Mitigating the Risk of the Recent log4j Vulnerability in Manufacturing Operations
Cybersecurity vulnerabilities related to the log4j logging library has the potential to have far-reaching impacts in the manufacturing space.
The recently exposed cybersecurity vulnerabilities related to the log4j logging library has the potential to have far-reaching impacts in the manufacturing space. Beginning on December 9, 2021, many technology companies began releasing news about this new threat and guidance for mitigating the risk. The vulnerability, known as Log4Shell, was rated a 10 out of 10 in severity using the Common Vulnerability Scoring System (CVSS). Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, went as far as calling this “one of the most serious I’ve seen in my entire career, if not the most serious” as reported by CyberScoop. CISA has created a public site dedicated to providing information and updates regarding Apache Log4j and guidance on immediate actions to protect against exploitation. (CISA Apache Log4j Vulnerability Guidance). Since the initial vulnerability was reported, two additional vulnerabilities have been discovered leading to additional required patches: the latest being reported on Friday, December 17, 2021.
The Log4j vulnerability can pose specific risks to the OT space on the plant floor. Millions of Java applications use the Log4j library to log messages. It has become one of the most popular logging libraries used. Apache is an open-source, and free, library. This has contributed to wide-spread adoption and use by Java developers using it to build records of activities for things like error reporting, troubleshooting, and data tracking. With the proliferation of the Internet of Things in the past decade, particularly as more and more devices on the plantfloor are connected within an OT network or to cloud services outside of the plant, there are more ways for a vulnerability like this make its way into plantfloor operations. This has created the potential to impact millions of devices and operations in manufacturing.
The vulnerability has the potential to allow an attacker to gain access to a system, compromise a server or network, execute code, or potentially even take control of the system for exploitation. The danger is compounded by the fact that it requires as little as a single line of code to be inserted into log4j and could potentially be done by a fairly inexperienced attacker. Companies need to take immediate action to mitigate the risk that this poses to their plant operations. Immediate action should be taken to determine all applications that may be impacted by this vulnerability and follow the manufacturer recommended resolutions. Specific information can be found through the Cybersecurity & Infrastructure Security Alliance and on the Apache site. Following the discovery of an asset or application that could be vulnerable or compromised, it is highly encouraged that you monitor for exploitation attempts. To further mitigate the risk, a defense in depth strategy should be deployed.
If you’re not sure how or where this may impact your operations, a Security Posture Assessment and/or a Network Assessment from a trusted partner can help you understand where your system may be exposed to risk. It is likely that this problem will take many months to fully understand the risk. Manufacturers are still in the process of determining which of their products are potentially impacted and new vulnerabilities are being discovered, so it will remain important for the foreseeable future to check back regularly for updated lists of impacted products.