Vertical markets, Content

CISA Warning: Hackers Will Target Critical Manufacturing Vulnerabilities

Critical manufacturing is expected to be an all-too inviting target for hackers in 2022 especially as COVID-19 persists, the head of the nation's cyber central said in a new alert.

Here’s why: The Cybersecurity and Infrastructure Security Agency (CISA) believes that critical manufacturing facilities are under-secured and present too many areas attackers could hit. The sector is at particular risk from an increase in available surface areas and an insufficient cybersecurity workforce to defend against hacking offensives, CISA said in a new Insights Report.

Both issues are fallout from the pandemic. And, they’re not the only ones, CISA said. “These trends increase the vulnerability of the Critical Manufacturing Sector to the growing number of ransomware attacks aimed at private businesses by increasing attack surfaces and reducing protective abilities,” the bulletin said. “To mitigate future threats, the Critical Manufacturing Sector should prioritize the management of risks.”

Here’s the gist of the CISA report:

  • If current trends hold, attacks against manufacturing sector infrastructure will continue to increase.
  • Environments previously ‘air-gapped’ may become more connected to enterprise networks, public clouds, vendor networks, and other third parties for remote management.
  • A rapid expansion of the threat landscape and attack surface makes it far more likely manufacturing organizations will experience a cyber event significant enough to degrade or impede safety and availability of production.
  • Supply chain attacks or disruptions further complicate manufacturing’s need to operate safely. Ransomware attackers have begun to target systems lacking the inherent security controls required to protect themselves.
  • The net net could be catastrophic production loss and downtime as well as lost revenues and penalties for production delays.

An area of concern CISA highlighted is the increased use of robotics to automate critical manufacturing processes and the associated cyber dangers. “Remote control, validation, and monitoring must be tailored to support operational needs,” CISA said. “While RPA (robotic process automation) can greatly improve the production capabilities and security of manufacturing, it also introduces external supply chain risks, the report said

Potential operational vulnerabilities in the control systems that manage industrial processes (ICS) resulting from remote work include:

  • Expanded cyber-attack surfaces.
  • Reduced network segmentation and securitization.
  • Unauthorized access (both physical and online).

“Managing cybersecurity risks in an ICS environment requires a blend of skills that has become onerous to maintain while facing pandemic-driven changes,” CISA said. Along those lines, in a Twitter post on the Insight report, CISA Director Jen Easterly pointed to the importance of manufacturing organizations ramping up their cyber defenses. “As more critical manufacturing plants move to adopt robotic process automation RPA due to COVID, bad actors have more opportunities to take advantage of vulnerabilities,” Easterly tweeted.

CISA Recommendations: Cybersecurity in Manufacturing

Here are some steps CISA recommends critical manufacturing organizations take:

  • Developing cybersecurity and operational knowledge within the shop floor environment is essential, given reduced crew density.
  • Cybersecurity teams within firms must invest in training for security analysts to be capable of remote monitoring of manufacturing environments.
  • The partnership between production resources and cybersecurity analysts should be developed commensurate with the organization’s risk tolerance.

CISA’s critical manufacturing warning comes months after newly proposed legislation advocated for the agency to play a larger part in protecting industrial control systems from cyber attacks. The bipartisan DHS Industrial Control Systems Enhancement Act, which amends the Homeland Security Act of 2002, would give CISA the responsibility to “maintain capabilities” to identify threats to those systems.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.