Support 416-591-6711 option 1 or Email Us

Manufacturing: Cybersecurity and Incident Response (IR)

Mon, 03 Jun 2019

As a manufacturer, you want global, end-to-end supply chain visibility. Tracking the lifecycle of a product from obtaining critical parts from an international supplier, through transportation across borders and in ports, by way of automated manufacturing processes, to distribution, and finally to the consumer – the dream is to see it all. You want to know where it is, what state it's in, when it will get to you or your customer, how much inventory of parts and product you have and how much you need. That's a lot of information and data to manage.

Manufacturing: Cybersecurity and Incident Response (IR)Within Industry 4.0 that level of knowledge and visibility is available in manufacturing, in real time, using the Internet of Things, cloud technologies and machine learning software. More and more manufacturing industry leaders are adopting digitized, networked systems that empower them with specific, accurate and predictive manufacturing supply chain knowledge. However, all of that comes at a cost. The more data a manufacturing company collects, and the more digitally connected they are, the more susceptible to cybersecurity threats and the more in need of an incident response plan.

Targeting the manufacturing industry

The manufacturing industry is one of the most targeted sectors when it comes to cybersecurity attacks. According to The Manufacturers' Organisation of the United Kingdom, "In EEF’s cyber-security survey some 48% of manufacturers reported having been subject to cyber-attack, around half of whom said they had suffered loss as a result.”[1] In 2014, in the US, manufacturing tied for third in the share of Cyber Liability Claims by sector.[2] In Canada, a 2018 cybersecurity survey from internet provider Cira, showed that 40% of business respondents, including companies in manufacturing, experienced a cyber-attack over the twelve previous months. Among large businesses, 250-499 employees, the cybersecurity attack number increased to 66%. 

Are you wondering why the influx of cybersecurity attacks against manufacturing? Shouldn't cybersecurity threat agents be targeting financial and government institutions?

You’re not going to like the answer: Intellectual property and data combined with weak cybersecurity.

Cybersecurity threat agents want to steal data and intelligence surrounding manufacturing leader’s new products, processes, and technologies. They want to get their digital hands on anything they can sell to adversaries (blueprints, innovative manufacturing processes and upcoming products). Manufacturers also have sensitive data that is very attractive to hackers, and the manufacturing industry has historically placed more concern on securing their operational technologies over their IT cybersecurity. Besides, financial and government institutions have strengthened their cybersecurity and incident response plans in the face of multiple breaches in recent years, leaving manufacturing as the easier of the sector targets.

Hackers are aware of the weaknesses often found in manufacturing cybersecurity and are also mindful that a manufacturing supply chain is vast and complex, with many vulnerabilities. A manufacturer's large attack surface and weak defences make it the ideal playground for a hacker. A cybersecurity attack can quickly enter and spread across networks, potentially infecting connected suppliers, businesses and consumers attached to the supply chain. If a virus gets in, and production goes down, the impact can be irreparable with mass revenue loss possible. For manufacturing companies to thrive in the digital economy, they must be proactive in their cybersecurity fortification and implement sound incident response strategies.

Consider these threats to manufacturing when creating your incident response strategy.

Nation states

Apart from your run of the mill hackers and cybercrime gangs, manufacturers are often targeted by nation-state threat actors. These are cybersecurity criminals suspected of working for governments to wreak havoc on targeted organizations to gain sensitive data or create incidents that can lead to economic or political disruption. Companies manufacturing defences, weapons and transport, are of the most interest to nation-state cybersecurity attack agents. Nation-state threat actors' specialty is identifying data stores and pulling out high-value information that focuses on defence, security, and political intelligence.

Supply chain attacks

Manufacturing supply chains have multiple cybersecurity weaknesses and are therefore vulnerable to attack. Supply chain attacks are rare. However, they can be more destructive than other types of cyber-attacks. Once an intruder is in, it's harder to contain and eradicate them. Cybersecurity threat actors have a better chance at penetrating these vast networks undetected by impersonating legitimate software products or users in the supply chain.

