There are two kinds of difficulties while protecting a company against cyber-attacks, one is technological and the other is human. From a technological perspective, dealing with outdated legacy systems lacking the security measures needed to protect against current threats is a major issue. Many manufacturing settings depend on these outdated systems, making them prime targets for cybercriminals. In conversation with Sanskriti Ramachandran, Kumar Ritesh, Founder, Cyfirma narrates how smart manufacturing organisations can deal with cybersecurity issues. 

CYFIRMA has been helping businesses across a myriad of industries to strengthen their cyber posture, manufacturing enterprises form a significant portion of the company’s base clientele where IOT projects would require a higher level of vigilance. Over the last seven years, CYFIRMA has defined a new category in cybersecurity called ‘ETLM’ (external threat landscape management) and has developed the world’s first external threat landscape management platform called DeCYFIR. DeCYFIR arms governments and businesses with personalised intelligence where insights are tailored to their industry, geography and technology. DeCYFIR provides clients with multi-layered intelligence covering strategic, management and operational insights. DeCYFIR’s ability to combine cyber-intelligence with attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness, digital risk protection and third-party risk monitoring on a single pane of glass sets it apart from the competition. Clients receive insights that enable them to conduct effective intelligence hunting and attribution, connecting the dots between hacker, motive, campaign and method to gain a comprehensive view of their threat landscape. With DeCYFIR, clients receive early warnings of impending cyberattacks so they can act quickly to avoid a breach. DeCYFIR is designed to meet the stringent demands of CISOs, CROs, and Security Operations teams.

In smart manufacturing, cybersecurity risks are evaluated by considering both IT (Information Technology) and OT (Operational Technology) systems, since these settings generally feature merging of the two. We guide our manufacturing clients to enhance their cyber defences through our main platform called DeCYFIR which employs an intelligence-driven strategy that integrates technology, personnel, and procedures. We recommend that our clients start with vulnerability assessments on OT systems, which frequently include legacy industrial control systems that were not originally developed with cybersecurity in consideration. These outdated systems are vulnerable to attack, assessing their vulnerabilities is critical. We utilise our platform to conduct supply chain risk assessments, acknowledge that third-party suppliers, OEMs, and service providers are crucial in the manufacturing landscape.

Because these partners might access crucial systems, their security practices are as important as the company’s own. Additionally, we assist our clients to employ simulation methods that mimic possible cyber-attacks on manufacturing plant, to understand how different situations may affect production and operations and assert that every client has 24/7 surveillance of their digital risk profiles with insights on their external threat environment. While also encouraging them to perform a periodic assessment to verify adherence to applicable industry standards, like IEC 62443 or NIST frameworks, that offer advice for safeguarding industrial systems.

There are two kinds of difficulties while protecting a company against cyber-attacks, one is technological and the other is human. From a technological perspective, dealing with outdated legacy systems lacking the security measures needed to protect against current threats is a major issue. Many manufacturing settings depend on these outdated systems,making them prime targets for cybercriminals. And the rise of IoT devices has created challenges for manufacturers in terms of efficiently monitoring and securing all endpoints. On the other hand, a major challenge on the human side is the shortage of cybersecurity knowledge among employees, especially those in non-technical positions. This leaves them susceptible to social engineering techniques such as phishing. Another obstacle is the reluctance to adapt, especially in companies with firmly established procedures. Workers and leadership teams might resist implementing new cybersecurity protocols, despite their importance. Insufficient training is another important problem, because many workers may not have the skills to identify or address complex cyber-attacks like spear-phishing or advanced persistent threats (APTs).  

Companies such as CYFIRMA are crucial in assisting manufacturing firms adhere to industry regulations by offering guidance in understanding intricate compliance requirements. Initially, we help businesses align their current cybersecurity procedures with specified regulatory guidelines like NIST, ISO/IEC 27001, IEC 62443, and GDPR to ensure compliance with industry norms. By conducting thorough gap assessments and audits, manufacturers pinpoint areas in which their cybersecurity measures may not meet compliance standards and offer practical suggestions for enhancement. Cybersecurity companies can also help in creating and executing cybersecurity policies and procedures, which are essential for meeting regulations. Manufacturers must also ensure they have strong incident response plans in place and that their policies are regularly updated to align with evolving regulatory requirements. Continuous monitoring is essential in assisting companies in upholding compliance, recognising and alerting any deviations from regulatory standards to prevent penalties or damage to reputation. 

