Efficient Plant Nov./Dec. 2022 - 17

feature | cybersecurity
Opposite. Equipment sabotage, insider threats,
and supply-chain attacks are the three primary
vulnerabilities used by hackers to attack manufacturing
operations.
unintentionally, by clicking on a bad link.
Th ese " internal threat actors " also can be
invisible. In many cases, they have authorized
access to or knowledge about an organization's
assets or resources. Th ey also have
credentials and know-how and are hard to
detect.
Most cyberattacks that target manufacturers
originate on the outside. But 12% come
from workers or others with insider access,
according to Verizon's 2022 Data Breach
Investigations Report (verizon.com). Most
(nearly 90% according to Verizon) have a
fi nancial motive.
What about when there is no real motive?
An employee working from a coff ee shop
who doesn't use the company's virtual private
network (VPN) connection is a threat. Th e
worker who writes a password on a note and
sticks it on their computer is a threat. So is
the employee who lets someone " tailgate, " or
follow him, into a badge-secured part of a
factory.
Th reats don't come simply from current
employees. Trusted people with access can
include the aſt er-hours maintenance company.
Former workers also can pose a threat.
" Accidental " insider threats can be mitigated
with training and by creating a company
culture that emphasizes the importance of
cybersecurity. Employees can be taught to
watch for phishing attacks that most commonly
arrive through email. Reinforcing a
security-aware culture will remind people
that it's part of their job to protect the organization's
assets.
Monitoring morale inside an organization
is crucial. Th at will help identify disgruntled
employees. Background checks can fl ag
potential problems. Vendors should also be
asked about their background-check policy.
Th ird-party service organizations that have
NOV/DEC 2022
access to a company's building or data should
provide information on how they vet hires.
Also, as soon as an employee leaves, system
access should be revoked.
3
SUPPLY-CHAIN ATTACKS
Supply-chain attacks are a cybercriminal's
version of climbing the ladder:
Th ey get a foot in a company's door and then
aim straight for the top.
Th e " top " is oſt en the largest partner in a
company's supply chain. Or it could be an
organization's most sensitive information.
Insidious and on the rise, these attacks are
hard to prevent because the bad actors are
getting in through an unlikely source-trusted
third parties.
Trusted third parties can be vendors, which
is what happened to Target in 2013, an event
still making headlines. Criminals were able
to steal the fi nancial and personal information
of as many as 110-million customers
by hacking a company that serviced Target's
HVAC systems and had access to the retailer's
network for things such as billing and contract
submission, according to a U.S. Senate
committee report. Using the stolen vendor
credentials, cyber thieves moved throughout
the network, getting to the most lucrative data
and installing malware to steal it.
Trusted soſt ware vendors are another
threat source. Th at was the path used for
2020's SolarWinds hack, whose victims
included U.S. government agencies.
In the SolarWinds attack, hackers that
the United States later linked to the Russian
Foreign Intelligence Service (SVR), planted
malicious code into the soſt ware fi rm's
internet technology management tool Orion,
which was used by thousands of networks
around the world. Using backdoor malware,
delivered as a soſt ware update, cybercriminals
got into the networks of about 100 companies
and at least nine U.S. agencies.
Avoiding such attacks is not easy. But there
are cyber-defense strategies that can help.
Manufacturers should:
Identify all hardware and every piece
of soſt ware that they run. Without that
knowledge, it's impossible to know what
could be attacked or whether any of those
crucial assets have vulnerabilities that can be
exploited.
Monitor those assets and act when there's
a red fl ag. In a 2014 report, the U.S. Senate
Committee on Commerce, Science, and
Transportation said Target appeared, " to
have failed to respond to multiple automated
warnings from the company's anti-intrusion
soſt ware that the attackers were installing
malware on Target's system. "
Segment or partition networks. In another
example from the Target breach, the part
of the network that handled HVAC contracts
should not have been linked to the section
handling sales. Th ose should be separate
systems, which can be done through
network segmentation.
Adopt a Zero Trust model (meaning trust
no one and verify everyone). A user ID and
password should not be enough for network
access. Everyone-vendors, employees,
visitors, and contractors-should be
required to confi rm their identity with
multifactor authentication.
Vet all vendors and make sure they are
doing the same with their vendors. Include
required levels of cybersecurity in vendor
contracts.
It's never been more important to make
certain that " trusted " vendors are able to
prove they can be trusted. EP
Cristi Kempf is a contributing writer for MxD,
Chicago (mxdusa.org). Kempf is a former journalist
with almost 35 years of experience. MxD
(Manufacturing x Digital) is where innovative
manufacturers go to forge their futures. In
partnership with the Department of Defense,
MxD equips U.S. factories with the digital tools,
cybersecurity, and workforce expertise needed
to begin building every part better than the last.
EFFICIENTPLANTMAG.COM | 17
http://www.verizon.com http://www.mxdusa.org http://www.EFFICIENTPLANTMAG.COM
Efficient Plant Nov./Dec. 2022

Table of Contents for the Digital Edition of Efficient Plant Nov./Dec. 2022
