As manufacturing enterprises push increasingly toward smart factories, cybersecurity has become the utmost priority in the operational risk profile of businesses. A study by Deloitte shows that 48 percent of manufacturers consider such an operational risk as an impediment to smart factory initiatives. As such, cybersecurity in the manufacturing market is poised to grow exponentially; it is expected to hit $29.85 billion by 2027, which is double what it was in 2019.
The growing demand for the connectivity smart factory devices provides industries will fuel the market growth of security. Industrial cybersecurity is meant to safeguard industrial conditions from cyber risks across different phases of an enterprise’s data ecosystem. As new devices are constantly emerging, the protection of industrial networks is consistently developing to maintain and get ahead of threats. Industrial cybersecurity includes organization security, advanced control frameworks, and product and equipment arrangements. These cybersecurity solutions are meant to ensure the safety of plants and machines.
What Are Manufacturing Cybersecurity Risks?
While the advantages of connectivity are many and include increased levels of productivity, faster identification and remediation of quality defects, and better collaboration across functional areas, these advantages can also magnify the potential vulnerabilities of the smart factory. Risks associated with network safety are expanding, increased by global utilization and availability of cloud administrations that are used to store sensitive information. Simple firewalls and antivirus software are no longer enough to secure a company’s data and systems.
Manufacturing companies across the globe are witnessing an upsurge in cyber-related incidents associated not only with data infiltration, but also with the control systems used to manage industrial operations. These systems are the foundation for the operational technologies (OT) that allow facilities to function, and they can range from programmable logic controllers and distributed control systems to embedded systems and industrial IoT (IIoT) devices.
The Cybersecurity and Infrastructure Security Agency (CISA) lists more than 1,200 known OT system–related security vulnerabilities to varying degrees from more than 300 OEMs and system providers. The more digitized and advanced systems get, the greater the possibility for a control operations threat.
How Do Cybersecurity Vulnerabilities Occur?
When IT and OT are out of sync, systems are vulnerable. Many manufacturing companies have converged IT and OT across their operations in order to gain operational efficiency, productivity, and better customer service. There are a multitude of areas between the IT and OT ecosystems where people, process, and technology overlap and need to be in sync. However, the reality of these technologies and their use is often distinctly different.
OT system–related investment decisions are often made on the factory floor by operations leaders. Eventually, this can lead to a collection of differing technologies with varying security control capabilities that will need to be integrated to and managed using the company’s existing IT network infrastructures.
However, adding advanced technologies to OT networks requires the addition of sophisticated cybersecurity standards as well, a step that some businesses skip. Due to the pace at which smart factories add or update technologies, IT and OT leaders may be left unprepared to respond to new threats.
When surveyed, it’s been found that very few companies have extended security monitoring to their OT environments. Even worse, some companies report not having performed cybersecurity assessments within the past six months. With this level of overconfidence, it’s likely that some manufacturers are not aware of the new threats brought about by IIoT devices and other emerging technologies within a smart factory.
In order to respond to and stay ahead of these threats, manufacturers should invest in a holistic cyber management program that extends across the organization’s digital ecosystem, both IT and OT, to identify, protect, respond to, and recover from cyberattacks.
Here are a few steps to consider when beginning to build an effective manufacturing cybersecurity program. To begin, perform a cybersecurity assessment. Consider how prepared you and your team are. From there, establish a specific cybersecurity governance program and build in security. But there are other, even more simplistic things to consider, such as how knowledgeable your employees are about the threats that cybersecurity can bring to manufacturing.
RELATED: Check out this webinar by the ERP experts at Godlan:
Where Do the Dangers Lie?
Cybersecurity has become a government priority, and the manufacturing industry is an area where cybersecurity is of the utmost importance. In recent years, there have been numerous incidents where sensitive data has been compromised. One of the most well-known and widely-impacting incidents involved the attack of an estimated 50 million Facebook accounts, a serious breach of users’ right to privacy. Consumer information such as email addresses, banking details, and passwords were stolen by hackers and used for a range of crimes including blackmail and fraud.
As a result of security breaches like these, commercial businesses like retailers have tightened their data regulations and clarified how they use, maintain, and store customer information. In industry today, the supply chain has become part of the digital ecosystem, and it’s likely that some original equipment manufacturers (OEM) in the B2C sector will have direct access to personal customer data for things like warranty purposes; however, B2B manufacturers likely have access to customer data via CRMs. Regardless of sector, manufacturers are accountable for the personal data within their respective databases.
It’s more than just customer and employee personal data at risk, though. While not as stringently regulated as personal data, business data- like intellectual property, planning, and production processes- is highly sensitive and just as at risk of cybercrime.
For instance, the supply chain position of Tier Two and Three manufacturers means they may not hold personal data. What they do have access to, however, is confidential business information like blueprints. The theft of intellectual property could have catastrophic consequences; in some instances, entire enterprises can be lost due to a cyber-attack.
