Advertisment

COVID-19: Manufacturing industry and Cyber Security

author-image
CIOL Bureau
New Update
cybersecurity threats

The COVID-19 outbreak has triggered discussion around the world on business continuity planning (BCP), though many organizations have BCP plans the COVID-19scenario has exposed a widespread inadequate scenario planning and stress testing of the plans.

Advertisment

In the manufacturing segment, Cyber Security is a discretionary spend and generally a (small) component in the IT budgets. Thanks to the digitalization wave which has introduced a new generation customer interface and in the back-end usage of smart operational technologies; which introduced new risk domains to business that came with the connected enterprise.

However, digitalization, unlike ERP implementations, was not consistent in most of the organizations, and it was influenced by aging operational technology, acquisitions, geo-cultural issues, level of investments, etc. The non-standard IT landscape, legacy ICS networks and lack of native functionalities in the ERP application for Cyber Security controls has led to the deployment of multiple point technology solutions for identify access management, data protection, monitoring, threat intelligence, etc. Further, in the absence of descriptive guidelines and asks from the regulators, organizations were selectively and reactively invested in Cyber Security solutions.

Cyber Security in COVID-19 scenario

Advertisment

Due to COVID-19 lock-down scenario, most of the manufacturing organizations have come to a grinding halt. And in most cases, the only option is working remotely. Therefore, irrespective of the BCP plans for an industry that was inherently relying on physical controls, the COVID-19 scenario is an out of syllabus question when it comes to offering a secured way to continue business operations.

In the absence of such an unprecedented scenario planning and the rush to bring operations, online management will have to make trade-offs between controls and operations and they are likely to compromise even on existing controls rather than imposing additional controls for secure operations. Rapid scaling of devices and information exchange between business and social accounts will also put strain on the ‘vigilance’ efforts.

The manufacturing industry is also characterized by its large eco-system partners who transact with the organization on almost real-time via a live or batch mode interfaces, expanding the scope of enterprise applications landscape and security posture. The inadequate IT maturity and investments in security by the eco-system partners adds to the complexities of managing cyber threats.

Advertisment

In the current circumstances, all the vulnerabilities in the infrastructure and processes will not only make fertile ground for the external attackers but also increase the probability of insider threats.

Coping with the Cyber Security issues

While most of the IT teams are busy in enabling remote working, attention to cyber threats should not be ignored. The IT security team should ideally be grouped into three groups – secure, vigilance/monitor and resilience. Each group should evaluate the impact in respective areas and think of conventional and non-conventional controls and remediation plans. For example – in the secure area - employees working from home may not be aware of firewalls, VPNs, anti-malware, encryption, fishing attacks, etc. Training them on some of the cyber security fundamentals will reduce the strain on incidence management. Tightening identity and access management policies and pushing them to personal devices will help in monitoring. In addition to applying OEM patches and security updates, all other new codes and updates to applications should be postponed by a month.

Advertisment

Similarly on the monitoring side, if the organizations have not invested in Security Information and Event Management (SIEM) solutions activate native table/access logs, use encryption functionalities and performing geo-location and behavioral analysis to spot exceptions. Increase the monitoring of activities performed by third parties. Using automation in this area is highly recommended to drive towards actionable intelligence.

Building resilience is equally critical and often overlooked by organizations. In the current scenario, organizations may consider the following-

Establish a cross-functional crisis management team to get an organization-wide understanding of the impact and to coordinate efforts. Create sub-teams to manage specific workstreams such as communications, legal, finance, or operations with high levels of decision-making authority to allow for swift and effective action

Advertisment

Review inventory of all IT, OT and connected devices, including ICS that are attached to network segments. Ensure ‘air gapping’ for ICS network security to limit and isolate impact while preparing for forensics and further action.

Refer and follow scenario planning/playbooks.

Keep plans, policies, and procedures actively under review, adaptive and flexible to the emerging threat to ensure an organization remains prepared and protects its people, reputation, strategy, and bottom line.

In addition to the tactical measures, there is also a good reason to re-visit the cyber security strategy not only to react to the current situation but also to sustain and thrive in such a scenario because there is huge upside of continuing your business operations in a secured way.

Abhijit Katkar, Partner, Deloitte India