OT Security is the New Avenger in Manufacturing

• Of all industries, manufacturing is the one targeted the most by cybercriminals
  Source: Statista
• About 95% of manufacturers have no OT Security in place
  Source: McKinsey
• Nearly 50% of all manufacturers suffered data breaches in 2024
  Source: The State of Security 2024
• $26M ransom payments per year - more than double compared to other industries
  Source: The Hidden Costs of Downtime

The Media is Widely Reporting on Cybersecurity Issues

Practically every week of the year you can read stories about another manufacturer being targeted by a cyberattack, often with disruption to their critical processes. This is a fact that has recently been highlighted by German tabloid BILD in its article "Die Akte der Cybererpressungen". The plant manager plays a critical role in this context. The performance of a manufacturing organization’s production lies in his hands. This is where the money is made. Taking the ongoing cybersecurity issues into account, the plant manager needs support from OT Security as the new Avenger in his team - his own personal security guard!

The CEO of the logistics company Reichhart shares very openly his experience of a devastating cyberattack in a report of the German Produktion Erfahrungsbericht: "Was bei einer Cyberattacke passiert". The company even published the letter of the cybercriminals asking for ransom.

The German IT association bitkom highlights in their press release "Angriffe auf die deutsche Wirtschaft nehmen zu" that many companies neglect supply chain risks when it comes to cybersecurity.

Why are Manufacturers at such a High Risk?

There are three factors which increase a manufacturer’s attack surface area and threat risk:

Low Tolerance for Downtime

Availability as part of the key KPI OEE (Overall Equipment Effectiveness) is the North Star for manufacturers because the cost of downtime for manufacturing organizations is $255 million annually according to the report The Hidden Costs of Downtime in Manufacturing.

Cybercriminals have figured out this basic truth: Unplanned downtime is expensive, and when the production line is brought to a grinding halt, manufacturers will pay a lot of money to get it back up and running.

Deep Digital Connectivity without Protection

Legacy systems and increasingly interconnected devices expose the vulnerability of manufacturers. Industrial control systems (ICS), with their key significance for manufacturing operations, are often more than 20 years old, and as such a sitting target for cybercriminals once getting directly or indirectly connected to the Internet. Even so-called “air-gapped environments” are no longer safe since there is always a risk by ever-present Wi-Fi connections in the plants.

Poorly-secured OT on the factory floor is increasingly connected to IT in the enterprise, and most critically, the organization’s valuable network of suppliers, retail partners and direct consumers. This ever-widening impact zone makes the industry a prime target for bad actors seeking more bang for their hacking buck.

Poor Visibility

Silos between IT and OT obscure sightlines, and limit the reach of enterprise security into a growing catalog of point solutions on the factory floor. The evolution to hybrid, multicloud infrastructure threatens to further compound complexity and reduce visibility, just as interconnected supply chain networks and direct to consumer sales increase the industry’s threat vortices.

How to Build Resilience with a Secure Factory?

There are three proven ways how to build resilience with a secure factory and ideally all of them should be combined:

Build an IT / OT SOC for Holistic Visibility

Unify your security operations across your IT and OT environments and strengthen digital resilience by modernizing your SOC (Security Operations Center) with unified threat detection, investigation and response.

Splunk is a recognized leader in cybersecurity with its market-leading SIEM Splunk Enterprise Security and a deep security portfolio as shown in the image below - adding breadth and depth together with Cisco.

Add a Dedicated OT Security Solution

Splunk helps manufacturing organizations build a powerful, next-generation security concept for their factories with the help of a dedicated OT Security Add On.

The Splunk Add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments. It reaches across both carpeted (IT) and concrete (OT) environments to better apply Splunk Enterprise Security to improve threat detection, incident investigation and response.

Existing specialized OT Security vendors are ingested as data sources to allow for holistic visibility across IT and OT environments. Cisco’s OT Security solution Cyber Vision - a leader in OT Security - works hand in hand with Splunk’s OT Security solution via the integration app Cisco Cyber Vision Splunk Add On.

The Solution Accelerator for Operational Technology (OT) Security helps to get started with common use cases for OT environments and ensure security controls are working. It also provides detailed information on architecture, data collection methods, and installation guides to help you overcome these OT-specific challenges.

As a result, the value add of IT / OT Security with Splunk comprises of the following points:

Implement the NIS2 Directive

The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU. The directive is in place since October 2024.

The new directive applies to many manufacturing organizations, not only sectors of high criticality. Key points include the following:

• Strict incidence reporting mandate (24h)
• Personal liability of C-level
• Huge penalties up to €10M

Needless to say, without a unified visibility across IT and OT environments the NIS2 Directive can’t be fulfilled.

Conclusion

Let‘s face it: Tough jobs are getting tougher and to be realistic, cyberattacks are inevitable in manufacturing. However, if detected at an early stage, they can either be prevented entirely or their consequences can be mitigated and contained.

The significant rise in OT Security searches at Google is an indication that this topic is top of mind for manufacturers.

After reacting in a defensive mode for the past years it is time to step up with a proactive security strategy including OT. Modernizing OT Security is a must since security hits keep coming in an increasingly sophisticated threat landscape driven also by AI. Manufacturers and actually every organization with an OT environment need to adapt to the new security realities.

IT Security is a matter of course. OT security must become one, too.

Ready to elevate your smart factory to a secure factory?

Then get in touch now!

Read On

Security in Manufacturing

• The State of Security in Manufacturing
• OT Security Manufacturing Industry Brief
• Manufacturing’s Top Four Cybersecurity Threats
• 3 Priorities for Manufacturing’s Next Chapter
• The State of Security 2024: The Race to Harness AI
• The Hidden Costs of Downtime

NIS2 Directive

• Cisco + Splunk Webinar:
  A Sense of Urgency: Industrial Cybersecurity and Compliance Under the NIS2 Directive
• NIS2: The Network & Information Security Directive
• German Podcast:
  NIS2 und Co: Lässt sich Cyber-Resilienz von oben verordnen?
  With Dorothea Brons, CIO of Hamburg Airport

Lessons Learned from Operation Endgame, Coordinated by Europol

• German Podcast:
  Operation Endgame: Was Unternehmen vom weltweiten Schlag gegen Cyber-Kriminalität lernen können - With Carsten Meywirth, Director Cyberdivision at Bundeskriminalamt (Federal Criminal Police Office)