Manufacturers must have robust cybersecurity as IT-OT convergence gains prominence

Manufacturers are increasingly integrating operational technology (OT) with information technology (IT) to enhance productivity and efficiency, enabling their leadership to make informed decisions. However, this integration exposes them to security risks, particularly cyberattacks. Many enterprises choose not to report data breaches and security incidents to protect their reputation and maintain customer trust.

In November 2024, ransomware group Hellcat breached Schneider Electric’s Atlassian JIRA servers, stealing 40GB of sensitive data. This included 400,000 rows of user information, 75,000 unique email addresses, and the full names of employees and customers. Hellcat demanded $125,000 in Monero, a privacy-focused cryptocurrency, in lieu of baguettes.

This incident underscores the critical need for robust cybersecurity and a strong cybersecurity strategy to address the IT-OT convergence and prevent similar future breaches.

HYSEA is bridging the gaps between the IT/ITeS industry and academia in Hyderabad

On November 28, 2024, the Hyderabad Software Enterprises Association (HYSEA), representing 90% of Hyderabad’s IT and IT-enabled services (ITeS) industry, partnered with Bosch Global Software Technologies (BGSW) to host a roundtable discussion on enhancing cybersecurity in OT for industrial manufacturing. The event took place at the BGSW Innovation Center in Hyderabad, aimed at fostering knowledge sharing and collective growth.

Photo: HYSEA’s ER&D forum members convened a roundtable with GCCs contributing to manufacturing industries. GE Vernova, BGSW, Eastman Chemical, IIIT Hyderabad (Smart City project), Micron, PWC, Hyundai Mobis, ZF, Plume, Stellantis, Honeywell, and Thermo Fisher Scientific participated in the roundtable.

The discussion focused on the OT environment, historical cyberattacks, and the critical need for comprehensive cybersecurity practices when integrating OT data with various platforms. These platforms encompass enterprise resource planning (ERP), IoT, and data, network, application, cloud, and endpoint security. The goal is to mitigate potential physical, financial, and reputational damage—both internally and externally.

Cybersecurity and change management are top priorities for large manufacturers

According to HFS’ Pulse survey conducted among Forbes Global 2000 companies (see Exhibit 1), key internal challenges are data security, and talent management.

Exhibit 1: Data security is the top internal challenge for industrial manufacturing companies

Sample: 46 large enterprises from manufacturing
Source: HFS Pulse Data, April 2024

Waterfall’s recently published “Threat Report for Manufacturers” revealed that around 68 cyberattacks caused physical repercussions for more than 500 manufacturing sites, resulting in operational disruptions and plant shutdowns. The countries that experienced the highest number of incidents are the US, Canada, and Germany, representing a quarter of global manufacturing output.

Prioritizing OT security is essential to safeguard against the ever-evolving cyber threats

OT and industrial control systems (ICS) security is essential for protecting the manufacturing process. These systems include programmable devices such as supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLC), remote terminal units (RTU), and distributed control systems (DCS), which manage and control physical processes in various industries. The goal is to ensure efficiency, reliability, and safety in operations, allowing the production of high-quality goods at lower costs.

As IT and OT networks converge, securing OT and ICS is essential to fend off cyber threats that can disrupt operations and compromise safety. The 2010 Stuxnet attack, which targeted Iran’s nuclear enrichment facility, was a significant turning point in cybersecurity. The Triton attack (aka Trisis or HatMan) targeted Saudi Arabia’s petrochemical facilities in 2017. It was a malicious attempt to compromise safety instrumented systems (SIS), which are designed to halt industrial processes in response to safety threats. Similarly, the attack on Colonial Pipeline disrupted the US energy sector in 2021. These attacks showcased advanced capabilities to disrupt critical systems with significant physical and economic impacts, emphasizing the need for robust safety and cybersecurity integration.

The Purdue model (see Exhibit 2) is a comprehensive framework for securing ICS and OT environments by dividing them into layers. This layered architecture ensures segregation and controlled access, reducing the attack surface for potential cyber threats. The model mitigates risks by establishing secure communication channels and implementing firewalls between levels, particularly for remote access and IT/OT integration—an increasingly common practice in Industry 4.0 and future Industry 5.0 environments. The Purdue model remains a critical tool for organizations to enhance resilience against evolving cyber threats.

Exhibit 2: Purdue Enterprise Reference Architecture (PERA)

Source: HFS Research; Scientific & Academic Publishing, Feb 2022

Manufacturers must surpass APT groups in adopting the most advanced technologies

The dark web is a hidden network where cybercriminals, hackers, and advanced persistent threat (APT) groups come together to share tools, exchange knowledge, and plan attacks. Often state-sponsored, APT groups are known for their sophisticated and long-term cyberattacks. These cyber actors typically wait up to 180 days to assess the effectiveness of their attacks on different systems before demanding a ransom.

It is important to recognize that the capabilities of these cyber actors are as advanced as those in IT and OT environments. The risk of zero-click exploits through supply chain attacks presents a significant threat, as demonstrated by the SolarWinds incident three years ago. In light of these challenges, experts have suggested several solutions for both IT and OT environments:

• The conversation on IT-OT convergence highlights the need for regular security audits, effective over-the-air (OTA) updates, and intense real-time monitoring.
• Encouraging collaboration among cybersecurity leaders and organizing knowledge-sharing events will help create a more secure environment.
• Establishing a “human firewall” is vital for implementing security practices tailored to OT. These differ from traditional IT strategies, and this distinction is crucial for legacy systems and the growing threats from APT groups.
• Zero-knowledge proof (ZKP) enhances the privacy of the IT/OT environment.
• Investing in regular employee training, updating the process flow, and strengthening cybersecurity practices are crucial for IT/OT environments.
• Conducting regular audits and integrating OT incidents into security information event management (SIEM) systems show a strong commitment to reinforcing cybersecurity across sectors.
• Identifying critical OT devices, including IoT and Industrial IoT (IIoT), is essential for security. Protecting these devices with micro cloud solutions can reduce exposure to the open internet.

The Bottom Line: Manufacturers must adopt a comprehensive, tailored, multi-layered approach to cybersecurity in OT environments—going beyond the reach of APT groups and cyber actors.

The convergence of IT and OT environments is crucial for enhancing productivity, efficiency, and decision-making for a company’s future. However, leadership must stay ahead of cyber threats to protect their machinery and technology systems. Implementing a robust cybersecurity strategy for IT and OT environments is essential. This process should begin with small machinery and scale up to the entire plant while integrating with the internal ecosystem—enhancing security and preventing financial, reputational, and physical damage to the enterprise.