Home >Becoming cyber-secure in the manufacturing industry
Becoming cyber-secure in the manufacturing industry
13 June 2019
There is no question that organisations should look to invest in modern digital transformation to create the factory of the future and thrive in the current digital revolution, but this needs to be done alongside the implementation of a well thought out security strategy to make the business secure from the inside out, reports Andy Baldin
The number of targeted cyberattacks against manufacturers continues to increase. It’s no secret that malicious online actors frequently target Critical National Infrastructure (CNI) and services, such as manufacturing, be that for political means or competitor rivalry. In fact, in April last year, the UK’s National Cyber Security Centre (NCSC), the US Federal Bureau of Investigation (FBI) and the US Department of Homeland Security (DHS) issued a joint statement accusing Russia of an on-going hacking campaign that heavily targeted critical infrastructure providers.
Thus, it won’t come as a surprise that over half of UK manufacturers have been victims of a cyberattack, with a quarter of these resulting in financial and business losses. However, what is perhaps most shocking is that 45% of the businesses leaders surveyed by the EEF revealed that they were not confident they had access to or knowledge about the correct tools with which to protect themselves from an attack. As the manufacturing industry contributes 11% of the UK’s economic value and 44% of its total exports, this sector needs to prioritise cybersecurity measures, not just to ensure continued business success but also for the sake of the nation.
Risk & reward
In recent years, the manufacturing industry has experienced a digital revolution and manufacturers have made leaps and bounds towards technological innovation with the overall aim of making processes more efficient and productive. This current trend of automation and data exchange in the manufacturing industry has been labelled ‘Industry 4.0’. This term encapsulates the transition from a mainly paper-based, physical, on-premise environment with limited equipment of a connected nature to an age of cyber-physical systems such as the Internet of Things (IoT), cloud computing and technological automation. Large businesses such as Elon Musk’s Tesla factory in California, which uses intelligent automation and machine learning to constantly improve factory processes, have become the Industry 4.0 models on which smaller manufacturing businesses are now modelling their automation strategies.
The benefits are clear – the presence of connected technology within factories can make strides towards efficiency and productivity by increasing visibility throughout the entire company. Inefficient, underperforming and unusual output is immediately flagged as areas for improvement and robotic technology is able to work 24/7, without the need for comfort breaks, dramatically increasing output. However, the adoption of this new and innovative technology is exactly the reason why the manufacturing industry is so vulnerable to cyber-attacks – outdated equipment, designed for on-premise and unconnected operations, is now being thrust online in a way that they were not designed for.
The NHS provides a prime example of identifying the risks of keeping hold of unprotected legacy technology when it announced in December 2018 that the health service was banned from buying fax machines, with a complete phase out of the outdated technology ordered by April 2020. This is to pave the way for more modern methods of communication, such as secure email servers that are designed for the job of ferrying important and personal patient information. The same assessment of legacy technology and subsequent modernisation must also be done by manufacturers.
There is no question that organisations should look to invest in modern digital transformation to create the factory of the future and thrive in the current digital revolution, but this needs to be done alongside the implementation of a well thought out security strategy to make the business secure from the inside out.
A balanced & secure Industry 4.0
Manufacturers can mitigate against the risk of cyberthreats by removing legacy technology that is more susceptible to attack. Legacy technology that has reached End Of Life (EOL) is no longer receiving any critical security updates or patches and thus, provides malicious actors with an easy way into the network. Without support from the manufacturers to provide key updates when flaws are located, these devices and systems become increasingly vulnerable to attack as time passes because their security defences start to lag behind while the methods used by malicious actors evolve and become more intelligent.
Companies are often unwilling to provide the upfront cost to replace technology that still works and that their employees are comfortable using. However, the potential cost of a cyberattack could far outweigh the cost of updating old technology and retraining staff, saving the business time, money and reputation in the long run. While this may seem like an outrageous claim, recent research actually revealed that the average cost of a cyber-attack is $1.7m.
As well as this, when new technology is implemented it will not only increase business efficiencies by being more user-friendly and undertaking tasks that legacy IT simply does not have the ability to do, but it will also be given frequent updates. New IT systems will be constantly patched, with each one fixing a new potential way in for hackers, allowing manufacturers to stay one step ahead of the cyber dangers lurking around the corner.
The importance of patching
Patching is the cornerstone of cyber-vulnerability protection, but one that many companies fail to take seriously enough. A common misconception is that updates and patches are solely for the developer to add new features to their product or software – but this is not the case. Patching actually allows developers to install critical updates and mitigate against vulnerabilities that could be exploited by malicious actors.
The WannaCry attack that hit numerous organisations in mid-2017 is a lesson in what can happen when patching isn’t kept up-to-date. Only those running unsupported, legacy versions of certain Windows operating systems were affected by the malware because the flaw that allowed it access had been noticed and patched out of newer versions. More recently, Arizona Beverages was hit by a large-scale ransomware attack that brought the company to its knees. The incident was attributed to outdated systems and systems with updates not yet applied as well as poorly configured backups. Businesses need to take the time to review EOL announcements and look into other products in their environment. Obsolete software is a considerable risk to a system and needs to be addressed even if removal is not the immediate answer. There needs to be a plan in place to mitigate the risk if elimination is not possible, such as reducing access, segregating the system from the rest of the environment and removing internet connectivity from EOL workloads.
Manufacturers must open their eyes to the opportunity they pose for malicious actors, if hackers manage to breach their networks it could result in havoc that has the potential to negatively impact the country’s economy and infrastructure. This is why it is so critical for these businesses to remove outdated technology and implement all necessary patches and updates. Technology can help manufacturers take strides towards efficiency and productivity, but this can’t come without regard to cybersecurity practices.
Andy Baldin is VP – EMEA at Ivanti
You can get further information via the Ivanti website at www.ivanti.com