Manufacturing leaders are under constant pressure to increase efficiency and profitability for the organization by improving the quantity, quality and speed of production. To drive these outcomes, manufacturers are looking for ways to integrate technology without sacrificing the safety of the workforce or operational uptime.
Digitization makes manufacturers more productive and efficient. However, if implemented incorrectly, digitization comes with serious security risks that have the potential to halt the entire operation and jeopardize staff safety. When manufacturing equipment and operational technology (OT) connect to enterprise IT networks for the first time, bad actors can exploit weaknesses in your cybersecurity with potentially disastrous results.
It's essential for manufacturing leaders to work with their IT teams to build a comprehensive OT security strategy that mitigates these risks while still achieving critical business goals.
Many manufacturing facilities have been around for decades, far before OT had any connection to the internet. Today, some of that same legacy manufacturing equipment is operating alongside connected devices, and many leaders don't have a solid grasp on what the entire estate looks like.
To add to the complexity, many organizations have locations and facilities scattered around the country — or world — that require overarching standards, governance and operating models, with individual processes and capabilities that will need their own oversight. Each of these components has security considerations. This overwhelming complexity can create gaps in visibility, which introduces many security risks.
"There's a lack of awareness of how all of those pieces fit together," remarked Don Rogers, who leads the manufacturing practice at WWT, during a wwt.com virtual event. "And without that visibility and awareness, it becomes really, really difficult to create a security strategy that's going to be effective without disrupting the business."
Manufacturing leaders and their IT and cybersecurity counterparts need to ask critical questions:
- What does your current operation look like?
- What are all the devices — both OT and more traditional enterprise devices like laptops — connected to my network?
- What are these devices doing? And should they be doing this?
- Who has access to all these assets? Is that access granted on a least-privileged basis to ensure staff and contractors only have access to what they need to do the job?
This will get your team thinking proactively about how to secure the entire operation.
Historically, IT teams haven't been closely involved with manufacturing operations. These teams can be unfamiliar with how manufacturing floors operate and the processes required to make the business successful. Instead, security practitioners are often primarily concerned with enterprise cybersecurity tactics (such as zero trust strategies and identity and access management), many of which don't directly transfer to the OT environment.
Manufacturing leaders, meanwhile, are focused on production outcomes, resilience of the overall operations, and 24/7 availability, safety and quality. These manufacturing priorities now require a focus on cybersecurity at every step. This makes tight integration with your IT team paramount — but it doesn't have to be difficult. Ideally, your IT leadership is your ally and partner.
Where should you get started? Invest time in helping IT and manufacturing teams understand the processes and care-abouts of their counterparts. You don't need to be experts in each other's domains, but you should understand the way your colleagues think and operate. This will help you build cross-functional teams that can scale as your business grows while ensuring both the security and efficiency of your entire operations.
Once your IT team has an understanding of manufacturing operations, they can begin to think first in terms of outcomes and then apply security tactics and solutions fit for OT.
Strong partnerships between manufacturing operations and IT teams are no longer optional. For manufacturing leaders, we invite you to read through our primer on the cybersecurity practices all organizations should prioritize. This will serve as a crash course for those who don't focus on daily security operations. It's also a helpful conversation starter in your outreach to your IT and security team.
This report may not be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, recording, or otherwise, without the prior express written permission of WWT Research. It consists of the opinions of WWT Research and as such should be not construed as statements of fact. WWT provides the Report "AS-IS", although the information contained in Report has been obtained from sources that are believed to be reliable. WWT disclaims all warranties as to the accuracy, completeness or adequacy of the information.