Cybersecurity and Digitalization: A Cautionary Tale

Digital transformation across the industrial sector has been a work in progress for years, but the push to increase connectivity from the executive suite to HR and accounting to the manufacturing floor is becoming even more acute.

It only makes sense, as digital technologies can drive improved quality control, boost efficiency gains, reduce costs, enable better environmental controls, and create a stronger, more quality product. Not only is digitalization changing the stigma of manufacturing being a musty old environment, but it is also turning the sector into a glistening new workplace employing state-of-the-art technology that allows organizations to take on any competitor across the globe.

As these benefits allow for improved efficiency, faster decision-making, increased equipment uptime, improved supply chain management, reduced errors, faster turnaround times, and decreased costs, the key ingredient to this digital recipe is cybersecurity.

“Digitalization is rapidly expanding, making cybersecurity an essential backbone for sustaining digital enterprises,” said Dewan Chowdhury, chief executive and founder of cybersecurity provider, malcrawler. “The recent Microsoft-CrowdStrike incident highlighted the potential risks of an unsecured digital environment.”

The scenario leading to the Microsoft-CrowdStrike incident had the CrowdStrike Falcon sensor delivering artificial intelligence (AI) and machine learning to protect systems by identifying and remediating advanced threats. In February 2024, CrowdStrike introduced a new sensor capability. On 19 July 2024, a Rapid Response Content update went out to certain Microsoft Windows hosts with the new capability first released in February, CrowdStrike officials said. The sensor expected 20 input fields, while the update provided 21 input fields. In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash that affected 8.5 million computers globally and cost companies $5.4 billion.

“While this particular issue resulted from an internal error, it raises concerns about the consequences if an attacker deliberately seeks to cause harm,” Chowdhury said. “This situation demonstrates the critical need for integrating people, processes and technology to enhance cybersecurity in the digital age.”
 

Multiple threats

With increased connectivity in the digital environment, there are more opportunities for threat actors to hit manufacturers with multiple types of attacks including terrorists, hacktivism, supply chain disruption and ransomware.

To that end, one ransomware attack on a German bicycle maker halted production, invoicing and deliveries for three weeks. According to a report in the ICSSTRIVE.com incident repository, disrupted supply chains meant required parts did not arrive so workers could not assemble and deliver the bicycles. As a result of the attack, the company filed for bankruptcy.

While there are plenty of reasons why a company might go out of business, many factors can come into play. Some of these include having a digital environment moving forward with a lack of qualified cybersecurity professionals; problems with elements like artificial intelligence (AI), machine learning, training, education, planning, or even cloud computing could be a cause.

“The age of digitalization, including machine learning and AI is here,” said Mark Carrigan, senior vice president of process safety and OT cybersecurity at Hexagon. “The current and potential benefits these technologies can provide are compelling and will transform how we conduct business.”

With digitalization here to stay, security experts across the board can’t stress enough that having the right people, processes and technologies in place is vital. “Combining skilled personnel, effective processes, and advanced technology is crucial for bolstering cybersecurity,” Chowdhury said. “The shortage of qualified cybersecurity professionals poses a significant challenge. In response, organizations must rely more on artificial intelligence to automate threat detection and response. AI can analyze vast amounts of data quickly, identifying potential threats and mitigating risks, thus compensating for the lack of human resources.”

Creating cyber-skilled workers

The skills gap is a huge issue with an average of 3.4 million industrial cybersecurity open positions globally with more than 410,695 of those jobs in the U.S. alone, according to a report from (ICS)2, an international nonprofit membership association focused on inspiring a safe and secure cyber world.

Cyber education is one aspect continuing to grow to help fill that gap. (See “Adding ‘Industrial’ to Cybersecurity Education elsewhere in this issue.) Indeed, new programs are earning funding from multiple agencies to help bolster the workforce.

Arizona State University’s School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering just earned a two-year, $4.5 million grant from the U.S. Defense Advanced Research Projects Agency (DARPA) to establish an institute that will develop national and global cybersecurity educational standards and curriculums designed to address critical workforce shortages.

The University of Texas at San Antonio (UTSA) created a new college dedicated to AI, cybersecurity, computing, data science and related disciplines.

A cybersecurity scholarship program is also starting up at the College of Engineering and Computer Science at Florida Atlantic University (FAU) since it received a $2.6 million grant from the National Science Foundation (NSF).

In addition, grants worth approximately $200,000 addressing the nation’s shortage of skilled cybersecurity employees will be awarded to 18 education and community organizations in 15 states. These grants are a part of the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) program that awarded cooperative agreements of nearly $3.6 million to build the workforce needed to safeguard enterprises from cybersecurity risks.

According to the U.S. Department of Homeland Security, cybersecurity threats to critical infrastructure are one of the country’s greatest strategic risks. Grants and awards have increased due to this. The Internet Crime Report, compiled annually by the Federal Bureau of Investigation, charts growth in cybercrime, noting a record number of complaints in 2023 with $12.5 billion in reported financial losses.

Employee training

Continuous training and education for employees also plays a vital role in maintaining a strong cybersecurity posture. “A well-informed staff can recognize and respond to potential threats more effectively, reducing the likelihood of breaches caused by human error,” Chowdhury said. “As technology evolves, ongoing education ensures that employees remain up to date with the latest security practices and tools.”

Part of that ongoing education is evolving from the continuing convergence of information technology (IT) and operational technology (OT) systems and knowledge. “Applying these digital techniques to the OT world, whether to improve productivity, insights, or cybersecurity, will be more difficult than in the IT world,” Carrigan said. “The reason is there are key differences between IT and OT that will not change anytime soon.”

