OT threat detection and research benefits for manufacturers

Operational technology (OT) systems are in more danger than ever of being hacked and manufacturers have to step up their awareness. See four ways the OT cyber attack surface is increasing.

By Chris Vavra November 6, 2022
Courtesy: Chris Vavra, CFE Media and Technology

OT security insights

  • Attacks against operational technology (OT) targets are increasing and more devices and systems are vulnerable than ever.
  • Networks, people, supply chain and cyber-physical systems (CPS) are among the ways the cyber attack surface is growing and an intrusion can happen from any one of them because many vulnerable devices were created before the internet.

With the opportunity to improve manufacturing operational efficiencies through digital transformation, businesses are facing increasing cyber threats in their environments, now more than ever.

Attacks like SolarWinds, Oldsmar and Colonial Pipeline have garnered a lot of press attention, but there are many attacks that don’t get attention and the volume of operational technology (OT) attacks are increasing.

“The attack surface is growing. Connecting the devices is smart, but it has to be done in a smart and effective manner,” said Jeff Zindel, VP/GM of cybersecurity for Honeywell Connected Enterprise at Honeywell Connect in Orlando.

The damage done by a bad actor or because of an unaware employee are significant in the short- and long-term for companies.

Jeff Zindel, VP/GM of cybersecurity for Honeywell Connected Enterprise. Courtesy: Chris Vavra, CFE Media and Technology

Jeff Zindel, VP/GM of cybersecurity for Honeywell Connected Enterprise. Courtesy: Chris Vavra, CFE Media and Technology

Cyber incidents, Zindel said, can lead to production loss and quality issues as well as damage to a company’s brand and reputation, which could take years to recover from. He noted SolarWinds, which had a high-profile hack in late 2020, is still dealing with the repercussions from that attack. Other long-term effects include significant unplanned labor, overtime and idle equipment costs. Insurance coverage can be denied for a company and there could be fees and lawsuits against the company due to negligence or non-compliance. This is especially true, Zindel said, if people are hurt or killed due to a cyberattack.

Four ways the OT cyber attack surface is increasing

The Industrial Internet of Things (IIoT) has made it possible to connect more devices, which allows engineers to gather more information than ever. That information can be delivered to a control room or a user’s phone through an app.

Operational technology (OT) cybersecurity is growing in importance as they are subject to more cyber attacks. Courtesy: Chris Vavra, CFE Media and Technology

Operational technology (OT) cybersecurity is growing in importance as they are subject to more cyber attacks. Courtesy: Chris Vavra, CFE Media and Technology

The increased flexibility and knowledge is a good thing, but all these devices are potentially at risk of being hacked. Zindel cited four ways the OT cyber attack surface is increasing.

  1. Networks. There’s been a large increase in the number of insecure, unmanaged Internet of Things (IoT) devices with connections to OT systems. There’s also a lack of effective segmentation between OT and information technology (IT) networks and unmanaged firewalls.

  2. People and physical systems. Zindel said employees, contractors and vendors can introduce malware by bringing in laptops, tablets and USB devices to the site. While it might be easier in theory for someone to bring in their own device, it isn’t necessarily safer.

  3. Supply chain. The supply chain is at risk and can be compromised through malware introduced and distributed through legitimate software. The bad actor can comprise and hijack systems by doing something as small as altering keyboards so they contain attack hardware.

  4. Cyber-physical systems. Hackers will often go after soft targets that might not be considered a top priority. It can be something as simple as an endpoint sensor that can be manipulated and compromised. Many devices on a manufacturing floor, after all, were designed before the internet and weren’t created with cybersecurity in mind.

It isn’t just bad actors, Zindel said, who can do damage. A reliance on contractors and end users due to the skills gap means outsiders can bring in malware by accident without intending to at all. Awareness is critical, but companies can do their part by starting small and being vigilant.

Chris Vavra, web content manager, Control Engineering, CFE Media and Technology, cvavra@cfemedia.com.


Author Bio: Chris Vavra is the web content manager for CFE Media.