Cyber Risks in the Manufacturing Industry

Tom Holloway, Principal Business Resilience Consultant, Sungard Availability Services

The manufacturing industry is among the most advanced in the world for its adoption of digital platforms. Robotic and connected sensor technology are now mainstream throughout most factories, allowing manufacturers to gather insights in real time. The use of digital technology in manufacturing is nothing new, it has been embedded within processes for decades, and routine disruption has become the norm given the industry’s reliance on technology. However, increasing automation, data-rich production cycles and complex global supply chains make this industry particularly vulnerable to cyber attacks.

It’s predicted that there will be 1.3 million robots in factories worldwide by the end of this year, which could open up as many security risks as it helps with operational efficiencies. Imagine if a hacker managed to access the software the business relies on – it could cause a total shut down of operations. Forcing industrial robotic arms to misperform even slightly could not only result in tons of ruined products but the robots could unwittingly grant access to the business’ security networks, bringing all operations to a halt. The cost of this could be astronomical to a manufacturing business; to put into perspective the cost of the recent NotPetya ransomware attack to businesses is estimated at $1.2Bn, not an improbable figure when you consider that a stoppage in a complex car manufacturing plant can cost £10,000s per minute. This trend is also playing out across other critical infrastructure sectors – with even the US government issuing a rare public warning that energy and industrial firms are vulnerable to sophisticated attacks.

Complicated systems require a hands-on approach. The huge amount of data needed to manage manufacturing processes with tiny degrees of tolerance, are sitting only a few degrees of separation away from public networks. The use of sensor-embedded automation controls, RFID tags and Radio Data Terminals reliant on WLAN infrastructure increase the potential points of system vulnerability.

Historically, investment in manufacturing has been focused on safety and cost reduction, which hasn’t been matched by investment in security. But with these growing risks against our critical infrastructure systems, it is vital that businesses take all the proper precautions.

You are the weakest link, goodbye

Despite these very real risks, our recent research shows that the industry is in danger of becoming complacent. The majority (67%) of IT Decision Makers in the manufacturing sector feel confident that they are prepared for a cyber-attack. While it is encouraging to see this confidence, the headlines have made it clear that manufacturers can’t afford to take the foot of the pedal when it comes to security.

A business works best if all the components work in harmony: people, processes and technology. If one of these falters, the remaining components won’t be able to perform. Each have their own weaknesses, but human error often becomes the most visible of these, but it can be avoidable. An employee clicking a link on a simple spam email might be all it takes to bring the system to a standstill. So, when looking at ways to prevent business downtime the best place to start is with your own people. Make sure everyone is kept appraised of the latest security threats. This could be through inductions or annual training that the organisation needs to take.

Avoiding the domino effect

Increased connectivity through Internet of Things (IoT) devices is transforming the manufacturing industry, allowing leaders to monitor and act upon data flowing between machines, devices and people. A multitude of sensors pour data into systems and build up a real-time picture of operations, however the added sensor touchpoints and more automated processes have left the industry with a more exposed attack surface. The level of disruption a hacker could cause has the potential to be far-reaching; not only would they have the power to stall productions lines, but privacy and even physical safety also pose significant risks to operations. As automation increasingly dominates all aspects of manufacturing processes, leaders need to analyse the robustness of the business’ core technology. IT teams need to make sure they have all their data backed up, whether in a physical data-centre or in the cloud and have regularly tested action plans in place for recovering data and keeping the production line moving.

Watch your WiFi

 It’s well known that WiFi can be hacked and cause issues across the supply chain, from networks inside storage depos, to public WiFi used by people working remotely – even supermarket ‘zappers’ could be hacked. Hacking supermarket zappers may not sound alarming, but if the system that provides all this information is corrupted then it could potentially bring down the entire network. What can be done? Keep your inventory record up to date with software management.

While investment in safety and cost reduction are both key elements for success in the manufacturing industry, it should not come at the cost of security. Ultimately, if a customer comes to doubt the ability of your businesses to run efficient operations you risk losing the trust, and business of important suppliers. Careful preparation will help leadership teams manage a crisis when it happens.

Resilience training for operations teams is essential to improve awareness of the entire business and ensure any vulnerabilities can be swiftly resolved. Don’t assume that all staff are appraised of the latest technology in the work place. Spend time upskilling them on the latest technologies otherwise outside threats will get the better of them, and your business.

