Factory Compromised by a Cyber Attack? What Now?

Ryan Spurr

In Q3 2020, one of the world’s largest furniture manufacturers experienced a ransomware attack affecting operations for nearly two weeks. The frightening truth is that this isn’t an isolated event, but a developing trend in manufacturing. With 74% of operational technology (OT) professionals having experienced breaches over the last 12 months, our realities have shifted from potential risk, to a near certain security risk being realized with OT infrastructure. With a growing attack surface and increasing threats, what are manufacturers doing to align organizational resources and mitigate the possibility of a cybersecurity event?

Typical Operational Technology BCDR Challenges

The first real challenge for manufacturers is the idea of cost savings vs. cost avoidance. Let’s be honest, business continuity and disaster recovery (BCDR) is all about risk. As with most cost sensitive, value-add minded manufacturers, we don’t always wake up to the risk levels and potential impact of cybersecurity events until they happen. It’s not that we don’t invest in security, it’s just that we haven’t taken it as far as we should and more specifically, into OT.

The good news is that 61% of manufacturing executive leaders now recognize these risks and are working to resolve cybersecurity as part of their overall technology investment strategies. This opens the door for the organization’s disparate departments to align on common goals and implement long awaited infrastructure and organizational change holding manufacturers back.

The second challenge for manufacturing is downtime. While the cost of downtime is diverse depending on the subindustry, surveys have shown downtime events to cost as much as $260,000 per hour. Whichever way your company defines and prices out downtime, it seriously disrupts operations’ ability to deliver product and distracts all support resources from more productive activities.

A third challenge is data protection and recovery. With any event, there will be some downtime to restore operations. Without successful automated backups, however, there may be nothing to restore—turning what should be a routine recovery into a worst-case event. 75% of IT managers could not restore all of their lost data from backups. It’s no longer enough to just have a policy and procedure—it’s important to ensure it’s implemented, automated, tested, and dependable.

What Steps Are Manufacturers Taking?

With leadership support and broad industry awareness, security minded organizations are addressing the following as they develop successful industrial BCDR programs:

Recognize OT and IT Differences—It’s important to understand there are major differences in technology, protocols, skillsets, and general business needs from what IT is typically accustomed to. Keeping this in mind enables organizations to come together and implement BCDR solutions that meet both OT and IT, and better prepare the organization.

Take Inventory—Most organizations do not have full visibility into the wide range of operational technology in the factory, warehouse, and research labs. Most IT BCDR solutions are designed for modern or “in support” technologies. Taking stock of all the technology enables teams to assess where risk exists, age of infrastructure, and aid in the start of an action plan. 

Tailor Policy and Procedures—Most BCDR policies and procedures were introduced with enterprise business systems and typical enterprise office-worker environments. As a result, these policies do not take into account the complex heterogeneous nature of OT environments. Policy drives everything, including culture, decision-making, and budget. Accommodate OT infrastructure into your BCDR policies to accelerate security adoption and accountability within OT.

Invest in Necessary Skillsets—As with any risk program, education is an important element of business change. Ensure that IT and OT personnel understand each other’s domains, the business and technology risks, and invest in skillsets that allow teams to implement smarter security hygiene in the future.

The Solution

When it comes time to assessing solutions that will protect and minimize risk for manufacturers, consider the following:

  1. Support for End of Life or Wide Range of Operating Systems
  2. Automated Backups
  3. Fast and Simple Restoration
  4. Bare Metal or Dissimilar Hardware Restoration
  5. Off Host Backup Management
  6. Ability to Scan and Detect Backups (aka, get more value out of your backups)

Remember that the solution will be utilized to protect and recover industrial equipment. Make sure your solution can support a diverse range of technology, recovery to bare-metal, and a quick restoration process. It’s also important to take into account which job roles will be a part of implementation and restoration. Consider solutions that allow both OT and IT individuals to participate. 

It’s Not Just About Security Events

While cybersecurity is top of mind, realize that business continuity isn’t just about cybersecurity events. I’ve seen enough examples to know that other events can impact operations beyond catastrophes or cybersecurity. Human error, patching failures, third-party modifications, and even hardware can lead to downed machines. While the root cause may be different, the same remediation efforts will be put into motion.

Having a robust industrial business continuity and disaster recovery program in place will help in the event of a major cybersecurity breach, and pay dividends in other, equally likely, everyday events. 

To learn more about how Connection supports our manufacturing customers with broader industrial and IT security challenges, reach out today.

Ryan Spurr is the Director of Manufacturing Strategy at Connection with 20+ years of experience in manufacturing, information technology, and portfolio leadership. He leads the Connection Manufacturing Practice, go-to-market strategy, client engagement, and advisory services focusing on operational technology (OT) and information technology that make manufacturers more digitally excellent.