Cyber attacks have become an important issue for the world of manufacturing and logistics operations.
Even when machines are thought to be disconnected and offline, the danger remains present.
Malicious organisations can be motivated to target your operations for different reasons. They don't target operations because of their fame, and many companies that thought to be below the radar because they were "not very famous" got it wrong, and paid a high price for neglecting their information security.
Ransomware is a serious and growing issue in the manufacturing sector.
In recent years, the number of ransomware attacks targeting manufacturing has significantly increased. For example, 2020 saw 167 attacks, while 2021 had 148, and though the number dipped in 2022 to 81, attacks in 2023 have started to rise again, with 55 incidents reported by July.
These attacks have caused substantial financial and operational impacts, leading to increased downtime -averaging over 12 days in 2022, which can disrupt production and cause significant losses.
The estimated cost of downtime from ransomware in manufacturing is staggering, with reports suggesting around $46 billion in losses annually due to operational shutdowns. While the actual ransom amounts demanded vary, some high-profile cases saw demands reaching as high as $50 million.
In the context of hybrid warfare, where states or non-state actors use a mix of conventional and unconventional tactics, cyberattacks targeting operations and manufacturing sectors pose significant risks.
In hybrid warfare, manufacturing becomes both a direct and indirect target due to its critical role in national and economic security. A robust cybersecurity posture is essential to mitigate these risks and ensure operational continuity during conflicts.
Cyberattacks can also aim to steal trade secrets or designs for advanced technologies, including military applications. This weakens a nation’s competitive edge and bolsters adversaries' capabilities.
Intellectual property theft and espionage are significant challenges in the manufacturing sector as it is one of the top sectors targeted for cyber-espionage, with about 27% of breaches linked to espionage activities in recent years. These breaches often target trade secrets, production methods, and blueprints, which can provide a competitive advantage to rivals or nation-states
IP theft in manufacturing occurs through multiple channels, including unauthorized access, misuse by employees, supply chain vulnerabilities, and cyberattacks.
Vitesse aims to bring the latest software and security practices to the production floor, including better information security.
The Vitesse leadership team has successfully contributed to building mission-critical connected software solutions for leading manufacturers in the fields of aerospace, automotive and defense for more than a decade.
Vitesse is hosted on Linux and takes advantage of proven containerized services and applications. Vitesse applications are containerized themselves.
Building the VITESSE platform on Linux with containerized services and applications follows many best practices in modern information security (InfoSec) especially when compared to traditional automation control platforms. Containers offer significant advantages in security and flexibility, particularly when isolated from the host system.
Traditional automation systems often run on centralized, embedded systems or isolated, legacy software stacks. These systems can be harder (and sometimes impossible) to patch, upgrade, or secure due to their tightly integrated nature and lack of modularity.
By contrast, our containerized, micro-services architecture allows for easier scaling, isolation, and patching. Vitesse is always ahead in terms of agility and security when compared to legacy industrial control systems.
In August 2024, two of the most digitally advanced global manufacturers shared that “Vitesse is at least a decade ahead of traditional controls providers when it comes to cybersecurity” and “probably 5 years before competitors provide similar agility and ability to deploy distributed systems for operations, which is critical for security”.
The Vitesse Gateway is a software application that has been developed to bridge the Operation Technology layer, PLC networks and other networks such as the Information Technology layer. Gateway is a containerized application, and it’s recommended to run it on Linux and ideally in Kubernetes for ultimate security.
The Vitesse controller is an extremely reliable industrial PC that is optimized to run Gateway, to host the overall Vitesse solution, to run any Linux container and to form cost-efficient clusters on edge.
With its rugged enclosure, built-in power backup and voltage regulation allowing it to run on virtually any DC sources from 12 to 28V, the Vitesse Controller is the ideal compute node for clustering in the fields of operations.
For instance, it takes only 3 GALAXY controllers and a managed 4-port switch to create a cost-effective, highly reliable and secure Kubernetes cluster capable of managing the connections to dozens of controllers, multiple databases and several instances of the Vitesse Gateway:
Deployed in the PLC network, the Vitesse Gateway can communicate with your equipment (PLCs, robot controllers, cameras, testers, scanners, etc.) using the native protocol when it’s possible:
GATEWAY can connect to modern and legacy controllers. The insulated USB ports, when enabled, can host adapters such as Modbus or RS485 serial, scanners, printers, etc. Its deported wireless antenna can be used to populate data to a secure, dedicated wireless network, or to create a private Gateway-to-Gateway connection.
