Lack of IT-OT collaboration holding back smart factory security projects
61% of manufacturers have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk, according to a Vanson Bourne survey of 500 IT and OT professionals in the United States, Germany and Japan.
Outages
75% of them suffered system outages as a result, and 43% said outages lasted more than four days.
“Manufacturing organizations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, process and technology, and it gives bad guys a chance to attack.” said Akihiko Omikawa, executive VP of IoT security for Trend Micro.
Smart factory security projects
The results from all three countries showed that technology (78%) was seen as the biggest security challenge, although people (68%) and process (67%) were also cited as top challenges by many respondents. However, fewer than half of the participants said they’re implementing technical measures to improve cybersecurity.
Asset visualization (40%) and segmentation (39%) were the least likely of cybersecurity measures to be deployed, hinting that they are the most technically challenging for organizations to execute. Organizations with a high degree of IT-OT collaboration were more likely to implement technical security measures than those with less cohesion.
IT-OT collaboration
There was a particularly big gulf between organizations with high IT-OT collaboration verses those with little to no IT-OT collaboration in the use of firewalls (66% verses 47%), IPS (62% verses 46%) and network segmentation (54% verses 37%).
Standards and guidelines were cited as the top driver for enhanced collaboration in the United States (64%), Germany (58%) and Japan (57%). The National Institute of Standards and Technology’s (NIST) Cyber Security Framework and ISO 27001 were among the most popular guidelines.
The most common organizational change cited by manufacturers in all three countries was appointing a factory CSO.
How to secure smart factories and keep their operations running
- Prevention by reducing intrusion risks at data exchange points like the network and DMZ. These risks could include USB storage devices, laptops brought into a factory by third parties, and IoT gateways.
- Detection by spotting anomalous network behavior like Command & Control (C&C) communication and multiple log-in failures. The earlier the detection, the sooner attacks can be stopped with minimal impact on the organization.
- Persistence is crucial to protect smart factories from any threat that has evaded prevention and detection stages.