7 Ways Manufacturers Protect Themselves from Cyberattacks
For manufacturers just getting used to this new digital era, cybersecurity may seem like a foreign language. However, there are many ways that an enterprise can do to protect its customers, employees, partners, products, operations, and business overall.
Here are a few cybersecurity tips for manufacturers to help mitigate the risk of cyberattack.
1. Employee Training
As with many areas of manufacturing, human error has been cited as a contributing factor in several cybersecurity breaches. Deloitte reports that close to 91 percent of all cyber losses have a human element, often a victim falling for an email phishing scam. A loss, both accidental or malicious, can be caused by something as naive as clicking on a link.
The human factor of cyberattacks in manufacturing has less to do with actual error and more to do with inadequate security cultures and practices coupled with the exploitation of goodwill. These risks rose significantly during the pandemic, as those working from home inadvertently opened themselves to cybersecurity threats. With notice and planning, businesses can carefully contemplate requirements for technology when finding flexible ways of working off site and incorporating personal devices. However, this is not as easily done during an emergency situation like Covid, exposing companies to unforeseen risks. Now, more people are working remotely, and with preparation, your enterprise can be prepared for such workflows.
With an understanding of the way people operate in the workplace and how these operations can be exploited, you can identify and be prepared for areas of weakness. For instance, in a targeted attack, senior and middle management team members are more likely to be exploited by cyber criminals than lower ranking employees due to the fact that they are more likely to have access to valuable information. C-level executives are nine times more likely to be the target of social breaches and twelve times more likely to be the target of social incidents than they were in years past.
To demonstrate how easy human fallibility in cyber security can be, in 2015 a German steel mill was breached via the plant’s business network. An employee received a phishing email with a malicious attachment. By the employee opening the attachment, the hackers had access to various systems, including the manufacturing execution system (MES) to control plant equipment. Physical damage was done to the plant all from opening an unsafe email.
This is why proper training is of the utmost importance.
To keep the enterprise safe, the first thing manufacturers should do is train all employees on basic cyber security. It’s necessary for all team members who utilize devices to understand that regardless of job responsibilities or titles, anyone could be potentially allow an attack, even just by something as simple as using an unauthorized laptop, tablet, or phone to access the network.
Key areas for training would be phishing scams, passwords, and log ins. Keep employees on the lookout for these common types of cyberattacks.
Phishing emails can look harmless, especially in their more advanced state. Most often, they appear to be sent from a trusted sender. Therefore, employees need to be provided training on how to identify a malicious email, link, or attachment. Also, a clear process should be put in place for employees to follow if they think they have received a phishing email.
Password Best Practices
Assuming that people know how to create and protect passwords is a gamble. Instruct and remind employees not to write down, share, or re-use passwords across systems. Password salting is a technique to protect passwords stored in databases that adds a string of 32 or more characters and hashing them. The idea is that by salting your passwords, or creating unique passwords for everything, a “contamination attack”-where a hacker gleans your password form entry point X and is able to re-use it on entry point Y- won’t be possible.
Approved Log Ins
Make it a policy that employees should only log in to the network from approved company devices and locations.
When employees use personal laptops and phones or an external internet connection to access the business network it allows the opportunity for hackers to find an entry point. IT administrators can’t keep track of the various personal devices or external connections, but they can monitor and concentrate on company-approved devices that have been configured for remote work.
2. Keep Applications Up-to-Date
Another simple way manufacturers can improve cybersecurity measures is by ensuring that applications employees need access to are kept updated. IT applications, like Microsoft Word or Adobe, present a potential entry point for attackers. New versions are regularly released and strive to fix any security weaknesses within the application.
While updating software can be time consuming and may lead to compatibility issues, not doing so can easily lead to a breach in security. Manufacturers need to make sure there is a scheduled time set aside to recurrently update applications. Fortunately, ERP consultants like Godlan can assist with this.
3. Use the Appropriate Security Levels
Post-pandemic, employers have realized that a certain amount of flexibility is allowable. An employee who needs to access the enterprise resource planning (ERP) system while working at a local coffee shop using their mobile device, for instance, or an office administrator sending an internal memo from a business computer using Office 365 will require different levels of security for their tasks. When employees are using a device to remotely access the network, an appropriate level of security should be implemented.
Risk-based authentication (RBA) utilizes a set of rules and points system to assign the security level required per user or per application. This is based on variables like the physical location of the device (GeoIP), IP address, the service being accessed, or last authentication. RBA is intended to be flexible and efficient for employee use in order to boost security without interfering with everyday work.