Tom Holloway, Principal Business Resilience Consultant, Sungard Availability Services

The manufacturing industry is among the most advanced in the world for its adoption of digital platforms. Robotic and connected sensor technology are now mainstream throughout most factories, allowing manufacturers to gather insights in real time. The use of digital technology in manufacturing is nothing new, it has been embedded within processes for decades, and routine disruption has become the norm given the industry’s reliance on technology. However, increasing automation, data-rich production cycles and complex global supply chains make this industry particularly vulnerable to cyber attacks.

It’s predicted that there will be 1.3 million robots in factories worldwide by the end of this year, which could open up as many security risks as it helps with operational efficiencies. Imagine if a hacker managed to access the software the business relies on – it could cause a total shut down of operations. Forcing industrial robotic arms to misperform even slightly could not only result in tons of ruined products but the robots could unwittingly grant access to the business’ security networks, bringing all operations to a halt. The cost of this could be astronomical to a manufacturing business; to put into perspective the cost of the recent NotPetya ransomware attack to businesses is estimated at $1.2Bn, not an improbable figure when you consider that a stoppage in a complex car manufacturing plant can cost £10,000s per minute. This trend is also playing out across other critical infrastructure sectors – with even the US government issuing a rare public warning that energy and industrial firms are vulnerable to sophisticated attacks.

Complicated systems require a hands-on approach. The huge amount of data needed to manage manufacturing processes with tiny degrees of tolerance, are sitting only a few degrees of separation away from public networks. The use of sensor-embedded automation controls, RFID tags and Radio Data Terminals reliant on WLAN infrastructure increase the potential points of system vulnerability.

Historically, investment in manufacturing has been focused on safety and cost reduction, which hasn’t been matched by investment in security. But with these growing risks against our critical infrastructure systems, it is vital that businesses take all the proper precautions.

You are the weakest link, goodbye

Despite these very real risks, our recent research shows that the industry is in danger of becoming complacent. The majority (67%) of IT Decision Makers in the manufacturing sector feel confident that they are prepared for a cyber-attack. While it is encouraging to see this confidence, the headlines have made it clear that manufacturers can’t afford to take the foot of the pedal when it comes to security.

A business works best if all the components work in harmony: people, processes and technology. If one of these falters, the remaining components won’t be able to perform. Each have their own weaknesses, but human error often becomes the most visible of these, but it can be avoidable. An employee clicking a link on a simple spam email might be all it takes to bring the system to a standstill. So, when looking at ways to prevent business downtime the best place to start is with your own people. Make sure everyone is kept appraised of the latest security threats. This could be through inductions or annual training that the organisation needs to take.

Avoiding the domino effect

Increased connectivity through Internet of Things (IoT) devices is transforming the manufacturing industry, allowing leaders to monitor and act upon data flowing between machines, devices and people. A multitude of sensors pour data into systems and build up a real-time picture of operations, however the added sensor touchpoints and more automated processes have left the industry with a more exposed attack surface. The level of disruption a hacker could cause has the potential to be far-reaching; not only would they have the power to stall productions lines, but privacy and even physical safety also pose significant risks to operations. As automation increasingly dominates all aspects of manufacturing processes, leaders need to analyse the robustness of the business’ core technology. IT teams need to make sure they have all their data backed up, whether in a physical data-centre or in the cloud and have regularly tested action plans in place for recovering data and keeping the production line moving.

Watch your WiFi

 It’s well known that WiFi can be hacked and cause issues across the supply chain, from networks inside storage depos, to public WiFi used by people working remotely – even supermarket ‘zappers’ could be hacked. Hacking supermarket zappers may not sound alarming, but if the system that provides all this information is corrupted then it could potentially bring down the entire network. What can be done? Keep your inventory record up to date with software management.

While investment in safety and cost reduction are both key elements for success in the manufacturing industry, it should not come at the cost of security. Ultimately, if a customer comes to doubt the ability of your businesses to run efficient operations you risk losing the trust, and business of important suppliers. Careful preparation will help leadership teams manage a crisis when it happens.

Resilience training for operations teams is essential to improve awareness of the entire business and ensure any vulnerabilities can be swiftly resolved. Don’t assume that all staff are appraised of the latest technology in the work place. Spend time upskilling them on the latest technologies otherwise outside threats will get the better of them, and your business.