Securing Manufacturing Operations with Zero Trust at the PLC Level
In today’s connected manufacturing environment, the programmable logic controllers (PLCs) at the heart of factory operations have become a prime target for cyber attacks. As Jay Smilyk, VP of the Americas at NanoLock Security, recently highlighted in an article for Smart Industry, implementing a zero-trust security model at the PLC level is critical to protecting industrial operations.
The rise of digitization initiatives within Industry 4.0 has led to the adoption of more networked devices and greater connectivity between IT and OT systems. Jay cites a 2022 IBM report showing that manufacturing is now the most targeted sector in the operational technology (OT) industry, with a whopping 41% increase in attacks. This expanded “attack surface” provides more opportunities for both insiders and external threat actors to manipulate control systems. And the risk isn’t just from external threats – insider risks from employees and third-party vendors with broad access privileges pose a major vulnerability. A single unsecured device or worker account is all it takes for an insider threat to materialize, whether through intentional malicious actions or human error.
Traditional security models built on implicit trust are no longer sufficient. As Jay explains, “PLC programming software is installed on engineering workstations with broad, shared access credentials. External vendors routinely gain admin privileges for maintenance and troubleshooting. Under these conditions, visibility is severely limited into who changes what, when, and why.”
This is where zero trust comes in. By verifying the identity and authorization of every user and device before granting access to critical systems like PLCs, manufacturers can dramatically reduce their risk profile. Some key zero trust practices at the PLC level include:
- Requiring multi-factor authentication for all engineers and vendors before allowing PLC program changes
- Enforcing least-privilege policies to limit users to only the specific PLCs they require for their roles
- Logging and auditing all PLC activity to enable security monitoring and compliance
- Preventing unauthorized changes to PLC programs in real-time
- Protecting PLC integrity both online and offline
With these zero trust protections in place, manufacturers can securely embrace the benefits of connectivity and digitalization without expanding their attack surface. As Jay concludes, “The operational integrity of the plant floor ultimately depends on the integrity of its underlying PLCs. By adopting a zero-trust approach, industrial sites can continue secure production without disruption.”
At NanoLock Security, we’re proud to be at the forefront of PLC-level zero trust security, helping manufacturers protect their most critical operational assets. To discuss how our solutions can secure your factory floor, contact us today.