Despite being the third most targeted industry for a cyberattack, manufacturing is one of the least prepared
Manufacturing is becoming increasingly digitised as the industry is adopting automation to a greater extent than ever before. The Industrial Internet of Things (IIoT) is bringing artificial intelligence, cloud computing and robotics into factories. Cyber-physical systems can now integrate all aspects of the supply chain, including operational systems and information systems, and are taking the place of outdated, siloed machines.
Any factory making use of these new technologies is known as a Smart Factory, and they’re prompting what experts are calling the fourth industrial revolution, or Industry 4.0.
Smart Factories will help the manufacturing industry considerably, as digital technology can offer greater efficiency in the production stage, better quality products with fewer mistakes, and more flexibility for working processes.
So it’s no wonder that manufacturers are moving quickly to update their factories – by 2019, 75% of large manufacturers will have incorporated the Industrial IoT in their operations. And by 2022, the Industrial IoT market is expected to be worth $195.47 billion.
The Smart Factory Network
The devices in a Smart Factory are able to transmit data over a wireless internet connection in real time. A typical set up might include multiple systems which are accessed from a number of devices.
For example, a Smart Factory might have a Product Lifecycle Management (PLM) system which can transmit design information to the Manufacturing Execution System (MES) where the product is produced. This may be controlled by a Human Machine Interface (HMI) such as a control panel or even a smartphone.
This kind of set up allows for the seamless flow of information between machines. That information can then be used to adjust and optimise the machines’ performance and achieve maximum efficiency, whilst minimising waste. It also means the process can be automated, resulting in a reduced downtime which can help improve quality and reproducibility, increasing profitability.
Another advantage of the Smart Factory arrangement is that it allows for a continuous overview of the process. Through the HMI, manufacturers can have real-time visibility on things like the condition of machinery, remotely, provided by cloud computing capability.
Manufacturers are investing in digital
Despite the benefits they offer, the connected nature of Smart Factories leaves the manufacturing industry open to a variety of potential cyber threats – a concern which is preventing some manufacturers from completely updating their operations.
The EEF’s 2018 Cybersecurity Report found that while 91% of manufacturers are investing in digital technology, 35% said they are inhibited from fully investing due to cybersecurity concerns.
And it’s a legitimate concern – cybersecurity is a real risk for manufacturers. The EEF report found that 24% of manufacturers admitted they have already sustained financial or other business losses as a result of a cyberattack.
But with the fast-moving advancements and opportunities Industry 4.0 is delivering to manufacturers willing to invest, organisations can’t afford to fall behind their competitors.
What cybersecurity risks do manufacturers face?
The result of not securing the Smart Factory network is clear. The manufacturing industry is the third most targeted industry for cybercrime, just behind the finance and government sectors.
Often, attackers are looking to do one of three things through their crime:
Steal Data – With client details stored on CRM systems, hackers might look to take this information and hold it to ransom
This happened in 2013, when American retailer Target was the victim of a data breach that allegedly saw the theft of the personal details from between 70 and 110 million people. Attackers initially gained access through Target’s heating and air conditioning supplier – the manufacturer’s operational systems were hacked and due to their connection to Target’s IT infrastructure, it provided a gateway for the hackers to infiltrate.
An integrated supply chain from supplier, to logistics provider and retailer means more manufacturers will have access to their client’s operational systems. Attackers can exploit this connection, so manufacturers need to secure their own network to ensure the security of their clients’.
Disrupt Access Systems or Operational Systems – Hackers can take control of manufacturing processes to interfere with production or even tamper with the products
American pharmaceutical company, Merck, was infected by the NotPetya cyberattack. Ransomware apparently disabled the manufacturer’s email and caused mass disruption to work. It’s estimated that Merck allegedly suffered a loss of over $135 million in sales, plus $175 million in additional costs.
Any disruption to production is costly for manufacturers. But incidents like the above also raise concerns about physical safety. With attackers able to infiltrate and remotely control production processes, they could tamper with products and make them unsafe, potentially harming consumers.
Gain Intelligence for a Competitive Advantage – Industrial espionage sees hackers steal intellectual property or information for the advantage of competitors
In 2011, some oil production companies lost legal and financial information to a cyberattack. The motive was identified as industrial espionage, possibly to sabotage potential business deals for the companies.
Having confidential information stored on connected devices is essential. But the IoT means that information can be accessed in more ways than ever before, from laptops to smartphones or control panels. These devices offer a way for attackers to infiltrate the network and for manufacturers, increases the risk of industrial espionage.
How can the manufacturing industry mitigate risk?
While it’s clear manufacturers are seeing the benefit of Smart Factories, the cyber risks they present are stalling progress. But with the proper time and financial investment in cybersecurity, the industry will be able to enjoy the full benefits of Smart Factories.
A significant lack of awareness of the importance of cybersecurity still plagues the manufacturing industry. The EEF report found 34% of manufacturers said cybersecurity doesn’t appear on their risk register. A worrying statistic considering the majority are investing in digital technology.
It’s crucial that manufacturers establish cybersecurity regulations within their Smart Factory. Here are 3 things all manufacturers should consider to reduce the risk of a cyber threat:
- Are you investing enough in cybersecurity?
While governing bodies like the EU have begun to invest more in outlining cybersecurity standards, there’s a concern that there isn’t enough focus on the manufacturing industry and frameworks aren’t always relevant.
There’s still a lot of research to be done to identify the specific needs of manufacturers but investing in a range of security services including consultancy, training, software and hardware could help your business mature more quickly.
- Do you have a clear response strategy to mitigate an attack?
12% of manufacturers surveyed said they had no technical or managerial measures to assess or mitigate a cyberattack. Without a proper response strategy, there’s a risk that it could take longer for the business to recover and this will intensify any damage caused – financial or otherwise.
Manufacturers should have an audit trail for compliance, and cyberattack insurance in place to provide support in the event of a data breach. There also needs to be a clear management plan to minimise the effects. It’s thought that cyberattacks will only become more prevalent.
- Can you afford to ignore the risk?
Attacks can range from causing minor production disruption to inflicting serious damage to machinery. As we’ve already seen how Merck allegedly lost an estimated $310 million to a breach, it’s obvious that a similar attack could be crippling to a smaller company.
So while investing in cybersecurity or cloud computing security can be expensive, not doing so could be more costly in the long run.
About the Author
Adrian Jones is CEO of Swivel Secure. He has nearly 30 years’ experience in the IT industry. As a serial entrepreneur he has worked in the Security, Ecommerce and Media sectors, building businesses through start-up, growth and exit phases. Prior to Swivel he ran his own company advising IT industry companies on their sales and marketing effectiveness, enabling business development via practical, strategic, tactical and operational advice. His channel expertise is recognised across the industry and his engineering background motivates his keen interest in usage of technology to realise shareholder value.