Cybersecurity for Manufacturers: How to Protect OT Infrastructure

The latest cyber-attacks on manufacturers and infrastructure, such as the one on Colonial Pipelines, Merck, or the water treatment plant in Florida, have shed some light on the vulnerability of numerous organizations considered as critical infrastructure. But if you are a manufacturer, don’t feel complacent. These infrastructure organizations are basically manufacturing environments, and the cybersecurity problems they experience are the same ones facing most manufacturers.


How the manufacturing environment is different from other businesses

Manufacturing environments are difficult to protect because IT technologies (servers, workstations, IT applications) and operating technologies (OT) used to operate production lines, control temperature and humidity, etc., coexist in these environments.

Some OT systems have the latest operating versions, but if you have legacy systems, the systems may not be supported with new updates. In some cases, the developer may even be out of business. This can leave your OT environments vulnerable.


The challenges of OT cybersecurity

Manufacturing environments tend to have more OT devices as part of the network. Streamscan has been managing cybersecurity for manufacturers for nearly a decade now, and here are some cybersecurity challenges we see regarding OT devices:

IT teams have little expertise in OT and may not know how they work. To illustrate, one IT specialist we met at a plant said, the "OT box is blinking green," so you know everything is working fine, he concluded. This lack of understanding of OT means that little attention is paid to’’’ security.

For years now, manufacturers have been deploying OT devices, and, typically, as long as they are up and running, nothing is touched. That means no security patches are applied even though they may have security vulnerabilities.

In factories, many OT devices are readily accessible via the Internet without the knowledge of internal teams. And these devices are under attack 24/7, by bots that scan them for vulnerabilities to exploit.

Manufacturers often don’t have an inventory or full visibility on their OT devices. You can only protect what you can see. So each OT device you aren’t monitoring becomes a blind spot that a hacker can exploit.

Many manufacturers' OT devices are managed by third parties who access them remotely for maintenance. These accesses are usually done through high-risk means such as default or very weak passwords, insecure communication protocols, etc.


Take control of your OT Security!

Here are some simple steps you can take to improve the security of your OT assets:

1 - Identify all of your OT equipment and establish an accurate inventory:

  • type of each OT device
  • its role
  • its criticality level
  • If you find some that are no longer needed or whose presence is not justified, disconnect them because each OT device represents a potential point of attack

2 - Review your accessibility strategy for your OTs on the Internet.

  • Does this OT equipment really need to be accessible from the Internet?
  • If not, cut off access.
  • If yes, measures such as IP filtering allow you to limit access to only those third parties who need to access the OT devices.
  • Remember, botnets scan the Internet 24/7 for vulnerable systems.

3 - Change all default passwords on OT devices.

  • These devices are usually put into production with default passwords that are never changed. However, it only takes a few searches on the Internet to find out their default passwords. (this advice applies across all OT and IT technology)

4 - Make sure your OT devices are physically secure and cannot be easily reached by unauthorized people who have access to your plant.


5 - Ensure that the passwords used on your OT devices are strong to minimize the risk of unauthorized access.


6 - Rigorously manage third-party access to your OTs.

  • If third parties access and maintain your OT devices remotely, ensure they use secure means to manage them (MFA authentication, etc.).

7- OT vs IT segmentation and isolation

  • Implement network segmentation between your IT and OT devices and limit communications to the strict minimum necessary. The physical disconnection of these two types of networks (commonly called Air Gap) is the best thing to do if you are not in an Industry 4.0 type convergence dynamic.

8 - Security vulnerability management

  • OT equipment firmware is a vulnerability in the same way as any operating system. You must perform regular vulnerability scans and apply security patches to your OT devices.

9 - Harden your OT devices (disable unneeded ports, install an antivirus if possible), etc.


10 - Incident response plan

  • Develop an incident response plan and run regular tests or simulations to ensure that you are ready if you are targeted

11 - Deploy cybersecurity technologies to detect attacks targeting your OT (e.g., Streamscan CDS) to be able to detect cyberattacks proactively.


Where to start?

In order to start the process of securing your OT, we recommend that you start with a security audit. You can download our audit template from our resource centre.


How can Streamscan help you with your OT security?

Streamscan has in-depth expenrience with OT cybersecurity management and is currently helping many leading manufacturers secure their IT and OT infrastructures. We apply industry best practices to get the best results when securing your OT assets (quality/cost ratio). And we apply our 20/80 strategy to the context.

  • Our CDS cyber threat detection technology automatically discovers IT and OT devices installed in a network. It allows you to establish an inventory of all OT devices used in your network. Full 360-degree visibility of IT/OT devices is the key to cyber security.
  • Our CDS can detect cyber attacks targeting your OT devices, as well as vulnerabilities in your OT devices.
  • Our MDR security monitoring service allows you to proactively and continuously manage the security of your IT and OT network via our team of seasoned cybersecurity analysts.

Need Help? StreamScan is Here.

Whether you need help conducting a security audit, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with years of experience in the manufacturing sector who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.