The world’s first digital weapon and the most “successful” industrial attack in cyber history was the Stuxnet virus, a 500-kilobyte computer worm that infected the industrial control systems that operate equipment in Iran. The virus was discovered in 2010, compromising at least 14 industrial sites, including a uranium-enrichment plant. Rather than simply taking over targeted computers or stealing digital information, Stuxnet caused the physical destruction of equipment being controlled by the infected computers.
Manufacturing is second only to healthcare as the industry most prone to cyber-attacks. According to a report by Sikich, 525 separate incidents of cyber-attacks within the manufacturing industry were reported in 2015, a figure which doubled from the previous year. More than 60 percent of these incidents were attributed to some form of cyber-espionage.
What could be the reasons for this targeting of manufacturing by cyber-attackers?
Manufacturing is one of the oldest industries, with some companies still in business after 100 years of operation. When manufacturing systems were first being developed, digital security was not an issue. The industry focused more on such things as productivity and safety, while cybersecurity efforts remained in its infancy. However, with an embrace of cutting-edge technologies like automation, robotics, 3D printing, and IIoT, things changed considerably for manufacturing. Interconnected systems and data are now running the machines and equipment inside smart factories. Manufacturing companies are now more aware of security issues and have appropriate security measures in place.
Cyber-attacks are becoming more technically sophisticated and have the capability to bypass standard security measures like firewalls, malware detection, and intrusion detection systems. They pose a serious threat to the operation and safety of manufacturing companies. Such attacks have the potential to bring down critical systems while bringing productivity to a standstill, damaging customer and partner relationships, and ultimately compromising a company’s reputation.
Manufacturers can protect themselves against a majority of cyber-attacks by following these tips:
Typically, manufacturing companies do not have strong controls when it comes to their systems. Necessary controls include two-factor authentication or a specific approval protocol. Also, investing in security monitors and systems is advisable.
Enforced password complexity
This is a basic necessity for all systems or computer-controlled machines.
Annual IT risk assessment
Review all systems to understand where threats are originating from and then take proper action to remove them.
Creating simulations to guess the threats of someone trying to break into the organization’s network is also a good step to improve cybersecurity.
Ongoing vulnerability scans
Throughout the year, perform system scans to help the organization stay up-to-date on any new threats. Segment your network as much as possible so that if a hacker or malware gets in, they can’t easily move across the entire network.
Encryption and backup
With encrypted data, even if the attacker gets their hands on it, they can’t use it. A backup comes in handy in the event your data is wiped off the system.
Utilizing two or three independent authentication factors when validating computer users is a good security measure for manufacturing systems.
Improve employee awareness
Add data protection and cybersecurity guidelines to manuals and employment agreements, and train employees on the security policies regarding the use of confidential data and networks.
Cybersecurity is not at the forefront of most manufacturers’ thought processes, thus causing them to remain vulnerable. With the rise in cyber-attacks, cybersecurity should be considered as a company-wide goal and policy. Information on cybersecurity should be included in all employee training sessions. Additionally, manufacturers should provide cybersecurity certifications throughout the year to ensure employees understand its importance.
Manufacturers should assume they will be breached and always plan for the worst.