It can also use a secured connection with other endpoints or services in a different layer, being white-listed and ideally through a virtual network, so that it can exchange encrypted data through this bridge, and therefore enable specific and monitored communication between different networks.
For instance, Vitesse Gateway is ideal to enable telemetry bottoms-up and to receive fabrication orders from an MES, top-down.
While this isn’t a mandatory model, one successful implementation includes deploying a secure, highly reliable cluster on edge, and using Gateway as the bridge to control and map data between networks. With a managed network switch, this architecture allows our clients to comply with NIS2, NIST and FISMA:
While it is preferred to use Kubernetes clusters for higher security, to use containers on a single Linux computer following essential security practices is already an important step towards better security practices. This can allow for the hosting of secure applications in the operations and PLC networks.
The Vitesse team is available to assist our customers in increasing their information security progressively.
It's critical to use trusted, managed and up-to-date switches and firewalls.
Simple solutions such as a FortiGate firewall by Fortinet offer a cost efficient solution to secure the operations network.
The first commitment of Vitesse is to provide our customers with a secure software solution that is free of known vulnerabilities, and that enables the adoption of the best security tools and practices.
Vitesse runs in containers on Linux, which offers some advantages over virtualization, including a more defined perimeter regarding information security, especially when using Kubernetes. The primary advantages are the reduced attack surface and ability to patch software quickly.
Kubernetes is more secure in many cases, but proper configuration and securing the underlying host system are essential, therefore the importance of running Kubernetes on a well-managed distribution of Linux.
All third-party libraries used by Vitesse are automatically scanned for vulnerabilities. We currently use Aquasecurity Trivy and Snyk Scan in our Continuous Integration pipeline, and constantly explore and consider other solutions to add to - or replace, the current tools in use. The scan takes less than an hour and runs daily.
Whenever a vulnerability is identified or introduced with a new package, Vitesse either remains on the previous version of the package, assuming the vulnerability wasn’t already present in the previous builds, while ways to mitigate the risk are found.
Security patches are typically available from the software vendor within 1 to 8 days.
When a library containing a vulnerability is necessary, then the Vitesse engineers identify the entry point and develop some workaround for the potential exploit with a combination of input validation and code hardening, to ensure that the know vulnerability can unlikely be exploited.
The deliverables would still mention the vulnerability with release notes explaining the risk and workaround, so that stakeholders can make an informed decision before deploying this release in the field.
When new code is written and submitted in the Vitesse codebase, static code analysis checks for anything that could lead to vulnerabilities such as buffer overflows, non-initialized variables, etc.
Like with unit tests, engineers cannot submit code changes into the Continuous Integration pipeline before it has been cleared by the static analyzer.
In addition to scan dependencies to detect potential vulnerabilities, Snyk also scans our native code using semantic analysis to detect potential bugs and vulnerabilities that our own code could inject into the codebase.
Traditional Platforms:
Vitesse:
Concrete Benefit: Vitesse can reduce the attack surface by up to 70% compared to traditional platforms, significantly lowering the likelihood of successful attacks.
Traditional Platforms:
Vitesse:
Concrete Benefit: Vitesse can reduce patching delays by over 90% compared to traditional platforms.
Traditional Platforms:
Vitesse (Linux & Containers):
Concrete Benefit: Vitesse reduces incident response time by up to 95%, drastically minimizing potential damage and downtime from security breaches.
Traditional Platforms:
Vitesse (Linux & Containers):
Concrete Benefit: By minimizing vulnerabilities and downtime, Vitesse can lower breach costs by up to 60%, potentially saving millions per incident.
Traditional Platforms:
Vitesse:
Concrete Benefit: Vitesse can reduce downtime by over 80%, greatly improving operational efficiency and reducing disruptions.
The above advantages provide Vitesse with unfair security advantages over traditional automation platforms, matching today’s best software solutions:
By adopting modern containerized approaches on Linux, Vitesse demonstrates significant security advantages, making it more secure, flexible, and cost-efficient than the established automation platforms.
These benefits not only provide enhanced security but also contribute to reduced operational costs and improved uptime, critical in high-stakes manufacturing environments.