October 10, 2018 by Siobhan Climer
Manufacturing is an industry built on innovation, and technology continues to impact the field dramatically. As robotics, AI, IoT, machine learning, and smart tech take off, manufacturing is set to take full advantage of the increased scalability and efficiency these tools offer. And so, too, are cyber criminals looking to exploit the expanding – and, often, unprotected – network in manufacturing.
In the past, the industrial control system (ICS) environment used its physical isolation as a method of protection against attacks; unfortunately, this method no longer works. Unsecured IoT devices, unpatched servers and OS, and an expanding network perimeter are increasing the threat of cyberattacks. Cybersecurity in manufacturing has not kept pace with demand, and many manufacturers are in immediate danger.
Disaster recovery is an important step in protecting data from a catastrophic event, such as a cyberattack or natural disaster. Find out more about how you can protect your network through a backup and DR whitepaper today.
The Growing Risk Of Cyberattacks In Manufacturing
While industries like healthcare and finance are working towards protecting the highly valuable personal data of their patients and clients, the customer-based demand for increased cybersecurity in manufacturing remains minimal. Manufacturers themselves do not necessarily see their data as valuable to hackers. And though business leaders across the world are citing cybersecurity as the biggest threat, half of manufacturers claim they have not been subjected to any such attack. Rebecca Taylor, SVP of Strategic Partnerships at National Center for Manufacturing Sciences, says that some manufacturers may be keeping attacks secret, while others may simply not have enough visibility into their networks to know they’ve been attacked.
“IIoT security is about finding the needle in the haystack,” Taylor writes. What’s more? There is a “lack of best practices” across the field. When asked about continuous behavior monitoring, regular risk assessments, and penetration testing on firewalls, the plurality of manufacturers reported they do not take any of these proactive cybersecurity measures. Cybersecurity in manufacturing lags, and the hackers are just getting smarter.
The Big Six: Cybersecurity In Manufacturing Attacks
Have you heard of Dragonfly, Stuxnet, Trisis, Petya, NotPetya, Expetr, or WannaCry. Honda and Cadbury certainly have. Both manufacturers were subject to enormous attacks, completely shutting down plant production in 2017. Manufacturers know that downtime is money. Add on to that the ransomware demands and these attacks equal millions in losses. Dragonfly 2.0 hit the North American and European energy sector; Stuxnet, a joint U.S. and Israeli-created worm, hit Iranian nuclear facilities; Trisis affected global oil and gas markets in late 2017; Petya hit airports and its counterparts much of the oil and gas industry; and WannaCry covers the gambit, from Boeing to FedEx, universities to automobile manufacturers.
Production halts, plants shut down, and companies are forced to pay millions in downtime and payments to hackers to decrypt their files – if the hackers are kind enough to do so. And despite warnings by the FBI to never pay ransomware hackers, most companies do. “In the security practice, paying a ransom is usually cheaper than paying the price of corrective actions after a successful breach,” says Csaba Krasznay, a security analyst with Balabit.com.
Why Is Cybersecurity In Manufacturing Difficult?
ICS environments haven’t had the same pressure other industries have to modernize cybersecurity technology. And despite huge developments in autonomous technology, most ICS environments are still running Windows 98 or 2000. This puts the manufacturing environment at increased risk. The rise of IoT and connected devices removes any physical barrier once protecting the ICS network, leaving the industry open to a wide array of attack models. A recent study by Deloitte also found most companies do not segment their ICS network from their main networks. In a whitepaper on the subject, Rebecca Taylor noted that small manufacturers are especially at risk because they do not have the in-house resources to create and implement a cybersecurity in manufacturing strategy. Security-minded managed services companies can pick up the slack and support these companies as extensions of their team, but only if the company understands the real risk.
What’s At Stake?
Compare an image of the U.S. F-35 to China’s J-31, or U.S. E-3C to Russia’s A-50.
While these catastrophic examples of cybercrime are blatant – and deal with the very real threat of international warfare, cyber or otherwise – they are only the most ostentatious. Hackers could change the production plans of a key component to an automobile, causing fatalities. DDoS attacks, though seemingly simplistic, can shut down manufacturing for days. The proof-of-concept is demonstrated in every facet of manufacturing, from design to production to delivery. While large companies like Nissan and Amazon are securing their networks against these attacks every day, smaller manufacturing businesses are at risk of significant downtime, regulatory compliance compromise, or bankruptcy.
Keep ahead of your security risk with a complete infrastructure optimization roadmap consultation today.
Like what you read?
Mindsight, a Chicago IT consultancy and services provider, offers thoughtfully-crafted and thoroughly-vetted perspectives to our clients’ toughest technology challenges. Our recommendations come from our experienced and talented team of highly certified engineers and are based on a solid understanding of our clients’ unique business and technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.