In industrial environments operating 24 hours a day, unplanned downtime keeps plant managers awake at night. Avoiding onerous operational disruptions is a strong reason for manufacturers to consider the cyber implications of the convergence between information technology (IT) and operational technology (OT).
Here are the main takeaways from this article:
Industrial downtime happens when manufacturers are not operating at their expected levels. Production interruptions can be divided into two categories:
Planned downtime refers to interruptions scheduled in advance, usually for maintenance, adjustments or product changeover. Examples include planned periods in which the production stops to tune up machinery.
Planned maintenance and equipment inspections are often considered crucial to reducing the chance of unplanned downtime. According to a study conducted by Forrester Consulting on behalf of IBM, unplanned downtime costs 35% more per minute than planned downtime.
Unplanned downtime refers to unexpected incidents that can cause the production line to stop for an undetermined amount of time. Common examples include equipment or system failure, human error and cybersecurity incidents. Lack of personnel to cover shifts or materials can also contribute to interruptions in production.
In a manufacturing environment, accidentally unplugging a cable can disrupt production and lead to costly downtime. A single engineering workstation experiencing the dreaded blue screen of death can also cost tens of thousands of dollars in missed production.
Take the example from the steelmaking industry, where a computer operates the spectrometer robot, which analyzes the chemistry of the steel batch. If the computer crashes, the whole production line goes down because the product quality cannot be assessed.
Downtime is a common occurrence in all businesses and has a clear impact on their bottom line. According to a Vanson Bourne global study, 82% of companies have experienced at least one unplanned downtime outage over the previous three years. In the manufacturing industry, downtime disrupts the production line and causes a domino effect on the supply chain.
As per another study, industrial manufacturers lose $50 billion annually due to unplanned downtime. The cost of downtime is often associated with the loss of production.
Manufacturers in sectors such as food, beverage and infrastructure often run 24/7. Stopping production can have consequences for business partners and consumers. Missed production can result in service disruptions, product shortages and price hikes. Those outages also risk the trust and confidence of customers and employees in the organization.
As Gartner notes in its Market Guide for OT Security, building operational resilience is a top priority for organizations in the post-pandemic world. Investing in OT security is critical to support those efforts and ensure industrial continuity.
The rise of cyberattacks against critical infrastructure and manufacturing operations has reinforced the need to strengthen cyber defenses to avoid downtime. According to a study conducted by Forrester Consulting on behalf of Armis, 66% of manufacturers had encountered an IoT-related security incident in the previous two years. The report also indicates that 84% of the surveyed IoT security leaders are concerned about external hackers, and 80% are worried about viruses, network worms, and other malware threats (80%).
With IT/OT convergence and the proliferation of the Internet of Things (IoT) devices in industrial environments, there has been an increase in the threat surface. Attacks are growing in scope and sophistication.
These high-profile attacks, among others, show the importance of cybersecurity to operational resilience and business continuity:
Bakker Logistiek. The food-logistics firm was attacked and took six days to get their operations running again, causing cheese shortages in supermarkets across the Netherlands.
Protecting industrial environments from cyberattacks in the Industry 4.0 era has its own challenges. OT and IoT devices cannot be secured with traditional security tools because they are:
Armis’ research shows that companies only see an average of 60% of the devices in their environment. To ensure comprehensive asset and network visibility, industrial organizations need to deploy agentless monitoring tools that offer real-time passive monitoring.
Your security solution needs to be always on. All communication pathways, including WiFi, Bluetooth and Ethernet, need to be continuously monitored.
Methods such as network access control (NAC) are insufficient to secure industrial environments. NAC only decides what devices should and should not be on the network, but it is not designed to monitor the behavior of devices. In other words, it lacks context. Industrial environments also require a security solution that knows what is expected from each device and can take action if it starts to behave abnormally.
The Armis Agentless Device Security Platform can discover all assets in your environment, both managed and unmanaged. It then performs a risk assessment to identify all vulnerabilities and threats – critical to developing policy enforcements as part of a mitigation plan. The Armis platform understands the context of each device and, thanks to our Device Knowledgebase, can identify if any anomaly occurs.
Asset discovery methods are divided into passive and active. It’s worth clarifying that there is no such thing as “passive scanning” because scans are active tools that probe your network, which can be dangerous in sensitive OT environments due to the risk of disruptions.
The Armis platform doesn’t perform active scanning. Our approach is what we refer to as “passive listening” to emphasize that we are monitoring it quietly, only listening to traffic without causing disruptions to users, systems and machines.
The first step to increased cybersecurity is to raise awareness and compliance with proper cybersecurity controls. Organizations need to better train employees about the cyber implications of their activities and minimize the risk of breaches with bottom-line impact. As per the Vanson Bourne study, user error is a more common cause of unplanned downtime in the manufacturing industry than in other sectors.
Asset discovery and inventory are critical to OT security because organizations need to know what devices and connected systems they have in their networks and what their vulnerabilities are. Your security solution should be agentless because OT and IoT devices cannot accommodate security agents.
For effective threat detection, your OT security solution should continuously monitor the devices and traffic in your network. Do not deploy vulnerability scans because they are intrusive, and OT systems and devices are sensitive. The best approach to avoid crashes or any negative impact on performance is to monitor devices and traffic in your network or airspace with a passive tool such as the Armis platform.
Network segmentation is a good practice to prevent attackers from moving laterally in your network and causing more damage. It’s crucial to have real-time policy enforcement and automated remediation to isolate devices, trigger alerts and initiate software updates in case an anomaly is detected.
The Armis Agentless Device Security platform can automatically generate segmentation policies for certain devices to minimize risk exposure. Book a custom demo to discover how to detect and mitigate cyber threats with our platform.
Check out all IT OT Convergence Playbook Chapters:
Sign up to receive the latest news