EDITOR’ S QUESTION
Cybercriminals target manufacturing for its reliance on uptime, often exploiting outdated industrial control systems( ICS) that still run on antiquated software like Embedded Windows XP, or Windows 10 which reaches end of support this year.
Increased digitisation interconnects IT and OT zones, increasing vulnerability to attacks that disrupt or deny operations. For example, over the past year, more than 50 % of organisations experienced at least one security incident involving ICS / OT systems.
That same digitisation is changing the face of manufacturing supply chains, with data flowing between suppliers and partners just as much as product and raw materials. Third-party service and support partners visit manufacturing sites with their own laptops and removable media to update firmware on the ICS tooling they manage.
However, malware hosted on portable devices like USB drives can bypass traditional network-based security measures and move laterally between IT and OT systems.
All entry points should be covered by the policy, including‘ walked in’ devices and media, and checked and sanitised using Content Disarm and Reconstruction( CDR) techniques. Data should only ever enter critical environments once it has been sanitised and validated.
The majority of air-gapped manufacturing environments lack security controls to detect IT malware, meaning that compromised media could result in huge financial losses, operational downtime and public safety risks.
The other key challenge is security teams often have limited visibility into the devices connecting to their organisation’ s systems and the flow of data transfers. This means that security teams have to manually scan files, which is extremely time-consuming.
Manufacturing organisations need a multi-layered strategy to mitigate risks, with scanning policies at the heart of it. This requires all incoming data and devices to be scanned before they reach critical network assets.
Scanning policies should also complement access controls like robust access credentials, which limit the use of external devices to authorised personnel. This then prevents removable media that hasn’ t been thoroughly scanned and sanitised from accessing data within the organisation.
To effectively implement such a process especially at scale, manufacturing organisations should use dedicated scanning kiosks integrated with secure file storage and managed file transfer capabilities. Kiosks dramatically reduce the risk of introducing malicious code into secure network environments without causing delays for employees trying to do their job. p
JAMES NEILSON, SVP INTERNATIONAL AT OPSWAT
www. intelligentcio. com INTELLIGENTCIO EUROPE 33