This article was written by Lisa McGarvey, Director, Solution Development and Vertical Markets, North America at TD SYNNEX.
Recent cyberattacks on the Colonial Oil Pipeline and JBS meat processing plant didn’t only teach us one lesson about how critical data and network security is to industrial and manufacturing enterprises — they taught us several lessons.
Perhaps most importantly, it taught us that cybercriminals can overcome and penetrate multiple layers of protection. Both of these attacks began with “phishing” emails that tricked users into clicking a weblink or opening an attachment that then cut a straight path through their network defenses and opened the door for a total ransomware exploit.
If these two companies had intrusion prevention systems (IPS), they failed. If they had threat hunting provisions, they failed. It’s unlikely they had their networks properly segmented to isolate each operational department, so that failed. Even the firewalls they almost certainly did have in place failed. And so, the cyberthieves accessed core data storage and encrypted the data with their own key.
This left Colonial and JBS unable to access or use the critical data that runs their companies, and it kept them helpless for weeks while they tried to negotiate the ransoms down.
These were back-office attacks, entering where the companies do their usual business operations. Just like any other company, manufacturers need the full multi-layer approach to data and network security, including threat hunting, authentication and authorization, IPS, network access control (NAC), anti-malware, anti-virus, firewalls data backups, and data encryption in transit and at rest in storage. Channel partners who aren’t offering a complete end-to-end security solution are shortchanging their customers and themselves.
Design & Development — Manufacturers have additional exposure in their design and development departments where all their intellectual property (IP) is created and maintained. Thieves value this data highly, as do the companies. The endpoint devices the product designers use to access their work are probably the most vulnerable point of entry for cybercriminals and must be carefully and comprehensively protected.
Factory Floor — Today’s factory floor was built for production, not cybersecurity and is often rife with security vulnerabilities. Industrial Internet of Things (IIoT) technologies and techniques have found broad acceptance and application in all kinds of factories. IIoT sensors monitor activities that used to be watched by people. IIoT controls work with those sensors to automatically make critical adjustments required as work proceeds. Event-driven-architecture enables the completion of a task by one machine to trigger the start of the next process by another machine. All these sensors and controls may connect to locally deployed routers and servers for processing and eventual interaction with the core network.
Most manufacturing machines today are controlled by Industrial Control Systems (ICS) which are responsible for machine operation. Originally, ICS were custom-built for the environments they were going to work in. Attackers would first have to figure out how those systems were designed before they ever had chance to attack them.
Over the past few years though, most have been moved into industry-standard x86 computers. Now attackers can use the same weapons and malware to attack ICS that they use to attack any other system.
Product Distribution — Once a factory completes the manufacture of products, they must be shipped out to distributors, retailers, and other sales outlets to be sold to consumers. This supply chain is also extremely susceptible to attack. TFI International, one of the largest trucking and logistics companies in North America, was targeted in a ransomware attack. The ransom was in excess of $6 million, according to Freightwaves. The flow of electronic data interchange (EDI) required to process orders, once compromised, can be completely disrupted, stopping transactions in their tracks.
Channel partners are ill-advised to see security as a “point-solutions” opportunity. A complete data and network security solution comprises a variety of layers of integrated products along with the consulting, design, deployment, integration, and ongoing service and support programs required to keep everything fully updated, patched, and operational.
Be sure to check off each step on this list:
IT Hygiene is accomplished by adhering to a well-defined set of best practices that begin with gaining visibility into several key data sets:
What assets are on the network? You must be able to see exactly which assets are on your network, including any device that is interfaced to the network in any way. This will keep you informed on every device you need to proactively manage and will also alert you should any unauthorized device suddenly appear.
Has the network been exposed to new vulnerabilities? The sooner you see an attack occurring on your network, the sooner you can respond to it and stop or mitigate it.
Are patches on all systems fully up-to-date? Many patches are released to improve security or resolve discovered vulnerabilities. These must be deployed upon release but must also be evaluated by your IT department prior to deployment. High quality policy development leads to high-quality rapid patch evaluation and deployment.
What applications are running? Are they properly configured and deployed? Whether in the back office, on the factory floor, or in the flow of order transactions, every application in use must be monitored, supported with optimal resources, administered properly, and protected against attack. The first step to accomplishing all of this is knowing that each application is there and running. The second is assuring that they are properly configured within your established policies.
How quickly can a threat be identified, isolated, and remediated? Security experts must always feel the need for speed. When under attack, time is of the essence. Technologies deployed to identify attacks and tools in place to stop them must be tightly integrated to minimize response and resolution time.
An ounce of prevention is definitely worth a pound or more of cure. Here are some ways to prepare in advance and mitigate the impact of any possible attack:
Data Backup — Attacks like those executed on Colonial Oil and the JBS meat processing plant were designed to deprive those companies of access to their data. Had they had very recent backups of their data available, they would not have had to pay the ransoms. They could simply restore that recent backup, re-double their security vigilance, and continue operating.
Today’s data backup best practices begin with off-premises backup, so there are at least three copies of all data on at least two different media and at least one off-site. This is often referred to as the 3–2–1 Rule, and it is critical to mitigating risk of data compromise.
Be sure to check with your cloud data backup provider to assure that a copy of your data is replicated on storage that is air-gapped, not connected to the network where attackers can corrupt it too. Just as they can encrypt your live data, many attacks also encrypt your backups.
Staying Current — Keeping everything updated is also a critical risk mitigation best practice. Each release of server and endpoint operating systems (OS) have an end-of-support date after which security and other patches are no longer released for them. Cybercriminals seek out those who are running out-of-date OS versions because they know they’re unpatched against new threats and very vulnerable. It may seem more cost-effective to keep equipment running well past its useful life or depreciation horizon, but it’s a false economy. As soon as they are attacked, the cost of this shortsighted approach becomes all too terribly clear.
Network Segmentation — Just as different operations within a company are housed in separate offices, network operations should always be segmented into virtual local area networks (VLAN) so it becomes difficult for any attack to spread.
Cyber Insurance — As with any financial instrument, care must be exercised in vetting and evaluating cyber insurance providers. Some may require you to use their choice of service delivery providers, which often can be far inferior to your preferred choice. Some may include highly stringent conditions that all but eliminate any chance of collecting on claims. You will find some who provide excellent, responsive coverage.
The important takeaway is that securing manufacturers’ operations represents a broad host of opportunities for channel partners who pursue it properly. While some security is better than no security, the reality is that security is only as strong as its weakest link.
Serve your customers best by recommending a comprehensive approach to security at every stage and every segment. Should they have challenges affording this, talk to your TD SYNNEX representative about funding opportunities that enable your manufacturing customers to enjoy the full security experience they truly need.
For more information on TD SYNNEX IoT and Security solutions, please visit https://techdata.com/iot and https://techdata.com/security.
The Update by TD SYNNEX is your source of insights and thought leadership for the tech channel, focusing on the next generation of technologies, such as cloud computing, IoT, analytics, 5G and security.
