The Third-Party risk landscape in Manufacturing
The manufacturing sector’s reliance on third-party vendors for remote OT maintenance introduces significant cybersecurity risks. According to the World Economic Forum’s white paper, “Building a Culture of Cyber Resilience in Manufacturing“, 41% of major cyber incidents originate from third parties, and 54% of organizations lack visibility into their supply chain vulnerabilities. These gaps expose critical OT systems to cascading risks, including production halts, financial losses, and reputational damage.
To address these challenges, manufacturers must adopt a structured, technical approach that integrates Zero Trust principles, network segmentation, and secure remote access into their operations.
1. Zero Trust Architecture
Zero Trust is a security model that assumes every connection is hostile until verified. It is particularly effective in managing third-party access to OT systems, where traditional perimeter defenses are insufficient.
Key Implementations:
- Multi-Factor Authentication (MFA): enforce MFA for all third-party accounts to ensure robust identity verification. For example, service providers accessing OT systems must authenticate using both a password and a hardware token.
- Context-Aware Authorization: validate the security posture of third-party devices before granting access. This includes checking for up-to-date patches, antivirus software, and compliance with organizational security policies.
- Session Monitoring and Recording: use jump servers to monitor and record all third-party sessions. For instance, session recording software can capture keystrokes, commands, and screen activity, providing a detailed audit trail for compliance and incident response.
Example:
A manufacturing company implemented session recording on jump servers, enabling them to detect and investigate unauthorized configuration changes made by a third-party vendor. This proactive monitoring prevented a potential production outage.
2. Network segmentation: isolating critical systems
Flat network architectures allow attackers to move laterally across systems, increasing the impact of breaches. Network segmentation is essential to contain threats and protect critical OT assets.
Best practices:
- ISA/IEC 62443 Zoning: divide the OT network into secure zones and conduits. For example, isolate production-critical systems from less secure administrative networks using VLANs and firewalls.
- Microsegmentation: implement fine-grained segmentation to restrict communication between systems. For instance, allow only specific protocols and ports between a vendor’s workstation and the OT system they maintain.
- Jump Hosts: route all third-party connections through hardened jump servers. These servers enforce strict access controls and provide a single point of entry for monitoring and auditing.
Example :
A global manufacturer segmented its OT network into zones based on criticality. By isolating its SCADA systems from the rest of the network, the company limited the impact of a ransomware attack to a single zone, preventing lateral movement and protecting production systems.
3. Secure remote access: enhancing visibility and control
Third-party remote access is a common attack vector in OT environments. Securing these connections requires robust infrastructure and continuous monitoring.
Key strategies:
- Jump servers with protocol breaks: use jump servers to isolate third-party connections and validate OT protocols. Protocol break devices ensure that only legitimate traffic reaches critical systems.
- Session recording and auditing: record all remote access sessions, including user actions, system interactions, and command execution. Regularly review these logs to identify anomalies and ensure compliance.
- Real-Time anomaly detection: deploy machine learning-based tools to monitor third-party behavior and flag deviations from established baselines.
Example :
A manufacturing plant implemented jump servers with session recording and anomaly detection. When a vendor attempted to access unauthorized systems, the anomaly detection system flagged the activity, and the session was terminated immediately, preventing a potential breach.
4. Governance and compliance: embedding security into contracts
Technical controls must be complemented by strong governance and compliance measures to ensure third-party accountability.
Actionable steps:
- Security-Centric contracts: mandate adherence to cybersecurity standards like IEC 62443 in all vendor agreements. For example, require vendors to implement network segmentation and session recording as part of their contractual obligations.
- Regular audits: conduct periodic reviews of vendor practices to verify compliance with security requirements. This includes auditing access logs, session recordings, and configuration settings.
- Incident response integration: include third-party access scenarios in your incident response plan. Define clear escalation procedures and communication channels to ensure a coordinated response.
Example:
A manufacturer required all vendors to comply with IEC 62443 standards and conducted quarterly audits to verify compliance. During one audit, a vendor’s non-compliance with session recording requirements was identified and rectified, closing a critical security gap.
5. Continuous monitoring and learning: staying ahead of threats
Continuous monitoring and visibility are essential for detecting and responding to evolving cyber threats.
Key techniques:
- Real-Time monitoring: use tools that provide real-time visibility into third-party activities. For example, deploy network monitoring solutions to track data flows and detect anomalies.
- Machine learning for anomaly detection: leverage machine learning to identify unusual patterns in third-party behavior, such as accessing systems outside their scope of work.
- Regular training and simulations: conduct cybersecurity training for internal teams and third-party vendors. Simulate attack scenarios to test the effectiveness of your security measures.
Example:
A manufacturing company used machine learning to monitor third-party access. When a vendor’s account exhibited unusual login patterns, the system flagged the activity, and access was revoked pending investigation. This proactive approach prevented a potential breach.
Conclusion: building a resilient ecosystem
Securing third-party access in OT environments requires a combination of technical controls, governance, and continuous monitoring. By implementing Zero Trust principles, network segmentation, secure remote access, and strong governance, manufacturers can reduce their attack surface and enhance operational resilience.
Sources:
- Building a Culture of Cyber Resilience in Manufacturing 2024 – World Economic Forum.
- Manufacturing Cybersecurity Handbook 2025.
Is your outdated IT infrastructure exposing your school to cyber threats?
By implementing strategic modernization plans, including cloud migration and advanced security measures, we’ve empowered schools to protect sensitive data and ensure operational continuity.
Additional resources
Optimizing network monitoring for the union sector
Enhanced network visibility, streamlined monitoring, and reduced operational costs with a tailored solution for the union sector.
Legacy Systems in education: a critical IT challenge for schools
Learn how legacy systems impact IT security in schools and discover practical ways to modernize. Protect data and support safe learning in education.
Strengthening Third-Party security in OT environments
Secure your third-party access with Zero Trust, network segmentation, ZTNA, and PAM. Learn how to protect your critical OT systems with these key strategies.