Skip to main content

Article

Mitigating cyber risks in industrial control systems

Manufacturers are intensifying their cyber risk footprint as automation and connectivity grows in production lines.

Engineer check and control welding robotics automatic arms machine in intelligent factory with monitoring system software. Digital manufacturing operation. Industry. Generative AI

Manufacturers are intensifying their cyber risk footprint as automation and connectivity grow in production lines.

Automation systems or industrial control systems (ICS) are becoming increasingly important among manufacturers seeking improvement in production output or throughput. ICS can provide heightened product quality through consistency of manufacturing or increased efficiency. Cost savings can also be achieved by minimising energy usage, decreasing manufacturing carbon footprints, and minimising labour requirements.  

ICS systems are rapidly becoming more interconnected with the external worldwide web; the use of various control systems and control devices is strengthening this trend.  Algorithms, device communication, and interconnectivity sophistication throughout the network have improved between manufacturing machinery and soft logic control. However, the increased connectivity transforms the risk profile for ICS systems that have generally only been installed on standalone machines or connected only within single factory floors.

Increasing use of technology brings changes to the risk environment

ICS systems can be vulnerable to cybersecurity risks. The following examples demonstrate the operational disruption and severe impact cyber-attacks can cause:  

  • A Japanese automotive factory was forced to shut down due to the ‘WannaCry’ ransomware virus. The production of 1,000 units was subsequently disrupted.[1]
  • Predatory Sparrow, a hacking group, claimed responsibility for an attack that started a fire in an Iranian metals product plant. The fire caused molten metal to spray across the steel factory floor from a compromised machine.[2]
  • A vulnerability in a company’s firmware utilised in a customer’s industrial manufacturing plant allowed hackers to introduce malware into the plant due to flaws in its security procedures that gave access to some of its stations, as well as its safety control network. The hackers had apparently intended to manipulate the layers of built-in emergency shutdown protocols to keep the system running while they bored deeper into the system and gained more control. [3]

Other IT or non-ICS cybersecurity incidents that trigger business disruption further expose potential vulnerabilities between dependent IT and ICS environments. Production facilities, such as an aluminium producer[4] or an oil pipeline[5], have been victims of recent ransomware attacks. Furthermore, the WannaCry ransomware variant that forced the shutdown of a semiconductor’s chip-fabrication factories[6], displays the havoc cyber-attacks can wreak on major global technology companies. This pertinent example could be a catalyst for manufacturers to consider their supply chain dependencies.

Potential areas of risk for ICS systems

  • Access management
    • Insecure passwords.
    • Integrating legacy systems or standalone control systems into the wider network, exposing an inherent lack of security protocols.
    • Management control and monitoring of vendors and all third parties access to parts of the ICS system.
    • Connectivity to wider organisational systems such as financial, procurement, maintenance, asset management and other corporate systems. Poor firewalls and network segregation give the potential for third party access to ICS networks via IT systems.
    • The connectivity of the ICS system and IoT equipment to the wider internet expose potential vulnerabilities.
  • System updates
    • Irregular software updates and patch management to minimise production disruption.
  • Communication – messaging/transmission
    • Non-encrypted communication.
    • No device authentication (i.e. connecting an IoT device to networks without authorisation or authentication).

Risk considerations, controls, and mitigations

Manufacturing organisations should consider the following when constructing ICS systems:

  • Review current security architecture to identify gaps.  Where possible, upgrade systems to more secure versions and standards.
  • Update passwords and consider changing factory-set usernames and passwords. Enforcing strong password security practices is crucial, such as mandatory complex 14-character plus passwords or password vaults.
  • Consider limiting the number of privileged accounts (including third-party, vendor management and access). Enabling the use of multi-factor authentication (MFA) for network access is also a positive step.
  • Identify the ICS network connectivity into non-ICS networks and domains such as corporate systems and the external web.  Review whether a connection is required, and if so, ensure security such as firewalls, network segregation, transmission encryption, and access management are installed.
  • Implement (where possible) network monitoring, event logging, alerting, and automated response solutions.
  • Before implementation, review the potential cyber security gaps or flaws of emerging and new technology. Network architectures and communications protocols are good examples of this, as well as ensuring that security controls have been independently reviewed and tested.
  • Identify key supplier dependencies and assess their cyber risk profiles.  The organisation could implement mitigation and contingency plans in the event of supplier failure, as well as requesting suppliers improve their cybersecurity posture.
  • Identify key customers to implement mitigation and contingency plans that limit liability and reputational damage, to both the organisation and its customers in the event of a cyber-attack.
  • Cybersecurity training and awareness. Employees are often the first line of defence. Providing staff with regular training and awareness programmes to identify, report, and take necessary precautions to protect against cyber-attacks.
  • Ensure incident response plans are established with sufficiently trained personnel for all operations. Plans should be reviewed, tested, and simulated on a minimum annual basis.

The rapidly shifting technology environment coupled with increasing sophistication and connectivity of industrial control systems, requires manufacturers to consult with their advisers to ensure cybersecurity risk controls have been established.  Current architecture should also be analysed. Potential risks must be mitigated and viable, and progressive roadmaps should be formed. Best practices must be in place to reduce any impact from a cyber event.

Thank you to Chris Beh for contributing towards the content. If you have any questions please contact us


References:

[1] Cyber Attack At Honda Stops Production After WannaCry Worm Strikes

[2] Predatory Sparrow: Who are the hackers who say they started a fire in Iran?

[3] Menacing Malware Shows the Dangers of Industrial System Sabotage

[4] Hackers hit Norsk Hydro with ransomware. The company responded with transparency

[5] Colonial Pipeline boss confirms $4.4m ransom payment

[6] TSMC Chip Maker Blames WannaCry Malware for Production Halt

Related insights

LCPA 23/158

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”