Chemical manufacturers have increasingly turned to operational technology (OT) to streamline production and optimize schedules to meet the demands of the global supply chain. Many security-related barriers to OT adoption have been addressed, but a Government Accountability Office (GAO) study found over 3,300 chemical plants using outdated guidelines that are over 10 years old, putting critical infrastructure at risk of being compromised by malicious actors.
High-impact approaches to cybersecurity for chemical manufacturing require understanding where to find the most significant risks within the OT network. These are five key considerations to keep in mind when assessing your own OT network’s security posture.
Jump to a section…
The Five Considerations for Improving Cybersecurity for Chemical Manufacturing
1. Understanding Motivations of Malicious Actors
2. Analyze Telemetry Data for Inconsistencies
3. Keep Remote Access Points Secure
4. Legacy Devices and Lack of Downtime Introduce Potential Vulnerabilities
5. Multi-Site, Multi-Vendor, and Third-Party Security Issues
Bolster Your Cybersecurity Solution With Byos
Check out Cybersecurity for the Manufacturing Industry for more breakdowns, advice, and next steps.
The Five Considerations for Improving Cybersecurity for Chemical Manufacturing
1. Understanding Motivations of Malicious Actors
Chemical manufacturers are a crucial component of global supply chains and utilities, making them high-value targets for malicious actors attempting to generate massive payouts. Two of the most prominent reasons malicious actors specifically target chemical manufacturers include:
Industrial Espionage
Protecting trade secrets and intellectual property is vital for chemical manufacturers, as the theft of this information can lead to devastating financial losses or even threats to national security.
Rival corporations and nations look for gaps in cybersecurity through phishing attempts, malware, or direct infiltration of physical plants. One prominent example is a 2022 court case involving a high-level Coca-Cola engineer secretly employed by a Chinese corporation who stole BPA-free coating formulas that cost nearly $120 million to develop. She was ultimately sentenced to 14 years in prison for economic espionage and fraud.
Robust cybersecurity measures and regular vetting of employees with access to proprietary information are vital for ensuring these secrets are protected. At the most fundamental level, securing assets on your network should be a top priority. Best practices for securing critical infrastructure networks are implementing technologies that cloak devices from discovery by external and internal bad actors.
Extortion
Malware, and especially ransomware, is one of the most popular methods these actors use to take control of manufacturing operations and extort them for large payouts. In 2019, LockerGoga ransomware hit U.S. chemical manufacturers Hexion and Momentive, encrypting company files and demanding a ransom paid out in bitcoin.
Organizations need to monitor their security measures and policies to prevent potential attacks. Regular employee training on best security practices is vital.
2. Analyze Telemetry Data for Inconsistencies
Chemical manufacturers making the upgrade to Industry 4.0 rely on a wealth of technology to automate production, such as robotics and other industrial machinery, artificial intelligence, and machine learning, which all feed into core SCADA systems for unified control of processes. Furthermore, manufacturers are also deploying Internet-of-Things (IoT) devices equipped with sensors that can track production levels, operational efficiency, throughput, and the overall health of the machinery within the OT network.
This massive chain of networked devices generates a vast amount of telemetry data. In addition to keeping systems administrators informed of OT network and machinery performance, this data can also be a vital tool for detecting intruders. To simplify the monitoring for all this telemetry data, look for ways to integrate your existing management tools and centralize the aggregated telemetry data.
IoT devices, connected machinery, and SCADA can act as potential attack surfaces for malicious actors. Monitoring this telemetry data is paramount for detecting a potential intrusion as it’s happening, as understanding your OT network’s baseline levels will alert you to any anomalous activity if an intrusion occurs and allow you to stop it before it spreads too far. Regularly investigate this telemetry data for any unusual patterns, and follow up with an inspection of the physical hardware and any attached IoT devices.
