Manufacturing Cybersecurity: Trends & Survey Response
Figure 5: Q19. Until now, what have been your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems?
Q20.What do you believe your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems are over the next three years?(NB: Multiple choices allowed)
We will consider the reasons and background for these results.
One of the reasons why there is a high awareness of efforts to prevent recurrence is that the manufacturing industry is expected to have a high percentage of established improvement processes to constantly increase productivity, and security can also be put on that system. There is a point that This result is the highest in the US, Germany, and Japan, exceeding 31% in all countries, and there is no variation like in other industries. You can see that this is a common issue throughout the industry.
5G initiatives have changed the most in Japan, rising by 7.2 points. I believe that the two points that have led to the big change in Japan are the increased benefits of introducing 5G and the requirement for security measures as a condition for granting local 5G base station licenses.
The local 5G usage system by the Ministry of Internal Affairs and Communications expanded the frequency band used from December 2020 to 4.6 to 4.9 GHz, which has a long transmission distance, and the government introduced a preferential tax system for 5G introduction. The benefits are even greater.
The Ministry of Internal Affairs and Communications stipulates that cybersecurity measures, including supply chain risks, must be taken as a condition for certifying development plans for specific base stations for the introduction of 5G. And local 5G is supposed to have the same conditions at the time of licensing.
Interest in 5G in Germany continues to be high at 31.4%. In Germany, the autonomous decentralized inter-enterprise collaboration mechanism (GAIA-X), which has been considered and implemented since around 2016, will start full-scale activities in 2021, the mobile communication strategy by the German government, and the EU as a whole.
We are actively working on 5G against the background of investment in the digital Europe program that we are promoting. At the same time, it is thought that there is a high awareness of ensuring security. Cloud usage scores similarly high. It is necessary to analyze the risks and threats at the time of introduction so that the introduction of these new technologies does not create new security risks.
2 Trend Micro Proposal
Summary of our research and analysis:
- In the manufacturing industry, the period of suspension due to security incidents is relatively short, and as a result, the amount of damage in terms of money is relatively small. This is thought to be because there are many assembly manufacturing systems, and it is relatively easy to stop and start the system.
- Although we are continuously working to improve security, it is thought that there are still issues to be addressed in ensuring security when using the cloud or using removable media.
- The hurdles to introduce new technologies such as cloud and 5G are more aggressive than other industries, but we must be aware that the number of companies and products involved will increase accordingly, and security management requirements such as analysis of new attack surfaces will increase.
- It is necessary to visualize the security risks of complex systems with a mixture of various tools, services, and vendors, and implement measures to ensure safe operation
Based on this result, Trend Micro proposes to organize and address cyber security challenges for CISOs in the manufacturing industry as follows:
- Take advantage of the improvement process of the manufacturing industry to improve security and strengthen operations and implement preventive measures specializing in OT to prevent a recurrence.
- Create a system and mechanism that can perform accurate cause analysis and response when an incident occurs across IT and OT.
- When introducing new technologies such as 5G, conduct threat and risk analysis comprehensively rather than locally. It also visualizes situations that change dynamically during operation, shortening the time to detect and respond to minimize damage.
More information on threats to ICS endpoints, including manufacturing, can be found here.
Read More HERE