OT-specific knowledge and understanding to provide visibility into critical assets and their activity and to easily detect operational problems, cyber security threats and compliance issues.

Content Feature Main Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec leo urna, ornare et ipsum sed, vehicula pellentesque lacus. Nulla interdum urna neque, sed sodales risus interdum quis. Mauris eu felis dignissim, ornare mi ut, vehicula mi. Donec semper magna eleifend, placerat leo sed, pellentesque mi. Curabitur eu lobortis tortor.

Fusce lectus eros, lacinia in placerat a, viverra quis sem. Suspendisse ut convallis tellus. Integer eu maximus libero. Nullam at maximus dolor, eu dictum ligula. Curabitur at iaculis mauris. Quisque non imperdiet augue, sit amet egestas lacus. Cras mattis dui et aliquet sodales. Morbi sapien quam, consectetur sit amet diam sed, viverra posuere arcu. Phasellus pretium vitae libero id facilisis. Nulla facilisi.

Video Feature Main Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec leo urna, ornare et ipsum sed, vehicula pellentesque lacus. Nulla interdum urna neque, sed sodales risus interdum quis. Mauris eu felis dignissim, ornare mi ut, vehicula mi. Donec semper magna eleifend, placerat leo sed, pellentesque mi. Curabitur eu lobortis tortor.

Fusce lectus eros, lacinia in placerat a, viverra quis sem. Suspendisse ut convallis tellus. Integer eu maximus libero. Nullam at maximus dolor, eu dictum ligula. Curabitur at iaculis mauris. Quisque non imperdiet augue, sit amet egestas lacus. Cras mattis dui et aliquet sodales. Morbi sapien quam, consectetur sit amet diam sed, viverra posuere arcu. Phasellus pretium vitae libero id facilisis. Nulla facilisi.

Subscribe to Moxa

Sign up to receive news, special offers, and industry information