As the industrial sector has risen in popularity amongst the hacking community, new vulnerabilities are being discovered throughout the enterprise. From industrial control systems to network endpoints and API calls, the expanding OT environment offers a vast collection of potential security soft spots. And within the last 18 months, these current and potential vulnerabilities are being exploited not just on large manufacturers and infrastructure enterprises, but the key suppliers, logistics providers and distributors that are vital in bringing product to market.
I recently sat down with Dor Dali, Head of Security Research at Cyolo to discuss how the industrial sector can be better prepare for, and respond to, these evolving cyber threats.
Jeff Reinke, editorial director: Do you think there was a watershed moment when manufacturers realized how vulnerable their supply chains were to hackers, or has this been a more gradual development?
Dor Dali, Head of Security Research at Cyolo: While there hasn’t been a single defining moment, awareness of vulnerabilities in the manufacturing industry has certainly increased over time, especially across supply chain and in the wake of significant security incidents. These events, such as the SolarWinds breach, the discovery of critical vulnerabilities like those in Log4j, and the latest incident of XZ Utils, have acted as catalysts, punctuating a gradual realization with sudden and urgent wake-up calls. As a result, these events have sharpened the focus on prioritizing security strategies, driving manufacturers to reevaluate and strengthen their current approach.
JR: The supply chain is part of the expanding attack surface for the industrial sector, which can make addressing any part of this environment seem overwhelming. What’s your advice on a good place to start?
DD: Security leaders should begin with creating and maintaining a comprehensive Software Bill of Materials (SBOM). This will help gain full visibility into the libraries and tools being utilized, both directly and indirectly, through dependencies and built-in software in operating systems. Security teams should also continuously monitor this inventory for any new vulnerabilities.
JR: What types of tools do you think can have the best or most immediate impact on securing supply chains?
DD: A few tools, including Software Composition Analysis (SCA), Container Security and Zero Trust Network Access (ZTNA), will effectively address various aspects of supply chain security - from managing third-party risks to securing network access and containerized environments. Third-party risk mitigation is especially critical as 73 percent of organizations allow vendors and other third parties to access their OT environment, and 60 percent of enterprises authorize OT systems access for more than 50 different vendors.
JR: People are always a vital part of the cybersecurity equation. What do you feel can be done to help those in the supply chain play a bigger role in keeping it secure?
DD: Combining Remote Privileged Access Management (RPAM) with Software Composition Analysis (SCA) can greatly strengthen the security of supply chains. RPAM secures and manages remote access to essential systems, while SCA, along with the Software Bill of Materials (SBOM), enhances visibility and control over software components and their vulnerabilities. This integration enables supply chain participants to actively spot and address security threats, minimizing the attack surface as much as possible. Such a strategy ensures that, should an attack evade SCA detection, its potential impact is confined.
JR: Traceability and visibility in the supply chain has become even more important since the pandemic. What advice would you offer in preserving internal visibility without creating more potential soft spots for hackers to probe?
DD: Visibility is a significant challenge in industrial environments, as currently, 73 percent of organizations lack an authoritative OT asset inventory. This places critical supply chain environments at risk of not only their digital infrastructure being harmed, but it places their workers’ physical safety at risk as they operate with connected devices in the field.
To maintain visibility without increasing vulnerabilities, security leaders must focus on granular access control to assets, conduct regular security audits, utilize advanced monitoring for anomaly detection, and invest in continuous staff training on security best practices.
JR: What do you feel will be the biggest trends, improvements or new developments in the next 12-18 months, as it relates to supply chain cybersecurity?
DD: In the next 12-18 months, the full manufacturing infrastructure cybersecurity will likely see significant trends. These include the increased adoption of AI and machine learning for predictive threat analysis, a greater emphasis on Software Bill of Materials (SBOM) for enhanced visibility into software vulnerabilities, and the development of comprehensive supply chain risk management programs to identify and mitigate risks more effectively.
