How can supply chain attacks be mitigated?
To mitigate supply chain attacks, manufacturers can implement several strategies:
- Demand Software Bills of Materials (SBOMs) from vendors:SBOMs provide a list of components within software, similar to an ingredient list. By analyzing the SBOM, manufacturers can identify third-party software and assess potential risks.
- Establish Secure Connections:When collecting data from endpoints, ensure secure communication channels and limit access to authorized devices and systems. Use protocols like TLS (Transport Layer Security) to protect data transmission over untrusted networks.
- Implement Code Signing and Verification:Incorporate cryptographic code signing to verify the authenticity and integrity of software. Validate code before installation or updates to ensure it originates from a trusted source and has not been tampered with.
- Maintain Comprehensive Asset Inventory:Regularly scan and document all devices connected to the network, including details about the software and firmware running on each. This includes laptops, HMIs, PLCs, and IP cameras.
- Network Segmentation:Avoid directly connecting devices, including HMIs and engineering workstations, to the internet. Proper network segmentation limits the attack surface and prevents unauthorized access to critical systems.
- Third-Party Validation and Certification:Engage independent organizations to validate security measures, perform code reviews, and certify compliance with standards like IEC 62443.
Proactive Measures:
- Secure the Build Environment:Implement strong security controls to protect the software build environment from compromise. This includes controlling access, monitoring activity, and ensuring the integrity of the build process.
- Manual Code Reviews:Supplement automated security tools with manual code reviews conducted by trusted individuals. This helps identify vulnerabilities or malicious code that automated tools might miss.
- Monitor for Suspicious Activity:Implement monitoring systems to detect unusual network traffic, unauthorized access attempts, or changes to critical systems.
Importance of Standards and Regulations:
- IEC 62443:This international standard provides a comprehensive framework for securing industrial automation and control systems. It addresses product security, secure development lifecycles, and system-level security.
- EU Cyber Resilience Act (CRA):This EU regulation mandates cybersecurity requirements for manufacturers selling products in Europe, including providing SBOMs and demonstrating compliance with security standards.
Key Takeaways:
- Supply chain attacks target the trust between vendors and users. The Dragonfly attacks, which involved attackers targeting vendors and replacing legitimate software with Trojanized software, are mentioned in the session as a specific example of a supply chain attack. This attack strategy exploited the trust between users and vendors, allowing the attackers to penetrate numerous OT systems by compromising a single supplier.
- Attackers may exploit vulnerabilities in software or inject malicious code.
- SBOMs and secure coding practices are crucial for mitigating supply chain risks.
- Comprehensive asset inventory, network segmentation, and continuous monitoring are essential security measures.
This summary was generated by notebooklm based on the insights provided by Ellen Boehm, SVP of Global IoT Strategy & Operations, Keyfactor, Megan Samford, VP, Chief Product Security Officer – Energy Management, Schneider Electric, and Eric Byres, CTO and Board Member, aDolus, during the IIoT World Manufacturing Days. The “Fortress Factory: The Critical Importance of Cybersecurity in the IIoT Era” session was moderated by Patrick C Miller, CEO, Ampyx Cyber. For more insights, watch the video.