The ongoing digital transformation of traditional industrial practices is often referred to as the “Fourth Industrial Revolution” or Industry 4.0.  Industry 4.0 merges advanced, manufacturing processes and methods with intelligent systems, enterprises, smart factories, and employees. Managers are now able to leverage technologies like Big Data, Machine Learning, IIoT, Artificial Intelligence and Virtual Reality for more informed decision making.

And yet as with every great revolution, Industry 4.0 has its downsides. For instance, the risk of key component of a company’s network coming under cyber attack has increased significantly because of Industry 4.0 connectivity, making sophisticated cybersecurity an essential component of industrial control systems (ICS). Today, there are far fewer solitary industrial systems smart machines and facilities. Previously isolated systems are now connected to Ethernet-based networks, which eventually exposes them to the Internet and presents the risk of cyberattacks.

Cyberattacks on any industry are extremely costly. In 2023, the average global cost of a data breach was USD $4.45 million, an increase of 15% over the previous three years. Unfortunately, cybercrime is predicted to increase exponentially as manufacturers connect more devices and systems, and scale their networks, creating a larger threat surface for hackers. Once they are in, hackers can wreak havoc or interrupt the production process such as simulating a motor functioning properly when it is not or modify PLC firmware to damage production line quality. Worse yet, they can navigate from the OT to the enterprise IT network to seek out intellectual property information, customer lists, financial balance sheets and other sensitive company data.

In this blog, we look at industrial cyberthreats and delve into strategies to blunt attackers. Additionally, we examine how industrial Ethernet switches can help safeguard Industry 4.0 networks from intruders.

The Nature of the Cybersecurity Threat

First off, what is cybersecurity? According to the U.S. Cybersecurity & Infrastructure Security Agency, "cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” In an industrial setting, cybersecurity involves locking down ICS systems with an iron-clad cybersecurity strategy to prevent hackers from inflicting harm on productivity, assets, profits and reputation.

Cyberattacks come in many forms. These can include malware (viruses, worms, Trojan horses), email phishing scams, Distributed Denial-of-Service attacks, SQL injection, Man-in-the-Middle attacks, and session hijacking, among others. Ransomware— software that prevents users from accessing files unless a ransom is paid— has spread like wildfire over the world and has become the "go-to" method of attack on industrial control systems. Industry 4.0’s convergence of Information Technology (IT) and Operational Technology (OT) now has malware breaches allows a hacker to have access across an entire enterprise by exploiting system vulnerabilities.

Improving Network Resistance

Any company, regardless of industry or size, can become the target of cybercriminals if it possesses something that will advance a cybercriminal’s goals, be it financial or ideological. Small companies are often more vulnerable to insider threats because they lack basic cybersecurity and face insurmountable costs addressing compromised data, customer loss and regulatory penalties.

Big or small, every company needs to remain vigilant. Below are actions businesses can take to improve their overall cybersecurity posture.

· Segment OT and IT:By doing this, you’ll ensure that the harm caused by an attack will remain contained inside the "zone" that was violated, while still allowing safe data flow between IT and OT.

· Use multi-factor authentication: All internal sensitive data and services and externally facing authentication portals should employ MFA. With the use of this technology, accounts are kept secure even when passwords are cracked.

· Secure applications: Prioritize whitelisting and properly install malware configure applications that can run containerized malicious code.

· Create stronger passwords: Passwords ought to be at least 12 characters long and contain alphabetic, numeric, and special characters.

· Hire OT cybersecurity pros: Traditionally, cybersecurity internal operations has been a function of the IT department. With OT infrastructure and connected devices growing in complexity and connectivity, it is playing with fire to not to have knowledgeable employees overseeing OT cybersecurity in alignment and communication with IT and business leadership.

· Determine baseline behavior: Baselining will establish normal behavior of the network to enable the detection of abnormal behavior down the line.

· Install firewalls: Installing firewalls, a network essential, can stop some malware attack vectors by preventing harmful traffic from getting into a system and by limiting unnecessary outbound interactions with malicious software.

