Manufacturing is the engine of any economy, but what happens if this vital industry comes under attack from new and previously unrecognised sources?
British manufacturing is currently enjoying a resurgence, with sustained growth which has maintained its significant contribution to the UK economy. The rapid integration of technology has been a major driver of this growth, leading to the creation of a number of hybrid tech enterprises where manufacturing techniques are underpinned by a range of digital technologies.
Indeed, Industry 4.0, the contemporary industrial revolution, heralds the merger of manufacturing with technological processes such as automation, alongside novel networking models such as the Internet of Things (IoT) and Machine to Machine communication (M2M). These technologies have created a shift to many manufacturing processes being overseen and regulated by sensor and actuator data transmission with minimal human input or intervention.
With a greater dependence on digital technology, wireless communication and the storage and movement of data, comes a new set of threats and challenges which threaten to overthrow the innovation and progress this sector currently enjoys.
Cybersecurity is currently coming to the fore as one of the most significant risks to the integrity of the manufacturing industry. Cyberattacks on manufacturers lead to data and intellectual property theft, data loss and corruption, as well as sabotage of equipment and machinery, disabling of networks and losses of time, productivity and money.
The scale of the problem
The increasing scale frequency and variety of cyber attacks is a considerable challenge to both the domestic and global manufacturing sectors. Globally, over half of the companies targeted by the Petya ransomware attack in 2016 were in industry and manufacturing and the infamous WannaCry virus was able to halt a Honda production facility. Manufacturers are now finding themselves on the front-line of anything from frequent ransomware attacks to devastating and malicious computer worms such as Stuxnet, with each encounter having the potential to bring productivity and growth to a screeching halt.
British manufacturing has already been impacted by notable cybersecurity compromises with the sector being the third most attacked in the UK after finance and government. According to Make UK, a key manufacturing industry organisation, over half of British manufacturers had experienced a cyberattack by 2018 and almost half felt ill-equipped to tackle the issue of cybersecurity.
Make UK’s report, titled ‘Cyber-Security for Manufacturing’, found that a notable proportion of manufacturers were without the operational procedures or protocols to mitigate threats. This is despite well over half of the businesses surveyed being asked by prospective clients to demonstrate their robustness against hackers and other I.T. security breaches.
Key vulnerabilities for manufacturing – where strength becomes weakness.
The speed of innovation and integration of novel technologies makes manufacturing vulnerable to cyberattacks.
Manufacturing has a unique interface between digital and physical systems meaning that digital security compromises have authentic physical impact. SCADA networks, one of the most common in industry, are known to be vulnerable to hackers, malware and espionage and breaches are known to be common. Compromise in the cyber-physical systems (CPS) that underpin modern manufacturing which include operations technology (OT) and industrial control systems (ICS) result in a devastating alteration of the physical processes, parts, materials and environment. A cyberattack, not only risks inventory, equipment or product, but also human safety, especially if a compromised feedback loop is relied on.
How the manufacturing industry can protect itself
It is clear that the manufacturing industry can no longer bury its head in the sand regarding digital security. Effective, rapid responses to threats are required by manufacturers as well as robust penetration testing to identify gaps and weaknesses in the technological interface which can be strengthened against live, authentic attacks.
As a baseline, there needs to be clear and decisive steps taken by manufacturers to protect themselves from the most common attacks. Key strategies are outlined in the ISO/IEC 27000 family of IT security standards which can be used by companies to formulate their own approach to tightening up security.
A robust approach to manufacturing cybersecurity would typically comprise:
• Self-assessment of current vulnerabilities using penetration testing to identify weaknesses.
• Implementation of stronger protections such as firewalls and access control for critical data.
• Development of plans and protocols which mitigate risk and reduce impact in the event of an attack.
• Establishment of a risk register for adverse events and reporting within the company, to customers and relevant public bodies where necessary.
In addition, manufacturing companies need to create greater awareness of cybersecurity within their companies at all levels and ensure that personnel know the kinds of attack the organisation can face and how they can personally act to reduce risk.
A proactive approach to cybersecurity is essential if UK manufacturing is to take full advantage of the range of opportunities offered by integrating digital technologies, networks and platforms. By becoming better informed on the issue of cybersecurity manufacturers can take immediate steps to increase resilience in a rapidly changing landscape.