3. Keep Remote Access Points Secure
Remote access to critical infrastructure networks has dramatically expanded as engineers, administrators, and third parties increasingly manage and maintain hardware remotely. Plus, many IoT sensors transmit data via Wi-Fi with varying levels of encryption — or sometimes with no encryption at all. Without proper security protocols in place, each remote access point can become a potential attack surface for gaining wider access to a network.
Systems administrators should implement isolation, cloaking, and microsegmentation technology to improve cybersecurity for chemical manufacturing and minimize impact should an intrusion occur. Any hardware needed to access the network should be vetted before use, regularly analyzed while assigned to employees, and decommissioned with the proper security procedures. Network policies should be maintained both on-premises and remotely to reduce the likelihood of the network being compromised.
Additionally, track user login data and other essential logs to ensure unauthorized users are not accessing information or systems they shouldn’t. Implementing a Zero Trust framework for your OT network will help you better secure sensitive access points while helping you detect illegal access.
To aid in lowering the risk of unauthorized access, the Byos team has developed various tools to protect distributed workforces and secure IoT endpoints and legacy devices. Sign up for a free demo today to discover how Byos’ Gateway Edge™ technology provides plug-and-play, layered protection for industrial networks, including devices where you’re restricted from adding security agents or other protections to those devices.
4. Legacy Devices and Lack of Downtime Introduce Potential Vulnerabilities
While updating hardware and software to their latest iteration is generally considered best practice from a security standpoint, it may not be feasible with industrial components. Replacements may be too costly from a financial and operations perspective, or replacement hardware may simply not exist.
Air gapping industrial hardware can initially seem like a secure method of protecting these devices. In practice, maintaining an air gap is prone to human error and other complicating factors, such as unknown and unmonitored points of entry. Active device monitoring generally lowers the risk profile of a device better than leaving devices in an air gapped state.
As a result, OT managers often retrofit IoT devices onto these legacy systems. While this allows systems administrators to track and manage their legacy hardware from a central network, it can also create additional security risks as these devices may never have been designed to interact with modern networks. OT network admins must take special care to ensure correct configurations and security protocols are in place and updated as much as possible.
However, there are extremely rare instances of downtime in chemical production schedules, leaving windows for installing security updates and patches few and far between. Even when the time is available, organizations are reluctant to make these updates as any issues that arise can lead to further downtime and delays. Solutions like the Byos Secure Gateway Edge are becoming increasingly important for operators looking to enhance security without needing to take operations offline to do so.
5. Multi-Site, Multi-Vendor, and Third-Party Security Issues
Chemical manufacturers often manage multiple sites, including labs, offices, and manufacturing plants. Organizations also rely on several third-party vendors to provide or repair equipment, as well as control various aspects of the manufacturing process.
Each point of access becomes a potential attack vector, especially as vendors require access to industrial IoT environments across multiple locations to perform their work. Moreover, relying on multiple third-party vendors often results in inconsistent methods for connecting devices between the network and security infrastructures in different locations.
Government restrictions & chemical industry regulations often restrict placing agents on sensors and equipment in the production network. Without proper compensating controls, malicious actors could potentially be handed the keys to critical production equipment and sensitive data.
Systems administrators must develop stringent vendor access management policies to ensure vendors and third-party agents only have access to what they need and nothing more. Implementing multi-factor authentication and least privilege access will provide your organization control over vendor credentials while allowing you to track their on-site access. Ideally, external access to the OT network should be built-in from the ground up into the network security architecture.
Bolster Your Cybersecurity Solution With Byos
IoT networks bring unique challenges for IT/OT systems administrators within the chemical manufacturing industry. Solving them requires keen insight into device inventory, policy management, and network blind spots.
The team at Byos are experts at solving these problems, helping global manufacturers secure their infrastructure at scale. The Byos Secure Gateway Edge is purpose-built to protect entire fleets of IoT devices through microsegmentation. Our plug-and-play solution reduces attack surfaces and centralizes remote access, helping to prevent lateral movement threats while extending the life of your existing infrastructure.
Schedule a demonstration today, and see how Byos can enhance your cybersecurity posture across your network of legacy and modern devices.