The above analysis focuses on the most common types of attacks in the manufacturing industry, and manufacturers need to take protective measures in advance to deal with possible attacks. Here are some suggestions:

MMII-PD-1-2-240 Strengthen employees’ security awareness, organize relevant training to teach employees how to identify phishing, how to prevent and other knowledge, and conduct phishing tests from time to time.

Introduce equipment supply chain security assessment and management mechanism. For the various operating machines, IOT devices, and mobile devices used daily in the factory, before purchasing or using, you can assess the security by yourself or by looking for professional security manufacturers, try to build vulnerability repair mechanisms with suppliers, and set product security access thresholds.

MMII-PD-1-2-240 Conduct compliance control on the upstream and downstream vendors, establish different permission levels from multiple dimensions such as business, data, and files, and make detailed records of external network access for traceability query.

Actively sort out existing assets, classify them according to indicators such as importance, deploy security management products for the whole network, and form a deep defense system with rapid response capability. Excellent security management products can detect the source of virus infection in time and isolate it by monitoring network traffic, effectively blocking virus transmission. The separation of domains can also avoid the spread of ransomware throughout the factory.

Establish a strict and effective data backup scheme to save critical business data and files in local, remote and private clouds to avoid shutdown caused by ransomware infection of critical files.

MMII-PD-1-2-240 Strengthen the security protection capabilities of endpoints such as hosts. You can deploy appropriate terminal security management software, and install system patches as much as possible on machines that do not meet the deployment conditions based on compatibility tests. If sensitive ports such as 3389,445 are not required, disable them.

Perform regular security checks on IOT devices and contact manufacturers for real-time updates on the latest firmware versions to prevent attackers from exploiting known vulnerabilities.

Manage wireless connections in the manufacturing area, change passwords regularly (using strong passwords), control private AP access, and turn off wireless functions of unnecessary printers and other devices.

MMII-PD-1-2-240 When external personnel access the network in the manufacturing area, they shall use the virtual private network or other encrypted connection schemes, and record the behavior.

Do security scanning of the program files of CNC machine tools, industrial robots and other equipment to ensure that the program files do not carry known viruses.

If possible, it is necessary to do automatic or regular source code review of the program of CNC machine tools, industrial robots and other equipment, such as the use of abnormal functions, timely feedback programming personnel to modify, record, record, share experience, etc.

Establish a common program file security review library with integrators, and establish access and authentication mechanisms, only certified programmers have permission to read and store programming programs.