Support 416-591-6711 option 1 or Email Us

Manufacturing: Ushering in New Technology and Cyberattacks

Wed, 05 Jun 2019

Manufacturing is welcoming the Fourth Industrial Revolution (4IR) wherein the old, formerly-closed, complex manufacturing environments are transformed into new, connected, and far more open systems. Driving this transformation is the Internet of Things (IoT), a connected web of smart devices that make our homes more comfortable, our cars safer, and our offices more efficient. The manufacturing industry is the creator and early-adopter of IoT. Manufacturing is simultaneously building the IoT and being transformed by it.

Already, billions of connected, smart, IoT devices are in use in the manufacturing industry creating enormous opportunity and altering long-standing processes. The IoT is changing manufacturing companies into technology companies. While this technological creation and adoption promises endless possibilities for manufacturing, making it more efficient and competitive, it also leaves the industry more susceptible to cyberattacks. Manufacturing is now the second most cyber-attacked industry, just behind healthcare.[i] 

 Manufacturing: Ushering in New Technology and Cyberattacks

Cybersecurity wake-up call

Before 2017, it was often challenging to engage manufacturing enterprises in cybersecurity discussions. Many assumed that cybersecurity attacks aimed at the financial industry. Then the WannaCry and Petya ransomware attacks made headlines —and household name manufacturers like Mondelez in the U.S. suffered devastating business interruption. The cyberattacks of 2017 were the first-time major manufacturers declared financial losses due to breaches. Merck Pharmaceuticals claimed “disruption of its worldwide operations, including manufacturing, research and sales operations” when it filed with the U.S. Securities and Exchange Commission. Merck cited a $260 million loss in sales for 2017 and expected further losses of $200 million in 2018.[ii]

WannaCry and Petya were wake-up calls for the manufacturing industry. Since then, cyberattacks against the manufacturing industry have increased substantially. 86% of cyberattacks against manufacturing are targeted. Of those cyberattacks, 53% are motivated by financial gain, and 47% are motivated by industrial espionage.[iii] Cyberattacks aren't just affecting your company; hackers are infiltrating your supply chain. You need to ensure you're supply chain and network are protected end-to-end. 

Hacking in manufacturing costs lives and money

The scope and type of cyberattacks on manufacturers now range from rare, complex Stuxnet-style attacks to more frequent and simplistic ransomware attacks. Cyberattacks on manufacturers can include efforts to steal or corrupt data, pilfer intellectual property, damage equipment, interrupt processes, and disable your network entirely. The growing concern with cyberattacks in manufacturing goes beyond criminals gaining access to data and financial information. With the increasing reliance on the IoT, a cybercriminal can do catastrophic damage if they penetrate the IT network of a manufacturer. 

For example, a hacker could obtain access to a robot’s controller software, remotely exploiting a vulnerability, and downloading an altered configuration file. The robotic arm is now programmed to draw a line 1mm different than initially configured. This tiny defect could lead to devasting consequences if, for instance, the line is accountable for an integral weld on the body of a car, a weakness that could result in causalities and a massive vehicle recall.

"If my chassis of my car is no longer as strong as it should be it's going to react differently in an accident. If that wing of that aircraft isn't attached the way it should be, that's a really bad thing for flight in general," says Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro.[iv]

This scenario may sound far-fetched, but it's not. This particular scenario was proven through the research of Trend Micro and Politecnico di Milano who hacked into a network and remotely controlled an ABB IRB140 industrial robot to prove a point. The arm was set up to draw a straight line, and they altered it to be a few millimetres off. "Taken to the extreme, however, should micro defects successfully evade detection by a vendor's multiple checks and depending on the nature of the goods themselves, injury or fatality could occur," the researchers warned.[v]

Alternatively, cyberattacks to obtain intellectual property can also be costly. Imagine that a hacker steals the design for a new, revolutionary product, set to go to market later this year. The manufacturing company has spent countless hours and dollars in research and development, production, marketing, etc. only to have a competitor bring the same product to market weeks before, destroying a company's projected revenue. Cybersecurity measures need to be taken to protect intellectual property as well as all of the devices connected to the network.

The cybersecurity challenges facing manufacturing

The most significant risk of cybersecurity failure for manufacturers is the lack of recognition that they are at risk. If you are a manufacturer, then you are at risk of a cyberattack and need to secure your network accordingly. Industry Insurance specialists BFL Canada state, “industrial control software has not been written and developed with security in mind like software of a server or PC. This is largely because it was not anticipated to be an issue. It has historically been designed with a very singular purpose of driving the operation of an industrial machine and that is it. As a result, they have been found to be full of vulnerabilities.”[vi]

Manufacturing ICSs are unique

An industrial control system (ICS) is unique because of the interaction it has with physical manufacturing processes. Because of this interaction, an ICS differs from a traditional IT system in significant ways that need to be considered when creating manufacturing-specific cybersecurity incident response plans. For example, physical manufacturing processes run constantly; industrial installations must remain available. Therefore, interruptions (cybersecurity maintenance, cybersecurity updates and patches) must be planned.

Six cybersecurity musts for securing a manufacturing ICS:

  • You must take into account physical processes; adapting intrusion tests and security assessments for ICS to avoid interfering with physical processes.
  • You must modify detecting measures to account for attacks that target physical processes (like Stuxnet).
  • You must use technology specially designed for manufacturing environments.
  • You must map installations and analyze vulnerabilities: inventorying all material installations, critical systems and applications.
  • You must train employees, who often don't understand the risks (teach good computer hygiene, especially when it comes to access and login details). Historically, manufacturers have been attentive in promoting a culture of health and safety but have struggled to instill the same urgency in safe cybersecurity practices to their employees. Employees who work on the factory floor can see the result of a lack of health and safety practice, for instance when a co-worker is injured.
  • You must stay up-to-date with the changing threat landscape and vulnerabilities that are unique to the ICS sector. Changing threats also means updating your incident response plan accordingly.

Cybersecurity in manufacturing presents challenges as IoT devices, so widely adopted across the industry, generally, have a lack of security built into them. Cybercriminals easily target these devices. With nation-state attacks increasingly targeting manufacturing, it's of vital importance that the manufacturing industry responds with fortification measures and manufacturing-specific incident response plans. Talk to the cybersecurity solutions specialists at ISA who have over 27-years of demonstrated security industry excellence about how to protect your manufacturing company from a cyberattack.




‹ Back