· Develop threat intelligence: You must stay informed about the most recent ICS attack techniques and the best ways to protect against them. Do so by regularly collecting, processing, and analyzing available data to better understand a cybercriminal’s motives, targets, and attack behavior.

· Implement defense in depth: The ISA/IEC 62443 family of standards, which outline the prerequisites and procedures for setting up and maintaining electronically secure industrial automation and control systems (IACS), codified the defense in depth concept. These guidelines provide security best practices and offer a mechanism to gauge the security measures' performance.

· Maintain networks: This entails using security-focused protocols, maintaining patch management procedures, and updating firmware. Doing so will keep attackers from taking advantage of known problems or exploit vulnerabilities. Installation of outdated software or the absence of operating systems that are adequately supported for older automation models are two factors that contribute to vulnerabilities in industrial facilities.

· Incident response plan: Create an IR plan and ensure that all impacted employees receive regular training and evaluations on it. In the event of a data breach or other type of security incident, your organization should follow the steps outlined in the IR plan to control damage and costs.

· Employee awareness:Every employee in your organization needs ongoing training in order to identify malicious assaults on the network and, if targeted, respond with best practices. At the top of the training should be how to avoid email and web attacks and phishing attacks, scams that remain the most common form of stealing employee credentials and gaining unauthorized access to networks.

In order to spot any malicious behavior, it is crucial to monitor and examine endpoint AV/EDR logs and traffic logs. Also, check your domain controllers for increased, burst activity and protocol communications for suspicious network activity. Finally, to spot odd trends, examine communications between PLCs and internal/external destinations.

What If Your Networks Are Attacked

If your plant is the target of a cyber assault and your production environment or industrial machinery/data systems are compromised, what should you do?

The ideal scenario is to have the personnel and software solutions in place to enable a quick response in accordance with a systematic, standardized plan of action, i.e., the incident response plan. First, identify the threat. The source of the attack, whether it be a virus, malware, or illegal remote access, must be found. Next, the denial of service attack must be brought to the attention of stakeholders. They can ensure that users on the affected network are alerted so they may reduce losses, while users on clean networks can aid in halting the spread of cyber attacks.

The next step is to isolate infected networks and study to see if the nature of the cyberattack has exposed any new vulnerabilities in the IT/OT infrastructure that will give hackers access cyber physical systems in the future. Once these steps are taken, you can return systems to their functioning state, and a recovery strategy can be put into action.

Are Industrial Ethernet Switches Safe?

Industrial Ethernet Switches are essential components of industrial processes used to connect devices in manufacturing plants, agricultural operations, production facilities, assembly lines, utilities, oil refineries and other critical infrastructure.

There are vulnerabilities in Industrial Ethernet Switches you should be aware of.  These have been exploited by hackers to gain access to networks with major repercussions on connected industrial assets. Flaws include the use of default passwords, hard-coded encryption keys, and lack of proper authentication for firmware updates, among others. A flaw as simple as leaving an industrial switch port open and unprotected can allow anyone with a laptop to plug in and find a pathway into a manufacturer’s OT or IT platforms.

These vulnerabilities are more pronounced in unmanaged industrial switches. An unmanaged industrial ethernet switch also will lack overlapping layers for control over traffic or what devices can be connected to it. Conversely, managed industrial Ethernet switches offer improved risk protection thanks to features like multi-level user access control, a security feature enhanced password encryption capabilities, MAC security, and variable password length. After a predetermined number of unsuccessful access attempts, managed switches can also be programmed to automatically revoke user or port credentials.

Antaira provides a hardened line of managed and unmanaged industrial Ethernet switches to its customers to help them with new technologies and create scalable, secure, and reliable networks that can support legacy devices and be digitally transformed to fully using digital technologies and realize Industry 4.0's potential. Learn more at www.antaira.com or call us at 714-671-9000 to speak to a live industry expert.