The Concealed Safety Hazard on Our Factory Premises
The foundation of America’s manufacturing sector is in jeopardy as companies hurriedly move towards upgrading without fully understanding the potential risks involved.
The foundation of America’s manufacturing sector is in jeopardy as companies hurriedly move towards upgrading without fully understanding the potential risks involved. The issue arises from the essential mismatch between the outdated and the contemporary. Industrial control systems (ICS) and SCADA (supervisory control and data acquisition) networks were constructed as standalone systems, never intended to be linked to the internet. Nonetheless, the current push for digital transformation is compelling these systems to go online, creating a delicate balance between efficiency and safety. The effects of this balancing act are already being witnessed. Recently, a global manufacturer in the Fortune 500 faced a potentially disastrous vulnerability. In their efforts to modernize production facilities, the company fused its SCADA network with cloud-based analytics and remote monitoring solutions. However, during this process, several SCADA endpoints were mistakenly left vulnerable to the public internet. In the absence of robust authentication controls or segmentation, these systems became attractive targets for malicious attackers. The resulting implications were extensive and severe. Unauthorized access to SCADA systems meant that attackers could potentially tamper with industrial processes, resulting in production downtime. Since these systems oversee physical machinery, any breach could pose safety hazards, endangering workers and potentially causing damage to valuable assets. The reliability of crucial telemetry data was also on the line – unauthorized entry could enable attackers to manipulate parameters, leading to flawed production output. In addition to operational concerns, many industries require strict cybersecurity measures for ICS/SCADA compliance with standards such as NIST 800-82 and IEC 62443. This implies that any security breaches could lead to substantial fines and reputational harm.
This serves as a wake-up signal for an industry racing towards digital transformation without completely grasping the risks involved. While the manufacturing sector’s adoption of cloud computing and remote monitoring may enhance efficiency, it is simultaneously opening up unprecedented vulnerabilities in systems that were never intended to be linked to the external world. The Immediate Risk: Consider this – the industrial control systems managing our factories today were designed for an era where physical security sufficed, where a locked door and a security guard could ensure the safety of your assets. Now, in our urgency to modernize, we are connecting these very systems to the internet, often through inadequately secured cloud solutions and remote access tools.
In the aforementioned scenario, attackers could have potentially gained control over factory equipment, endangering workers, halting production, or worse, without the company realizing they were exposed. Traditional security tools completely overlooked these vulnerabilities as they were not designed to detect them. It is a blind spot that is increasingly prevalent in the manufacturing sector, where the distinction between operational technology and information technology is becoming blurred. The Overlooked Aspects in Traditional Security: Despite implementing basic security protocols like vulnerability scanners and network monitoring, organizations frequently remain ignorant of their actual vulnerabilities. Case in point, several major manufacturers had their internet-facing OT assets uncovered during routine external scans. These were not minor oversights – they included exposed programmable logic controllers (PLCs), human machine interfaces (HMIs), and even remote terminal units (RTUs) directly managing industrial processes. Their internal security teams were unaware that these systems were accessible from the public internet. Why do these overlooked aspects persist? The primary issue often lies in how industrial networks evolve. A vendor may install a cellular modem for remote maintenance, or an engineer might establish a temporary VPN for remote monitoring that turns permanent. Traditional security tools overlook these exposures because they function based on outdated assumptions – scanning known networks, verifying registered assets, and monitoring documented systems. However, in today’s manufacturing environments, where Shadow OT and unmanaged connections are widespread, this internal approach leaves critical loopholes. Security teams require tools that can identify and oversee industrial assets from an attacker’s viewpoint, recognizing exposed systems before they are exploited. Viewing Your Factory from the Perspective of an Attacker: Manufacturers need to fundamentally reevaluate how they supervise and safeguard their industrial systems. The traditional “inside-out” security approach, which hinges on internal network scans and predefined asset lists, is no longer adequate. Instead, organizations should embrace an “outside-in” approach that scrutinizes their infrastructure from the viewpoint of an attacker.
This outside-in approach has already shown efficacy in real-world scenarios. Recently, a major manufacturer leveraged outside-in reconnaissance to assess their externally exposed systems utilizing OSINT techniques hackers would deploy to locate the best entry points into their organization. This assessment unveiled several internet-facing industrial systems that their conventional security tools had missed, including exposed SCADA endpoints controlling crucial production processes, industrial protocol converters granting remote access, and human machine interfaces (HMIs) with default credentials still enabled. What to do: Begin by examining external exposures. Since over 80% of breaches involve external actors, start by identifying what can be seen from the internet. Look for any internet-facing industrial assets, such as controllers, HMIs, protocol converters, and remote access solutions.
Adopt a broad discovery approach. Do not restrict security assessments to known assets or networks. Conduct scans across all business units, subsidiaries, and acquisitions to find “shadow OT” – industrial systems connected to the internet without the security team’s awareness.
Execute thorough testing. Carry out comprehensive security evaluations of all exposed assets, not solely those deemed critical. This should encompass checking for default credentials, unpatched vulnerabilities, and insecure configurations particular to industrial systems.
Evaluate the impact, not just the technical severity. When prioritizing which vulnerabilities to address, take into account business impact factors like operational dependencies, safety implications, and regulatory requirements specific to industrial environments.
Integrate discoveries broadly. Ensure that exposed vulnerabilities are communicated to all relevant stakeholders – from security teams to operational staff to executive leadership – to steer coordinated remedial measures. The Valuable Insights: Some argue that the advantages of digital transformation outweigh its risks in manufacturing – they are correct, provided we prioritize security. Although the situation I described had a favorable outcome with vulnerabilities identified and resolved proactively, we may not be as fortunate as the attack surface expands. Modernization in manufacturing is inevitable, but its success rests on addressing cybersecurity not merely as an IT issue but as a fundamental operational risk necessitating leadership attention. The time to take action is now, by securing these newly interconnected systems before attackers exploit them, and we learn these lessons under challenging circumstances.
About Author
