When John Kindervag was a vice president and senior analyst at Forrester Research, he came up with the concept of a zero-trust model for cybersecurity. The typical process of keeping an organization’s network safe was to assume everyone on the inside did not pose a threat. However, zero-trust treats every network user as a possible danger, requiring vetting before receiving access.
Although the zero-trust model emerged in the cybersecurity sector, it applies to manufacturing, too. Here’s a look at why that’s the case.
Manufacturing breaches can be catastrophic
Many of today’s manufacturing plants are increasingly connected. They feature intelligent machines that collect data and present meaningful trends. Some facilities feature collaborative robots that work alongside humans to boost productivity. Manufacturers may also have automated systems that allow quickly reordering items before they go out of stock. It’s easy to see why manufacturing facilities have information hackers want.
Information published in a 2020 data breach report from Verizon determined 86% of incidents feature people acting out of a desire for financial gain. Given the sheer amount of data collected by some manufacturing plants, it’s no wonder why cybercriminals continue to target those facilities.
The zero-trust model applied to manufacturing means parties never give automatic approval to any entity that tries to access the network — whether that person is an employee who has been with the company for decades or a manufacturer’s most reliable supplier.
Research published in November 2020 showed that manufacturers are under increasing threats from attacks that use encrypted channels to bypass legacy security controls. More specifically, the manufacturing sector faced 1.1 billion of these threats, accounting for 17.4% of all such attacks.
The statistics in this section emphasize that cyberattacks are not far-fetched ideas in the manufacturing industry. They’re common issues that are progressively becoming more prevalent.
The zero-trust model restricts access
Following zero-trust manufacturing principles is a practical way for manufacturing companies to operate responsibly. That’s because using the zero-trust method to secure a manufacturing plant effectively reduces the access hackers can achieve.
This approach segments data so that only relevant parties can access it. For example, if an entry-level manufacturing floor worker tried to retrieve resources only used by the accounting department, that action would trigger an alert and keep the content locked down until someone reviews the access request and approves or denies it.
Thus, keeping material locked down like that reduces the chances of a massive data breach that puts customer information at risk. A hacker may get access to one data segment or a single resource. However, even then, they’d have to successfully enter numerous others before causing the kind of damage associated with data breaches when companies do not use a zero-trust strategy.
One possibility for zero-trust manufacturing is to utilize a public key infrastructure (PKI). It allows automating the management of the digital keys and certificates that grant authorized parties access. This method ensures keys are always current and linked to the correct asset.
For example, one digital key would give someone’s iPad access to the network while another verified that the person using the device has a valid reason to enter the infrastructure and get the requested resources.
An emerging solution for stronger supply chains
An enduring reality for most manufacturers is that they rely on a network of outside parties to meet their goals. Zero-trust manufacturing is not yet a widely adopted option. However, it becomes increasingly necessary to consider, especially when suppliers need privileged access to a manufacturer’s internal network.
If you’re looking for a viable alternative to traditional security approaches that are quickly becoming obsolete, the zero-trust method is worth a look. It goes beyond accepting anyone who enters the correct password. Instead, access requests get viewed in context, both at the device and person levels.
Implementing zero-trust manufacturing takes a conscious and ongoing effort, but it could be a worthwhile endeavor for a business that wants better protection as cyberattacks become more prevalent and severe.