This Year’s Big Cyber Target Could Be the Factory Floor
Category : Forcepoint
We’ve all witnessed the steady stream of high-profile cyber breaches in the past few years, from the attack on federal personnel records in 2015 to Equifax in 2017. Yet despite the theft of hundreds of millions of personal data points and the billions of dollars spent repairing the damage, there is one major economic sector that remains dangerously open to cyber-attack: Manufacturing.
American manufacturing is at risk of becoming the big cyber-hack headline in 2018, as companies balance the drive to automate with the need to keep factory floors cyber-secure. Sales of automated manufacturing equipment, from robotic arms on assembly lines to computer systems that manage supply chain logistics, grew 40 percent between 2012 and 2016, according to data from the Robotic Industries Association. Those automated systems are increasingly connected to the global Internet of Things. That leaves them vulnerable to attack.
When computer systems were introduced to factory floors a generation ago, the networks were typically walled off from business operations. But the new generation of automated and smart systems is designed to closely integrate with the business side. As a result, older firewalls are being torn down, opening new, potential online attack vectors.
In October, I compared cyber risks to an iceberg. It’s easy to navigate around the threats we can see. It’s those jagged edges below the water line that are the real dangers.
Every connected system or piece of machinery is a target for outside bad actors – nation-states, hacktivists or organized crime rings, for example – as well as from the insider threat – careless employees, employees with a grudge or third-party contractors with access to critical systems. So it’s not if you’ll be hacked, it’s when.
It’s important that manufacturers fully understand the cyber risks associated with connected systems, including production shutdowns; manufacturing defects; damage to machines or systems; employee injury; loss of intellectual property; or reputational harm.
Staying ahead of the cybersecurity threat is a business imperative that requires the full attention of managers and C-suite level executives, all the way up to the board of directors. That’s our approach at Raytheon in our manufacturing and all areas of operations.
Here are a few areas management and boards should take a long hard look at in the new year:
- Architecture: Ideally, the factory network needs to be logically segregated from the rest of the business. But when there have to be connections, it’s critical to lower defenses as little as possible, as well as establish access controls. Not every employee needs to be able to access every system.
- People: Your people are the best line of defense against cyber threats. A good IT team can oversee network-enabled factory assets. The factory team can be trained to change default passwords, turn off unneeded services and identify the underlying software so vulnerabilities and patches can be tracked.
- Suppliers: As businesses toughen their defenses, hackers are increasingly looking down the supply chain to identify weaknesses. Supplier assets shouldn’t be added to your network without first conducting a vulnerability assessment. Also, monitor what data is being sent back to the vendor and how it’s being transmitted.
- Process: Above all, ensure someone is in charge of and focused on the security of your factory floors. Your CISO should be working collaboratively with your operations manager as equipment is moved in and out.
No industry, from global tech leaders to small family-owned businesses, is immune from the growing cyber threat. But proactive steps can be taken to identify potential vulnerabilities and cyber-secure your systems before your business becomes a headline in 2018.