Carrigan indicated that these differences relate to:

• Flexibility. IT assets are generally flexible. A single server or PC may conduct a variety of tasks or host multiple applications. OT assets have a specific mission, highly customized to deliver specific tasks to control or monitor operations.

• Security versus availability. In general, in the IT world, security takes precedence over availability. Often, on short notice, IT can shut down an asset to install critical security updates. In OT, the opposite is true. These assets must be available 24/7 and often do not update with the most recent security capabilities to avoid unnecessary downtime.

• New versus old. In the IT world, assets typically have a relatively short life (three to five years) before an upgrade. In OT it is common to have assets that are more than 20 years old controlling critical infrastructure. The cost to upgrade these assets—in both cash outlays and disruptions to the business—means they have an extended life.

• Homogeneous versus heterogeneous systems. In general, IT assets use a limited number of operating systems (Microsoft, Apple OS, Linux, etc.) and protocols to communicate. OT assets end up dominated by vendor-specific operating systems, protocols, and other designs unique and proprietary to each vendor. Integration in the OT world is typically more complicated and customized compared to IT.

Those differences must be considered when applying machine learning or AI to an OT environment, Carrigan said. “As an example, technologies are available to detect and automatically intervene to stop a cyberattack,” he explained. “These capabilities are becoming common in the IT world and will be further enhanced by leveraging AI techniques. Applying these same technologies in the OT world carries much more risk—any system that automatically interrupts the actions of an OT system could lead to significant loss of production or equipment damage—the same consequences we are trying to avoid via cyberattacks.”

Carrigan added: “The key differences between IT and OT, which will remain for years, means there must be more care when considering machine learning or AI for the OT environment.”

New direction

According to the Cisco inaugural 2024 State of Industrial Networking Report, it does appear manufacturers are beginning to design and deploy their OT environments to improve security, increase efficiency, and provide a platform for innovation. The report mentioned that cybersecurity—the backbone of the digital movement—was the biggest reported challenge in running and maintaining industrial networks. Also adding to the problem are the requirements of Industry 4.0, a backlog of legacy systems and assets, an expanding attack surface and an overstretched workforce.

In the report, 89% of respondents said cybersecurity compliance is very important in their operational network. Also, the number one challenge when running industrial infrastructure is mitigating cyber threats.

With the management of enterprise and industrial networks increasingly overlapping, the report also found IT and OT teams need to become more collaborative. Executive leadership can see the benefits of a unified approach but, currently, the two functions remain siloed, impacting efficiency and threatening the overall security posture.

Recognizing that the industry does not adjust well to change, but knowing change is inevitable, collaboration is improving and new technologies are evolving to improve secuity. “Based on what I have observed, the influx of new technology in the cybersecurity industry is truly remarkable, especially with the explosion of artificial intelligence applications,” Chowdhury said. “I would not be surprised if roles like tier-one SOC [security operation center] analyst become completely automated by AI soon. It is nearly impossible for a human to efficiently sort through the tens of thousands or even hundreds of thousands of logs generated in a modern infrastructure. Additionally, I have noticed a rise in automated penetration testing tools that allow organizations to continuously test their security controls.”
 

Investing in AI, cloud

Chowdhury said the cybersecurity industry faces “a significant gap” between the number of available jobs and the qualified professionals needed to fill them. “Although schools are working hard to educate the next generation of cybersecurity experts, the lack of real-world scenario experience remains a significant challenge. This is why I see companies investing heavily in AI to bridge this gap and enhance their cybersecurity defenses.”

In more digitalized environments, cloud computing also is becoming a bigger element—something industry wags never thought would happen. “Strategic planning and adopting cloud solutions are essential in modern cybersecurity strategies,” Chowdhury said. “The cloud offers scalability and flexibility, which can enhance security measures. However, careful planning is necessary to integrate these technologies effectively, ensuring they complement existing security frameworks. By balancing foundational practices with innovative tools, organizations can build a resilient and adaptable defense against cyber threats coming from an expanded attack surface.”

As the threat landscape in the digital world constantly evolves, it is making it increasingly challenging for organizations.

With an expanded attack surface through increased connectivity, it can be a very daunting task to protect a network with all these connections. But with more demand to produce more and more product, understanding what production is doing and how to increase productivity is important.

Digital technology advances are continuing to move forward and the key to avoiding any kind of setback is a strong cybersecurity component acting as the backbone for a manufacturing enterprise.
 

People and process are key to digitalization

With 75 million baby boomers retiring from their manufacturing jobs in such a short time, the industry is facing a large demographic twist. It may seem like the industry will become more reliant on technology, but the tried-and-true cybersecurity triad of people, processes and technology will become even more pronounced in the coming years.

While some in the industry fear digital transformation will eliminate workers, others say people will become the most important asset. As technology innovation continues to grow and become smarter and more developed, it is also there to support and empower both people and processes. With that in mind, the following are some best practices to ensure a more secure digital environment:

• Gain a strong grasp of basic cybersecurity fundamentals.

• Communicate constantly.

• Secure remote access.

• Network segmentation.

• Constantly back up data.

• Implement a security framework.

• Create a culture of collaboration with purpose-built OT and IT views to help address cybersecurity issues via different views and preferences.

• Understand what is talking to what through continuous and real-time monitoring of asset and network connectivity with immediate alerts on any violation of security policies or anomalies.

• Ensure visibility into ICS assets and networks, employing smart and advanced discovery techniques for complete asset inventory.

• Visualize network topology and connectivity to provide a real-time view.

• Predefine policies incorporating requirements in regulatory standards.

• AI algorithms for auto-defining comprehensive security policies and proactively identifying a variety of threats and vulnerabilities.

• This feature originally appeared in AUTOMATION 2024: 1st Annual OT Cybersecurity Trends Report.