The Evolution of "Next-Generation" Manufacturing and the Need for Network Security

Christian Wiens Director of Marketing

Christian Wiens is Director of Marketing at MixMode. He has 10+ years of experience as a cybersecurity professional. He has his BA from The University of California, Berkeley and resides in Austin, TX.

The new MixMode & RAVENii whitepaper, “The Evolution of ‘Next-Generation’ Manufacturing and the Need for Network Security,” is a comprehensive look at how third-wave AI is improving modern network security across connected manufacturing networks and beyond.

Synopsis

Today’s hyper-connected world is changing the way we work, live, and communicate.

The manufacturing sector, in particular, has experienced a significant evolution thanks to so-called Internet 4.0 connectivity. Plant managers can oversee production, change specifications remotely, and connect with employees from anywhere. Smart Internet 4.0 networks can self-adjust to changing environmental conditions, automate shipping functions, and control the actions of factory robots.

Unfortunately, for all the promise offered by this next generation of the industrial revolution, connected devices are inherently vulnerable to network security threats. These threats are just as worrisome as traditional network security risks, but both management and SecOps teams tend to overlook internet 4.0 vulnerabilities.

Internet 4.0 networks are at risk in several unique ways:

· Inadvertent employee exposure

· Sprawling manufacturing networks that require third-party access

· Manufacturing process disruption driven by hackers

NIST ICS Cybersecurity Guidelines

The National Institute of Stands and Technology (NIST) has established a set of guidelines aimed at mitigating the risk of malware attacks affecting remote access and industrial control systems (ICS). These recommendations focus on threat detection, especially aberrations in operation environment behaviors.

New NIST additions to the Cybersecurity Framework specify ten alerts unique to connected manufacturing environments:

1. Unauthorized Device Connected to the Network

2. Unencrypted HTTP Credentials Detected on the Network

3. Unauthorized Ethernet/IP Scan of the Network

4. Unauthorized SSH Session Is Enabled with Internet-based Server

5. Data Exfiltration to the Internet via DNS Tunneling

6. Unauthorized ICS Logic Download

7. Undefined Modbus TCP Function Codes Transmitted to PLC

8. Brute-Force Password Attack Against a Networking Device

9. Data Exfiltration to the Internet via Secure Copy Protocol

10. Virus Test File Is Detected on the Network

Addressing Industry 4.0 Vulnerabilities with MixMode

MixMode approaches modern manufacturing cybersecurity through the use of smart, third-wave AI that self-adjusts to constantly-evolving networks. MixMode AI can anticipate and guard against vulnerabilities outlined in the NIST guidelines by identifying anomalies in network traffic.

Typical Internet 4.0 vulnerabilities include:

· Open ports

· Unencrypted traffic

· Passwords in clear text

· Unexpected communications between IPs or departments

· Rogue machines on network

MixMode’s unsupervised AI enhances network security by establishing a baseline of typical network activity and then monitoring the network to detect unusual behaviors. The MixMode platform can detect more zero-day attacks than other cybersecurity platforms.

MixMode can detect and respond to common Internet 4.0 anomalies as they happen in real time, including:

· User authentication failures

· Unusual file transfers between devices

· Denial of Service (DoS)

· Unexpected new network devices

· Data exfiltration

· Abnormal ICS protocol communications

· Abnormal manufacturing system operations port scans/probes

· Environmental changes

MixMode can establish a complete network baseline in under a week, a process that can take similar platforms months to complete. MixMode’s AI dives deep to create a comprehensive baseline snapshot. Equipped with this baseline knowledge, the AI gets to work to deliver next-level network analytics.

Most importantly, MixMode has been designed to predict threats before they negatively impact network security. This critical distinction has improved data security for many clients, including cybersecurity service provider RAVENii.

MixMode was able to improve RAVENii’s network security by increasing OT network traffic visibility. A case study outlining the positive impact RAVENii has experienced due to their partnership with MixMode is included in the whitepaper.