Protect your Manufacturing Process from Hackers and Ransomware PostedTuesday, June 6, 2017 at 8:30 AM Filed Under Cyber security Industrial Networks - ControlNet Industrial Networks - DeviceNet Industrial Networks - Ethernet Industrial Networks - EtherNet / IP Industrial Networks - FOUNDATION fieldbus Industrial Networks - HART Industrial Networks - Modbus/Modbus IP Industrial Networks - PROFINET/PROFIBUS Security systems Cybersecurity Embedded systems I/O systems, modules IIoT Individual PCs Industrial PCs Manufacturing IT, MES Ransomware and WannaCry Recently a ransomware attack known as “WannaCry” or “WannaCrypt” emerged and it has been deemed the single largest cybersecurity attack in history to date. It has infected over 300,000 computers in more than 150 countries. How Ransomware Works Ransomware is an extremely disruptive attack that spreads to a user’s computer through the opening of a malicious email or attachment, a malicious link, or an infected social networking site. Once inside the user’s computer, ransomware works by encrypting all of his or her computer files making them inaccessible. The user is usually given an indication by the hacker that their files have been encrypted and that he or she must pay a ransom of a specified amount in order to get his or her files unencrypted. The ransom is only accepted if paid with an untraceable currency such as Bitcoin, which was seen with WannaCry. However, even if the user pays the ransom there is no guarantee that the user’s files will be recovered as it is up to the hacker to decide whether the files are returned. If the user fails to pay the ransom within an indicated time frame, his or her files will be permanently deleted. How Ransomware is Affecting Businesses Previous ransomware attacks for the most part purely targeted individuals; However, WannaCry has started to affect whole businesses as well. Industries like health care (The BBC says that, “some of the biggest disruption was caused by attacks on the UK health system, which saw hospitals and clinics forced to turn away patients after losing access to computers”), transportation, courier delivery, telecommunication, manufacturers, and many others are being significantly disrupted by WannaCry with some companies being forced to stop operations entirely. Manufacturing at Risk Healthcare organizations, to date, have seen the prevalence of ransomware affect their operations more than any other industry. However, research by Fortinet suggests manufacturing is likely to be the next industry targeted heavily by ransomware. According to Fortinet’s CTAP Threat Landscape report (2016): This threat of ransomware in manufacturing environments should not be understated. In today’s world of computer controlled and managed manufacturing, system disruptions at any point can have ripple effects along the entire supply chain. This can result in millions of dollars in unseen costs: loss of man-hours waiting for systems to come back up, missing material or product shipments, forensics and clean up, and in some cases where companies are reliant on legacy systems, a complete shutdown of their business. While I’m usually not one to seriously consider predictions of any sort, I couldn’t help but give notice to Carol Rudinschi’s dark prediction on IIoT World which mentions the increasing chance for critical services such as power, water, and wastewater to be suspended in the manufacturing industry due to cyber attacks. Rudinschi says that these possible suspensons are because of the real-time interfacing and control influence over physical assets that this industries’ systems require. Many automobile companies across Europe including Renault, Nissan’s partner company, temporarily shut down following the cyber-attack because the Ransomware directly attacked their critical services. Manufacturers infected with ransomware face high motivation to pay a ransom in order to get their production floor back up and running since downtime and losses are often calculated by the minute. This only sets a precedent for cyber attackers to take advantage of manufacturers with deep pockets in their future attacks. It is important for manufacturers to build up their defenses against potential attacks like WannaCry since these cyber threats are only becoming more prevalent and dangerous. Below are four of the general best practices I’ve found to be effective in protecting your plant from these security threats: 1) Segmenting Networks Limit a Cyber Attack’s Impact Kirby Wadsworth, of CSIA Member Bayshore Networks, says, “As we have and continue to warn, industrial infrastructure is connected – in often unexpected and undocumented ways – to information technology infrastructure. Malware aimed at one can easily cross the boundary between IT to OT to reach the other.” Due to the IIoT, industrial systems are always communicating with each other and sometimes in ways we don’t want. It is vital to make certain only necessary communication is occurring between systems and that unnecessary communication is eliminated. Problems can escalate rapidly if you don’t know how your systems communicate. Segmenting your networks can help you understand how your systems communicate. Network segmentation splits a computer network into many subnetworks limiting the communication between each subnetwork through various security measures. By limiting movement across a network, segmentation protects against cyber-attacks because an intruding virus will not be able to spread to your entire system, only to the initial sub-network it infects. “Flat” networks, where many systems communicate without segmentation, can be easy for attackers to move through once they’ve gained a foothold. While not surefire, deploying internal firewalls between the segments on your network can help detect attacks in your system and prevent the spread of intruding viruses. 2) Updated Systems Decreases Vulnerability In many manufacturing environments, legacy code and sometimes outdated versions of Windows are still being used. Often, these systems have been running for several years with the same software packages without being updated. This is because many facilities have the mindset of “if it ain’t broke don’t fix it.” While updating systems and machines on a large-scale industrial environment can take months due to testing, assurance, and maintenance, it is critical to upgrade these machine software packages to a newer product. Malware creators are always integrating the latest system vulnerabilities into their malicious code hoping that they will be able to infect systems that have not yet installed a patch. If updating a system is not an option, as mentioned above, it is necessary to properly segment the specific system from other parts of your network so that if an attack occurs, the threat will not be able to spread from the legacy or outdated product to the rest of the facilities’ systems. 3) Educating Employees Keeps Operations Safe Since workers in a manufacturing environment may not be an expert in IT, training employees to be somewhat proficient with detecting potential malware is important to keep operations safe. Training employees to spot a malicious link or a suspicious email while accessing new content, sites and applications can go a long way in protecting against cyber threats. 4) Prepare for the Inevitable While having systems of defense in place to protect against cyber security attacks can keep your operations safe a large majority of the time, very few environments and groups can guarantee prevention from a ransomware attack. You must always be ready for an incident to occur by having a response plan ahead of time and practicing responding before you need to. This is just one more way to keep your critical systems and operations safe. How CSIA Can Help CSIA System Integrators are experts on protecting your networks, control systems, and manufacturing automated processes. They are able to help organizations develop more stable and secure networks through segmentation and implementation of firewall security. They provide reliable and automated system backups and protect your assets with a security information and event management (SIEM) installation. These protections detect, track down, identify, and eliminate threats before any harm is done to the systems. You can find a list of CSIA integrators who specialize in Cyber and Network Security here. This article couldn’t have been written without these informational sources: The impact of WannaCry on industrial control systems (ICS), IIoT World Cyber weapon Used in Ransomware Attack Was Created By NSA, The New American WannaCry and Ransomware: How Manufacturers Can Reduce Risk, Cisco 2016 CTAP Threat Landscape Report [PDF], Fortinet The WannaCry Wake-Up Call, Bayshore Networks Add a Comment Add a Comment Notify on new posts Add a Link Add a File Save Close × There are no items available to display.