4. Apply Single Sign-On
Having an insulated network that incorporates an infrastructure where hardware such as PLCs (programmable logic controllers) are separate to any external facing networks supports the prevention of hackers gaining access to the network overall. However, manufacturers often require having access to systems simultaneously and without compromising security. For instance, team members will regularly need access to a variety of systems like:
- Customer Relationship Management tools (CRM)
- Enterprise Resource Planning (ERP)
- Management Execution System (MES)
- Product Lifecycle Management tools (PLM)
In keeping everything safe and separate, employees will have a multitude of usernames and passwords to remember. If they happen to forget a password, the working process will be slowed or complicated.
While single sign-on (SSO) can provide greater efficiency and allow employees access to platforms and networks despite the network they are on, risk-based authentication is necessary in order to have continued security.
5. Use a Jump Host
In 2017, Saudi Arabia’s petrochemical plants took multiple hits from cyberattacks. In January, hard drives were destroyed and all data were wiped clean at the National Industrialization Center. It took months to recoup what was lost. However, in August of that year in a different plant, a new kind of cyberattack was launched. This time the intent was not to shut down the plant or to erase data, but to sabotage the enterprise’s operation by causing an explosion.
As most enterprises have found the benefit of being a data-based ecosystem, hackers have had an easier time manipulating various aspects of a company. Because of this connected nature of manufacturing supply chains, for instance, security points need to be included in order to prevent hackers from gaining access to multiple systems.
For example, programmable logic controllers (PLCs) control hardware for manufacturing such as pick-and-place machines and other automated machines including computer numerical control (CNC) machines. If they aren’t protected on the network, they are easily accessed by hackers. This can lead to extreme repercussions, such as the attack in Saudi Arabia, if undetected for an extended period of time.
To protect PLCs from unauthorized access, a jump box or jumper server can be used as protection from external threats. It essentially insulates the network from unauthorized personnel.
6. Use Multi-Factor Authentication (MFA)
Another solution that will help to keep the network insulated and protected is a multi-factor identification system. This verifies a user’s identity for login or transaction by requiring multiple methods of authentication from independent categories of credentials. Multifactor authentication combines two or more credentials: what the user knows, as in a password; what the user has, for example a security token; and what the user is, by using biometric verification methods.
The goal of MFA is to construct a layered defense against breach or attack. If one factor is compromised, the attacker still has at least one or more barriers to breach before successfully accessing the target.
It’s necessary to choose your MFA supplier wisely. Also, be aware that some two-factor authentication applications are prone to credentials theft because the code only updates every 40 seconds, and during that time a hacker can access the network using the code.
Dedicated MFA platforms promise more secure authentication; they update frequently to stay ahead of cyber attackers. For instance, they deliver new security strings for each request for access. To achieve the maximum benefit, there are a few elements of an MFA platform to consider, including:
- Efficiency. Some MFA platforms will allow for an SSO option, which can be ideal for ensuring efficiency
- Intelligence. Depending on the size of your enterprise, your employees and their devices could be spread across the world. The platform you chose needs to be able to adapt to the attributes you set
- Flexibility. An MFA platform should be easily integrated with hundreds of applications, so that regardless of how your enterprise evolves in the future, it won’t be faced with restrictions.
7. Stress to Employees the Importance of Manufacturing Cybersecurity
As with anything, the parameters you set up for cybersecurity will only be effective if your team utilizes them properly. It should be easy for your employees to use and remember. If the policies or procedures are too complicated or interfere with everyday work, then employees may decide not to follow them, despite the risk.
Therefore, in addition to all of the other suggestions, training your employees on the severity of cybersecurity is critical for the manufacturing industry. Examples and information of attacks that happened to other manufacturers will open your employees’ eyes and give them a better understanding of their role in protecting the entire company.
The Bottom Line
In March of 2023, the Biden administration released the long-awaited National Cybersecurity Strategy, naming cybersecurity as a crucial component to American economic prosperity as well as national security. It’s just as crucial to your own enterprise.
Therefore, finding a combination of practices that works for your enterprise should be at the top of your priority list. Every company has different needs, meaning that security isn’t one size fits all; regardless, maximum adoption is key to make sure you can guarantee your customers protection in the robustness of your cybersecurity.
Staying up-to-date of the current cybersecurity risks and introducing effective security measures is essential for protecting your company and your customers. By being proactive, you can safeguard your company from the devastating impacts of cyberattacks by keeping in front of the curve.
Consider these statistics: in 2021, Ransomware cost the world approximately $20 billion, and that number is expected to increase to $265 billion by the year 2021. Of the 32 percent who pay the ransom, only 65 percent of data is recovered. Are these numbers that your enterprise is willing to gamble with?
Godlan’s cybersecurity team has the knowledge and ability to help keep your company ahead of those who might attempt to compromise it. Our world is only growing more reliant upon the internet and its various devices. A cybersecurity assessment by Godlan’s cyber team will help you to see exactly how safe your enterprise really is. Reach out today to www.Godlan.com or call 586. 464.4400.