Cybersecurity leaders in manufacturing sectors dealt with significant challenges in the last year when it comes to the protection of their cyber-physical systems (CPS) including operational technology (OT), internet of things (IoT), and building management systems (BMS). Frequent and disruptive ransomware attacks have resulted in significant financial costs and operational disruptions.
According to our recent independent global survey report, “The Global State of CPS Security 2024: Global Impact of Disruptions”, over one-third of Food & Beverage sector respondents alone met ransomware demands of $1 million or more to recover access to encrypted systems and files in order to resume operations.
These findings highlight the imminent need for critical infrastructure organizations to defend their CPS environments with purpose-built CPS security strategies and solutions. To begin, manufacturing sector leaders should consider the implementation of a Zero Trust framework to prevent the spread of ransomware.
What is the Significance of Zero Trust?
For many organizations, “Zero Trust” may seem to be nothing more than a buzzword they are overexposed to in the cybersecurity industry. However, although this hot-button topic is regularly discussed, many are left underexposed to the practical applications and the philosophy underpinning the hype.
The Zero Trust security model assumes that no entity should be trusted. This means that security teams must operate on the assumption that there are threats present both inside and outside of their networks. Therefore, no communication should be allowed until all users are properly authenticated and authorized.
Zero Trust however is not a singular product or solution, but rather a comprehensive policy or set of policies. A successful zero trust implementation relies on continual assessment of and investment in network monitoring and security solutions. With the proper Zero Trust policies in place, manufacturing organizations can prevent the spread of ransomware. However, there are several challenges you may come across when getting started.
Common Challenges to Zero Trust
Gaining Asset Visibility: Traditional methods to asset visibility including the use of IT solutions and standard scanning methods are typically incompatible with and unsafe for manufacturing networks. These methods create operational risks and are generally neither practical nor effective for securing CPS environments.
Detecting Threats: Traditional approaches to OT asset visibility rely heavily on passive-only discovery, which requires hardware, configuration changes, and resources to deploy. While still valuable, this method adds cost, increases deployment time, and lacks patch level insights which many times leaves organizations without critical elements for cyber risk reduction.
Proper Network Segmentation: In manufacturing environments, network segmentation poses a unique challenge in that these networks control critical processes and any changes could potentially lead to downtime or disruptions. This can also be a drawn out and costly endeavor that involves investing in additional hardware for the networks including switches, routers, and access points..
Exposure Management Strategies: Effective exposure management strategies are not possible without OT asset visibility. However, CPS assets typically use proprietary protocols that render them nearly invisible to traditional security tools. In addition, standard solutions and conventional wisdom guide prioritization based on the Common Vulnerability Scoring System (CVSS), not based on exploit likelihood. Causing already overburdened personnel to waste resources prioritizing those that are not exploitable or will not ever be exploited.
Effective Access Controls: Legacy solutions like VPNs generally provide access to an entire network with little scope of control around access. This represents a major shortcoming in building a foundation of Zero-Trust network access controls where time-bound, just-in-time (JIT) access can help to reduce the attack surface of the CPS environment.
How to Solve Zero Trust Challenges with a Purpose-Built CPS Solution
Every manufacturing environment has special considerations operators must take into account when putting the proper CPS cybersecurity controls in place to reduce ransomware risk in their unique environment. Establishing an organizational commitment to Zero Trust as an underlying philosophy creates a solid foundation for comprehensive monitoring and security, enabling a proactive approach to meeting common challenges.
To get started, organizations should invest in a CPS Protection Platform that brings together the capabilities needed to implement zero trust controls for a manufacturing environment, regardless of its scale, architecture, or the maturity of the existing cybersecurity programs. Here’s how The Claroty Platform does just that:
Understands Network Components: An effective CPS Protection Platform should support a comprehensive list of proprietary and standard OT protocols. Visibility should include network asset discovery and in-depth understanding of network communication, revealing what once was hidden to IT and OT administrators. Claroty employs a variety of dynamic discovery methods including safe queries and ecosystem enrichment through integrations. This data enables deep asset profiles and insights without the need for hardware or deployment resources.
Protects Systems, Operations, & Processes: Ensuring active ransomware attacks and incursions cannot move laterally to other parts of the network or across to other networks is a must for manufacturing organizations. Claroty’s Continuous Threat Detection (CTD) solves for this challenge by providing critical insights into device and network activity to assess risks and vulnerabilities, as well as providing constant monitoring and alerts.
Secures Least Privilege Access: Once your organization has a clear and comprehensive understanding of the assets in your environment and has taken the necessary steps to prevent issues spreading laterally, it’s time to focus on finding a way to effectively monitor and secure access to your network resources. Claroty xDome Secure Access offers capabilities needed to implement Zero Trust controls and least-privilege principles to reduce the spread of ransomware. Deploying xDome Secure Access creates a safe and controlled method of accessing and operating within even the most unique and challenging environments.
Reducing Ransomware Risk with Zero Trust & Claroty
Zero Trust projects are a continuous journey that require commitment from stakeholders across the enterprise as well as the implementation of tailored CPS solutions and strategies. Choosing a partner that is uniquely positioned to assess, recommend, and solve specific challenges your organization is facing will be imperative for success.
At Claroty, we understand that Zero Trust is not a one-solution challenge. That’s why we integrate with best-in-class solutions that help your organization successfully implement Zero Trust policies and address any gaps in your Zero Trust framework. We enable organizations to achieve greater value and establish cybersecurity best practices, reducing the risk of unauthorized access, ransomware attacks, and other cyber threats in their critical infrastructure environments.
To learn more about why Zero Trust matters for Manufacturing environments like yours, check out this white paper.