Manufacturing cybersecurity and incident response strategy

The first thing a manufacturing company should do to protect themselves is to align themselves with a cybersecurity and incident response specialist, like ISA, and evaluate where their network is vulnerable. ISA can implement penetration testing, putting your system through simulated cybersecurity attack scenarios, to identify risks and responses. Penetration testing and vulnerability assessment can give your manufacturing organization a clear picture of existing defences and shortcomings and is a great place to start your incident response strategizing.

After evaluating the strengths and weaknesses of your current cybersecurity practices, it’s time to create and implement a cybersecurity incident response plan. Developing a robust incident response plan should be done in connection with an ISA cybersecurity incident response specialist. Preparation for incident response begins before an incident through increased cybersecurity measures. Implementing or enhancing activity logging, embracing multi-factor authentication, managing user privileges, and endpoint security integration are some of the specific cybersecurity and incident response strategies that manufacturing companies can put in place to ensure they are protected from cybersecurity attacks. Applying patches and confirming all operating systems are up to date is an early step in making an incident response plan. Patching is often disregarded due to concerns about business continuity but is a critical aspect of developing an incident response strategy.

Manufacturers must remember that whatever hardware and software measures are put in place to protect, detect and respond to cybersecurity attacks effectively - it is usually people that are the weak link. Phishing schemes are still the primary way threat actors breach cybersecurity defences. Threat actors always find new ways to exploit human vulnerabilities. Therefore, manufacturers must prioritize cybersecurity education and awareness among employees.

Currently, due to skilled labour shortages, many IT departments lack the correct internal support to assist them in understanding and successfully implementing the necessary changes to strengthen their cybersecurity defences. Cybersecurity specialist companies, like ISA, prove an invaluable partner to any manufacturing company that is looking to improve its cybersecurity defences but struggles to attract the skilled labour required for the job. ISA cybersecurity specialists can work in partnership with manufacturers, ensuring they adopt the best cybersecurity hygiene across their organization. ISA provides over twenty-five years of security experience, making sure that critical technology solutions (such as a resilient, offline back-up) and processes (such as developing an incident response plan) are in place.

What is an incident response plan?

An incident response plan is preparing for an attack or breach and having an organized structure in place to contain and eradicate a threat should it dodge an organization’s cybersecurity and gain access to a network. An incident response plan must include robust cybersecurity measures, specific to company and industry. Specific incident response roles for employees must be in place. Also, establishing clear communication and public relations strategies to communicate amongst the organization, to vendors, to customers and the public in case of incident response. Incident response strategy also plans for containment and eradication of the threat, as well as a plan to rebuild and restore once the cybersecurity threat is exterminated from the system. All of these components are part of a complex and layered cybersecurity incident response plan. A cybersecurity incident response specialist can help your manufacturing company to prepare for and respond to any cybersecurity incident.  

 Manufacturing: Cybersecurity and Incident Response (IR)

Preparing for the future

Incident response plans and cybersecurity strategies must continuously evolve as cyber threats and technology continue to develop. In industry 4.0, as manufacturing yields to more automation and adopts more smart factories, a growing number of cyber-attacks and cybersecurity breaches will occur. Smart factories have various sensors in them to monitor manufacturing machinery's deterioration, temperature, downtime and output. This sensory equipment doesn't watch for data breaches, data theft and failed login attempts. It is of growing concern that manufacturers have proper cybersecurity measures and incident response plans in place before incorporating smart technologies into their supply chain.

Manufacturers can’t ignore cyber threats aiming to collect valuable, sensitive data, or to sabotage IT and OT infrastructure. Claiming cybersecurity unawareness as a defence when a major cyber-attack or data breach occurs is no longeran acceptable. Manufacturers, especially those in partnerships with companies operating in the European Union have to put the correct cybersecurity and incident response procedures in place to avoid substantial fines, delayed production, or loss of reputation. Contact ISA and create a sound cybersecurity and incident response strategy before it’s too late.


‹ Back