Certain ventures face an expanded danger of digital assaults because of the touchy information they handle or the basic administrations they give. Areas like energy, guard, and synthetics, which are vital for basic framework, are regularly focused on by cybercriminals and state-supported programmers because of their capability to make troublesome attacks.

Similarly, the medical care area faces critical dangers of ransomware, information breaks, and cybercrime since it holds huge measures of individual and delicate clinical information. The monetary area is likewise a primary concern due to its nearby connection to monetary assets and individual data. Digital dangers against power frameworks and energy foundations present critical risks since they can possibly influence the organisation, economy, and society altogether. In India, a rising number of individuals are becoming aware of cyberattacks, particularly on account of the expansion in notable incidents. However, numerous private ventures actually misjudge the impacts of cyberattacks, including harm to their standing, monetary misfortunes, and interferences to their exercises. Despite the fact that greater organisations are turning out to be more proactive, there is as yet a huge hole in network protection development, with numerous organisations in the SME area expecting to improve their gambling the board understanding and practices.

Our strategy for identifying and responding to incidents in a smart manufacturing setting is thorough and focuses on immediate monitoring, teamwork, and fast actions to resolve issues. Businesses also depend on advanced threat detection technologies like intrusion detection systems (IDS) and anomaly detection tools to watch over manufacturing settings for abnormal behaviour, however, these are considered as being 'reactive'. Through the use of real-time threat intelligence feeds and constant monitoring of external threats, we can detect possible attacks early on before they grow more severe. This changes the strategy to focus on being 'proactive' first, and then 'predictive'. If an incident occurs, a thorough incident response plan must be implemented. The customised playbooks that govern the IR plan are created through collaboration with the company's OT and IT teams, as well as other functions. These playbooks provide predetermined methods for reducing and controlling an attack, while diminishing the effects on crucial manufacturing operations. Effective communication and cooperation with operational technology teams is vital, as handling an event in a manufacturing setting involves the challenge of acting quickly while also minimising disruption to production. After the incident is under control, we recommend that the company performs a detailed post-mortem analysis to determine the main reason and enhance security measures for upcoming events. 

AI and ML's growing presence in smart manufacturing will greatly impact cybersecurity in the future. AI and ML will greatly improve our capacity to spot and counter threats immediately. Machine learning algorithms can be taught to recognise patterns and irregularities in data flows, helping us detect possible dangers more quickly than conventional rule-based systems. As manufacturing systems become more intricate and interconnected, the significance of this will grow, leading to an increase in the amount of data generated. Furthermore, AI has the potential to facilitate independent security measures, decreasing the reliance on human involvement and enabling systems to automatically isolate compromised devices or systems. The integration of AI technology in predictive analytics will play a crucial role in proactive threat management by enabling manufacturers to anticipate and adjust security measures in response to potential threats. Nevertheless, the increasing importance of AI in defense and attack tactics will pose a significant challenge in securing these systems from adversarial manipulation. In general, as AI and ML have the capability to enhance security, it is important to carefully control their implementation to prevent the creation of new vulnerabilities.  

Without a doubt, increased cooperation throughout the supply chain is crucial for guaranteeing thorough protection from cyberattacks. Cybersecurity now demands the participation of all key stakeholders, not just IT or OT teams within a single organisation. Original Equipment Manufacturers (OEMs) and suppliers need to make sure their products are designed with security in mind and that they offer updates or patches whenever vulnerabilities are found. When designing and deploying systems, system integrators need to make security a top priority by incorporating security measures in every step of the process. Cooperation among users, OEMs, component suppliers, automation players, and integrators is essential for exchanging threat intelligence and best practices to detect new threats and vulnerabilities. Working together with regulatory bodies and cybersecurity firms across the industry can assist in coordinating security practices and creating a more cohesive approach to addressing cyber threats. Essentially, a collaborative, multi-party strategy is essential for creating a strong cybersecurity framework in smart manufacturing settings.