INDUSTRY

Manufacturing

Risks
  • Network configurations 
  • OT vulnerabilities 
  • Intrusion attacks

The Study

During the pandemic outbreak, the demand for protective gloves soared worldwide. Understanding the rising demands while also adhering to the pandemic-driven lockdown that had decreased more than half of the workforce, a renowned glove manufacturing company in Malaysia aimed to upgrade its operations to increase its productivity. This was also a good opportunity to answer the call for Industry 4.0 revolution among manufacturers. However, there are doubts and concerns about the security risks accompanying the upgrades. 

Among the challenges they weighed in are the loss of revenue due to production disruption, especially through the operations network. This is due to the cybersecurity landscape in recent years shown that among one of the most common cyber attacks on manufacturing and industrial companies are targeted intrusion attacks on production networks. Aside from that, the IT security team at the time, while was experienced in IT security, were still new in OT security.

Photo by Mohd RASFAN / AFP

OUR

CUSTOMER CHALLENGE

With their main product being one of the most essential items used for medical and household needs, any disruption on their operations, even for a day, would have a global impact. This put them in a quandary. Nevertheless, they took the best step they think of: seeking consultation from manufacturing and OT cyber security experts to ensure they get the optimum balance between continuing productions and securing operations.

OUR

SOLUTION

Trusting YNY Technology’s expertise in industrial cybersecurity, our consultation is tasked with assessing the company’s security posture and vulnerabilities.  

For the assessment, we started by having a clear image of the environment, including the network configuration and possible affected assets. From there, we provided a PoC, of the security project to be implemented that explains the needs of certain solutions to be installed. Several lab simulations were created to show how the vulnerabilities within the system can be exploited. This simulation includes the demonstration after the security project is implemented to show how effectively the intrusion attacks can be prevented or mitigated. The simulations were conducted with both the scenarios before and after installation of the suggested solutions to give a vivid comparison between the two conditions and the benefits of the implementation. 

Additionally, based on the initial security assessment, an improved security-by-design network configuration was recommended by our consultant. Taking a step further, the design is also configured based on the IEC-62443 security, a series of standards with manufacturing automation in mind. This design takes into account the apparent risks and vulnerabilities assessed. The risks consider the scenarios that could impact or bring dire consequences towards the organization as a whole, in which the first step in reducing the risk is to separate the IT from the OT network to prevent unauthorized access. Machinery and applications were assessed for their vulnerabilities and updated to their latest security patches and firmware. 

Throughout the whole assessment and improvement, we ensure the SCADA systems were not affected during the changes and that the operations continue without any disruptions. This is by taking into consideration the best way to integrate manual instructions that the staff are adapted in handling with the customized configurations for the automation and machinery. 

Finally, in addition to the hands-on guidance and training provided throughout the whole assessment, several handover documentations were also prepared so that they are well-equipped to maintain their security posture after the consultation.

THE

RESULT

This has resulted in better security resilience within the organization and its operational technologies. The technical gap analysis before and after implementation comparison gave invaluable information on the implemented security controls efficacy, validating the effectiveness of the PoC against possible attacks and exploitations. The client is highly satisfied with the end result as they can worry less about the security risks and focus more on delivering their customer’s needs.