Topics:
We’re well into the journey of a rapid modernization of manufacturing. Smart sensors and integrated systems permeate factories and, along with other internet-of-things (IoT) assets, they feed large data lakes that can be parsed in seconds by artificial intelligence for predictive analytics, optimization and other efficiencies that mark the current industrial revolution.
Security teams must find ways to enable and aid this convergence and transition manufacturing securely, reducing risk and the exposures introduced by this newly expanded attack surface.
Perhaps the most consequential exposure facing these cyber-physical systems (CPS) is internet-facing assets that are directly accessible from the public internet. This is a structural risk in too many modern manufacturing environments, one that can introduce disruption without the need for much sophistication on a threat actor’s part.
The business and manufacturing operational need to connect CPS assets—operational technology (OT) assets in particular—are imperative to preserve process availability, operating efficiency and higher reliability. Control technicians, managed service engineers, automation engineers, asset technicians, and maintenance personnel tasked with implementing and supporting this modernization may not immediately, fully understand the cyber risks to operational resilience involved with an insecure public-facing asset.
Remote maintenance and operation of production lines or physically remote assets, for example, may require internet access to systems that manage programmable logic controllers (PLCs), human-machine interfaces (HMIs), and supervisory control systems (SCADA). Building management systems (BMS) that manage central utilities, heating and cooling, personnel and process environments in factories are often configured and managed remotely.
In many cases, these assets and their control systems were never designed with internet exposure in mind. Yet through incremental digitization and connectivity initiatives, they have become reachable—sometimes directly, often through complex and poorly documented pathways.
Exposures can be a byproduct of IT and operational convenience, end-of-life legacy technology and design, or business requirements that have outpaced the ability to properly secure them. This can often result in a number of risky behaviors, including:
Misconfigured remote access: Open ports, missing or weak VPN configurations, or direct RDP exposure intended for ease of remote third-party vendor or contractor access
Flat network architecture: Insufficient network segmentation between IT and OT environments allows internet-facing IT assets to serve as pivot points directly into CPS manufacturing networks
Cloud integration without security controls: OT environment (IIoT devices and SCADA systems) connected to cloud platforms without proper authentication, encryption, or network traffic monitoring
Default credentials and outdated firmware: Many OT devices remain unpatched, run on legacy, unsupported OS platforms and rely on factory-default access controls
These exposures must be surfaced before well-planned mitigations can be implemented. Factories must have an asset management program that includes complete asset inventories; that level of visibility is an essential first step that enables the rest of a CPS protection program.
A recent Team82 report analyzed how opportunistic attackers such as hacktivist groups that are sympathetic to nation-state geopolitics are leveraging internet-facing CPS in real-world attacks. The alarming facet of this research is that most of these attacks are hurdling extremely low barriers to entry.
Simple to use tools like Shodan and Censys public internet scans deliver invaluable insights into classes of internet-facing assets. Vulnerable PLCs or HMIs, assets that are protected by weak or known default credentials or communicate over insecure protocols, are especially vulnerable. Manufacturing companies were impacted in nearly 20% of the 200 verified cyber incidents in Team82’s research, the most of any critical infrastructure sector.
These simply avoided exposures can help organizations be better protected from incidents that negatively impact factories’ availability, safety, and quality. Some of those impacts include:
Attackers may halt production lines, manipulate production processes, or trigger fail-safe shutdowns. Even short disruptions often cascade into significant financial losses, missed delivery commitments, and supply chain ripple effects.
Subtle changes to process parameters—temperature, pressure, flow, timing—can degrade product quality without immediately triggering alarms. This introduces risks to a firm’s crown jewels in manufacturing of defective output, recalls, and resulting in reputational damage.
Cyber-physical attacks can create unsafe operating conditions, putting personal and public safety at risk. Manipulated control systems and devices may override safety interlocks or disrupt critical environmental controls.
Production systems often encode proprietary processes and configurations. Unauthorized access can lead to theft of sensitive manufacturing process knowledge and information.
An exposure management strategy is essential for modern manufacturing. Internet-facing CPS assets present a massive vulnerability, especially if the connectivity is insecure. CISOs must ensure the following mitigations are in place, or they stand to put operations at risk and the business at a competitive disadvantage.
Start with asset management through visibility into any internet-facing CPS assets, including legacy OT systems. Identify exposed services, devices, and pathways from an attacker’s perspective.
A never-trust, always-verify approach to networking CPS security is the safest way forward. Strictly limit connectivity between enterprise IT systems and below network layered production environments, and eliminate direct internet access to OT environments, moving to indirect access wherever possible. This greatly cuts down on the risks of ransomware potentially introduced by plant personnel impacting production environments, and lateral traffic movement from CPS assets to the enterprise network.
Ensure you have enterprise-grade remote access solutions in place, in particular a purpose-built solution for CPS and OT assets that includes the auditing, recording and over-the-shoulder monitoring required to shut down malicious sessions as they happen. Also, enforce multi-factor authentication and least privilege access for all users, especially third-party system service and support vendors.
Eliminate default credentials, unnecessary services, and outdated firmware. While patching may be constrained to infrequent, planned maintenance windows; compensating controls—such as network isolation and access restrictions—can significantly reduce risk.
Digital transformation in manufacturing will continue to move forward; the business and operational benefits are far too great.
But as connectivity increases, so does exposure. For CISOs and CIOs, the priority is clear: bring direct internet-facing cyber-physical systems out of the shadows, understand how they are connected, and reduce the pathways through which they can be exploited. The resilience of production depends on it more than ever.
Jim LaBonty is the retired Director and Head of Global Automation Engineering for Pfizer's Global Engineering & Technology division. In this role he primarily focused on establishing the strategic direction and harmonizing control system solutions across 42 manufacturing sites globally, including securing the development of Pfizer's COVID-19 vaccine. Previously, LaBonty held senior engineering and system architect roles at Rockwell Automation, Eli Lilly & Company, and Eastman Kodak Company. He now leverages his decades of experience to help firms with their corporate OT cyber strategy and global program execution, with the goal of protecting manufacturing.
