Security Storyline: Plan to Cut Downtime

Monday, September 18, 2017 @ 05:09 PM gHale

By Eric Ehlers
Manufacturing’s storyline has been told in a simple way for the longest time. Manufacturers (the good guys) had to deal with lots of adversaries on the plant floor, but the biggest archrival was known as “downtime.”

Downtime is the ultimate antagonist of manufacturing. It is the kryptonite that can creep into a factory and cause lines to shut down cells, stop production, and ultimately cause a hit to the bottom line. Downtime can take many forms – from machines breaking down, to virus-infecting factory equipment, to human error.

Users Learning, But Ransomware Still a Problem
ICSJWG: Putting Numbers Behind Risk
ICSJWG: Change in Security Approach Needed
Power Grid Compromise

However, like most blockbuster films, the plot thickens. To thwart the hero, villains team-up so the hero must deal with the chaos of not one, but two nemeses. This is now happening in real life with latest supervillain coalition — ransomware and downtime.

Downtime is easily recognized and there are a number of ways manufacturers have dealt with the issue. Ransomware constantly changes and takes many names with WannaCry, Petya, and Nyeta making the headlines lately. Ransomware has a similar approach – infiltrate and shut down operations until a fee is paid. In some cases, ransom isn’t really an option, and the ultimate goal is just chaos.

John Peterson, IT Plant Manager of AWNC in Durham, NC, saw first-hand how ransomware can infiltrate manufacturing operations. AWNC is a supplier of transmissions for a leading automotive manufacturer.

Every day close to 3,000 transmissions are moved from cold rolled steel to finished product and shipped out the door. Peterson had come to AWNC with a mission. The company’s current IT systems were impacting the plant’s operations with downtime becoming a considerable issue due to its aging infrastructure.

Peterson put together a plan. The results were staggering. Working with his partners, Peterson’s team overhauled the network and communications systems. The result is a near-zero downtime network and close to $1 million in cost savings. The new network also supported consistent data capture with a structured system to ensure backups were in place for disaster recovery.

In that network overhaul, unsung heroes were also put in place. These would later prove dividends for AWNC in avoiding downtime – security policy enforcement and next-generation firewalls.

Like many manufacturing operations, personnel and vendors come in and out of a facility, which introduces new devices on the network such as laptops and tablets. AWNC implemented an Identity Services Engine as part of the network upgrade to enforce policy around who and what had proper access to the network while also ensuring visibility and proper authentication of devices.

Earlier this year, a laptop infected with ransomware entered the AWNC network. It was plugged into a testing area and immediately shut down the cell.

“The new firewall immediately recognized the initial point of the ransomware and prevented it from spreading. We were able to lock it down and contain it. Ultimately, we found it on three separate laptops, but it did not impact our overall network because we were able to isolate it,” Peterson said.

Having a Plan Pays Off
Just three inoperable laptops (whose data was recovered) were lost because the data capture and recovery system and procedures had been in place, which AWNC experienced no downtime. Revamping the network while building in security and data recovery policies has proven to be an effective plan for thwarting downtime and ransomware.

AWNC is not alone in this battle, quite a few manufacturers are facing similar challenges. According to the Cisco 2017 Mid-Year security report:

• 28 percent of manufacturing organizations reported a loss of revenue due to attack(s) in the past year — the average lost revenue was 14 percent
• 46 percent of manufacturing organizations use 6+ vendors with 20 percent using more than ten. 63 percent use 6+ products with 30 percent using more than ten products
• Nearly 60 percent of manufacturing organizations report having fewer than 30 employees dedicated to security while 25 percent consider a lack of trained personnel as a major obstacle in adopting advanced security processes and technology

Compounding the problem for manufacturers is the fact more than 80 percent of industrial fixed assets are over 20 years old. Technology is driving improvements around connectivity to support better uptime and insight into overall equipment effectiveness (OEE). While the benefits of these data insights are tremendous, many of the systems in these plants were never built with security in mind and thus increase the potential risk for manufacturers.

AWNC demonstrated a model that manufacturers should prepare for going forward:

• Don’t wait – the time is now to protect your IP, your facilities, and your reputation.
• Security has to be considered as part of the overall plan. Just having infrastructure in place is not enough going forward.
• Policy needs to be implemented and defined to ensure the right access is given at the right time to the right people and assets.
• Use a “defense in depth” approach. Layering in defense allows manufacturers to segment, isolate and contain threats before they spread.
• Have a data recovery process in place. There is no guarantee systems impacted by ransomware can be recovered, even if one decides to pay the ransom.

Think of security as the ultimate utility belt. Make sure it is prepared and well stocked to address any situation or cyber supervillain.

Eric Ehlers joined Cisco in 2016, working in the manufacturing and energy vertical. Ehlers has worked in a series of industrial technology sectors, including manufacturing, utilities/smart grid, transportation, and oil and gas.

Leave a Reply

You must be logged in to post a comment.