Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Ignore manufacturing and operational technology security at your peril

Mark Thomas

Group CTO Cybersecurity, Dimension Data

Follow on LinkedIn

Explore the latest cybersecurity developments

Discover how the latest security threats are impacting on specific regions and vertical markets.

Get the insights here

Security research in general makes for exciting and sometimes unnerving reading. But even by those standards, the manufacturing sector and operational technology (OT) domain stand apart due to interesting changes that speak to the growing complexities of the modern world.

The age of overlaps

One of the most interesting trends in the current age, and a hallmark of Industry 4.0, is the increasing prevalence of overlaps between different domains. IT has evolved from its traditional parameters to a confluence of PCs, mobile devices, consumer-friendly Internet of Things (IoT) devices and OT systems and devices. The growth of modern IoT devices is creating a larger attack surface for adversaries.

But crucially, the threats that plague the IT space are now stepping into the OT and IoT arenas, exploiting the overlaps that have emerged, as business’ appetite for technological innovation demands to be satiated.

A hallmark of Industry 4.0, is the increasing prevalence of overlaps between different domains. Read more @Dimensiondata Tweet this

Integrity at stake

A central challenge is that the three areas are quite different. Traditionally, IT’s primary focus is confidentiality followed by integrity and availability. OT is firstly about availability, then integrity and confidentiality. IoT is also foremost about availability, but then confidentiality before integrity. Threat adversaries also target the three for different reasons: attacks on IT are foremost motivated by monetisation, such as the data stolen, whereas OT is usually targeted to disrupt services and IoT is hunted in order to gain control over ecosystems.

Such divergent priorities and threat profiles makes it difficult to create effective security responses that the entire business can understand. While good habits have settled in IT, practices such as patch management and legacy integration are now haunting the OT space. While IoT breaches make the news headlines, OT is increasingly also being targeted and successfully breached. Since more and more of OT and IoT are crossing lines with IT, while cultures have been lagging, it means that adversaries are able to transition from the more comprehensively secure IT space to its less thorough neighbours.

This triangle of relationships can apply to many sectors but it’s of particular interest to manufacturing, where OT and IoT have been around for decades.

The state of manufacturing

At a glance, security statistics in our Executive Guide to the NTT Security 2018 Global Threat Intelligence Report (GTIR) might seem contradictory. Attacks on manufacturing in the APAC region are down, so are attacks on manufacturers from the Americas. Yet attacks in Europe and Japan have gone up. Manufacturing is currently the most targeted sector in Japan .

Attacks on APAC manufacturing interests have gone down due to a combination of improved security practices and a shift of focus from adversaries toward other markets. The Americas also saw a decline, likely due to a push for better compliance and governance. This includes more security compliance demands around critical infrastructure, much of which often fall under manufacturing interests.

Yet Europe and Japan cannot be accused of lagging in similar standards, so why are they being targeted more often? One reason is the shift in Chinese manufacturing interests. China’s manufacturing base has matured considerably and is eager to compete at a higher level. This is clear from the rise of acquisitions and investments in the European sector by Chinese business interests. Consequently the IP and trade secrets locked inside European and Japanese manufacturers are very attractive.

Though attacks are still happening on emerging manufacturing sectors, criminals are looking for better prey in the manufacturing world that can deliver more lucrative results. This is evident from the higher sophistication of attacks. In Japan there is a definite evolution from reconnaissance activities to the more sophisticated monitoring of devices and data on networks. Likewise, both Japan and Europe have seen a rise in sophisticated malware and phishing attacks. Trojans/droppers account for 62% of malware compared to 25% globally, and five times the percentage for the APAC region, according to the NTT Security findings in the GTIR.

OT has become the sought-after space that adversaries want to breach. Once attackers gain access through IT systems, they attempt to reach OT environments that are less segmented and secured. There they can deploy keyloggers and other spyware, as well as change configurations on devices. These are long-play strategies, associated with prolonged adversarial campaigns designed to steal company information for other parties.

OT has become the sought-after space that adversaries want to breach. Read more @Dimensiondata Tweet this

Taking on the new threats

Foremost, the OT space needs to mature. IT practitioners have been more diligent about security practices, such as patch management and device hardening. OT environments never had quite the pressure from security threats to do the same. But now that industry 4.0 complexity has bridged the gap between OT and the rest of the world, that has all changed.

A persistent problem here is that the business is often unaware of threats that come with the technologies fuelling their innovation. Companies want to reap the rewards of innovation in exchange for sacrificing security operations. That being said, the picture is changing. Cybersecurity education, as well as the oft-lamented argument that the entire leadership sphere should be vigilant about cybersecurity, is showing results. More work needs to be done, but at least the message is clear: security is everyone’s responsibility.

The current sticking point is a lack of collaboration between stakeholders. This is a familiar point, but fits succinctly with the IT/OT dynamic. OT environments already have many technical experts, albeit not many are from the IT world. Technical silos persist and have to be broken down if OT environments are to adapt security practices of the IT world.

Security is a three-way conversation between IT, OT and other business stakeholders. They need to cooperate, sharing information and understanding who the data owners are, as well as what the OT programme’s purpose is for business objectives. The right governance, metrics and alignment need to be in place to get the right outcomes.

Another area that more mature manufacturing sectors need to strengthen is their ability to detect anomalies. As explained earlier, the adversaries targeting mature manufacturers are playing the long game. They could be in networks for months, even years. Unlike a ransomware attack, which is swift and evident, attacks that rely on siphoning valuable information prefer to be undetected.

Security is a three-way conversation between IT, OT and other business stakeholders . Read more @Dimensiondata Tweet this

Areas to focus on:

  • Implement an effective patch management strategy for OT environments.
  • Ensure there is configuration management so that devices are secured by default and by design.
  • Monitor for changes in devices and network behaviour to spot any unusual activities, coupled with a threat detection strategy to detect if something goes wrong.
  • Develop incident response strategies around various scenarios that can happen, such as an executive’s credentials being targeted through phishing attacks.
  • Continue to educate various stakeholders, the board and leadership as well as OT personnel, about the evolving threat landscape, and campaigns targeting the industry / sector.

Threat intelligence alerts!

Gain insight into the latest threats that could impact your organisation. We have insight from 40% of the world's internet traffic

Subscribe here

Related content


How we can help you

Managed security services

We offer consistent services to manage and optimise your security infrastructure.

Read more

Ransomware protection

Predictive cybersecurity protection to help you prevent, detect, and contain ransomware before it’s too late.

Read more

Security advisory services

We formulate processes and policies to help ensure that your business is fully compliant.

Read more

Careers at Dimension Data

Be part of our global team of cybersecurity experts.

130x60