Plastics processors should always prioritize protecting themselves from cybersecurity threats, but changes in business practices due to the global COVID-19 pandemic have opened the door for additional risks.
For example, large numbers of employees are now working remotely and accessing companies’ computer networks from their homes.
“Remote access to manufacturing plants is another significant threat, and if these networks were compromised, major damage could follow,” said Guilad Regev, senior VP for technical operations for cybersecurity firm Claroty. “That said, many IT teams who are tasked with securing networks do not have the tools to deal with the challenges they are facing right now. This has always been a problem for organizations, but [it is] one that is much more prevalent now that more and more of us are working remotely.
“A largely remote workforce has unique implications when it comes to securing OT networks,” he said. “However, this is also a broad issue given that every large organization, no matter its industry or business model, has OT [operational technology] assets.”
Companies have to be careful about how they provide access to their systems.
“One implication is that many organizations are making many changes when it comes to monitoring and controlling access to their systems in a way that is secure but also doesn’t interfere with employees doing their jobs,” Regev said. “In a time where the word ‘remote’ is being used more than ever before, the importance of remote access management is really coming to the forefront and OT network administrators are finding themselves on the front lines of enablement. Workers who usually access control systems physically in order to carry out their job are now looking for their employers to provide them with online connectivity. However, allowing for various types of users, systems, access levels and functions is complex.”
The consequences of a security breach could be dire for manufacturers that have ramped up production of critical medical equipment, such as parts for ventilators. Manufacturing shutdowns or the production of out-of-spec parts won’t affect just the bottom line, they could disrupt the supply chain to hospitals and potentially harm patients.
“When one considers the potentially deadly consequences of cyberattacks on plastic manufacturers, the implications … are too severe to be ignored,” Regev said.
Claroty offers a suite of products for cyberthreat protection, detection and response for OT networks and devices. The Claroty Platform reduces risks posed by increasing connectivity between OT and IT networks, the company said.
“More specifically, the Claroty Platform simplifies OT security,” Regev said. “Developed specifically to protect OT environments within enterprises and critical infrastructure, the platform provides comprehensive OT asset and network visibility, segmentation, vulnerability management, threat detection, risk assessment and secure remote access (SRA) capabilities.
“SRA tackles one of the toughest challenges facing industrial cybersecurity practitioners today: maintaining the ability to remotely access OT environments while minimizing the substantial risks introduced by remote users.”
Manufacturers can take numerous steps to protect themselves from cyberattacks during the pandemic. Regev provided the following recommendations:
• Connection monitoring: Organizations should take special care over the next several months to monitor all remote connections, even the seemingly unimportant ones. Ideally, this means having the capability to observe remote sessions in real-time, actively manage user access requests based on purpose, length and frequency, and terminate sessions with the click of a button. Doing so will reduce the risk of both internal and external exploitation, including by third parties, without introducing costly or burdensome barriers to productivity.
• Privileged access control: As organizations rely increasingly on remote connectivity, it’s critical that they define and enforce access permissions for remote users, especially those with privileged access. For industrial organizations, access policies should reflect a layered network defense model to mitigate lateral movement in the event of a compromise and protect the most sensitive and critical process control assets. Lateral movement refers to nefarious actors moving through a network as they search for key data and assets. Moving from an IT to an OT network, or vice versa, is one example.
• Authentication: One of the biggest risks associated with the rapid adoption of remote access operations is the use, sharing and management of passwords. If possible, organizations should seek to limit the use of passwords by third-party users by requiring administrator approval for all remote access sessions. In other cases, businesses should take advantage of password vaulting technology and use multi-factor authentication to protect accounts from being compromised. A password vault is software that keeps numerous passwords encrypted in secure digital locations and allows users to use a single master password to access different passwords for different websites or services.
• Auditing and compliance: Maintain consistent and stringent audit requirements for remote access during periods of flexible workplace arrangements due to the coronavirus. “Opportunistic hackers will undoubtedly attempt to take advantage of this opportunity to gain and maintain persistent access to critical networks,” Regev said. Despite organizations’ best efforts, some hackers will be successful. Capturing and documenting all remote access activity and credential usage will help with future forensic analysis, he said.
Bruce Geiselman, senior staff reporter