Balancing Productivity and Security: The New Cybersecurity Challenge for Manufacturers

Cybersecurity presents substantial risks to all manufacturers but especially small manufacturers. The topic is perceived as complex, daunting, amorphous and constantly changing. This causes small manufacturing leaders to ignore the topic because they lack the time and in-house resources to address it adequately. The result is that many small and medium-sized manufacturers – who rely heavily on technology for production – do not have a cyber protection plan which protects their critical assets.

Manufacturing processes are typically operated by industrial control systems (ICS) which use open platforms and common operating systems, as opposed to insular proprietary control systems. In addition, many manufacturers use mobile applications and sensor controls; however, they don’t have these devices incorporated in their cyber protection plan. A 2016 survey by the Deloitte Center for Industry Insights found that just 50 percent of companies segment or isolate ICS networks from their standard networks. Translated, this means half of our advanced manufacturing companies face ICS trouble if their standard networks are breached.

Bad actors use cyber vectors to take control of these systems to monitor, disrupt or hold for ransom. Through this control, they can change or corrupt data flow for critical operations which can result in damaged equipment, theft of intellectual property and harm or loss of life. All of these actions threaten competitiveness, negatively impact a company’s reputation, and produce potentially harmful or damaged products.

Unfortunately, cyber threats are real and significant. Denial is not a solution.

It is estimated that by 2020 as many as 15 billion devices will be connected to the internet – more than double the world’s population. Equipment interacts without intervention, and often without our knowledge. This creates a significant security challenge. Any node on a company’s network could be an attack vector for the entire production system. Industry continues to create many more cyber-physical interdependencies, yet does not completely understand them.

Information security is a critical issue in manufacturing – every organization has valuable data which is at risk. In fact, theft of intellectual property is the primary motive for attacks on manufacturing companies, followed by financial theft, targeted attacks on senior executives for financial gain and access to company strategies or investments.

In response to new and complex cybersecurity demands, NCMS has partnered with public agencies like the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST), as well as private sector cybersecurity stakeholders, to help identify key issues, opportunities and mitigation solutions as these attacks threaten the production capabilities of every connected manufacturing firm. NCMS’ Cybersecurity Strategic Initiative helps manufacturers address cybersecurity issues and convenes technical experts in operational technology and cybersecurity to help companies identify, mitigate and close security and resilience gaps.

Cyber Threats

Today’s manufacturing sector is increasingly automated, connected and global. All organizations in the sector are vulnerable to cyberattacks.

Most manufacturing systems currently in use today were made to be productive – they were not made to be secure. By design, they focus more on productivity and safety instead of on the security of the machine or the data and products it produces. Most of these networked systems have grown organically and over time, adding to the systems complexity. Furthermore, most of the systems are operated and secured by the production side of the house without IT integration. These factors combine to form serious cybersecurity vulnerabilities in many manufacturing systems today.

Headlines are frequent regarding security breaches resulting in unauthorized access to data – Target, The Home Depot, even the Office of Personnel Management (OPM) are recent examples. Unlike these commonly reported cyber-attacks, attacks in manufacturing are quite different and bring devastating consequences. In this section, we define the most common attack…

Read More at
www.ncms.org/CyberSecurityReport