Cybersecurity and Manufacturing – Keeping Critical Information Safe From Attackers

PB 27 JAE logo 400

June 22, 2020

We all know that we’re supposed to back up our data and secure our devices against attack. But too often we put it off until it’s too late. We’re busy, and we’ll get to it another day. And then, one day, we turn on our device, look for a file, and realize something is wrong. We’ve been hacked.

The thought of losing our files, pictures, and data is scary. Scale that up to an entire company and the consequences can be severe. Think about the amount of critical and sensitive information the typical manufacturing facility has access to. Sensitive customer records, design and engineering data, intellectual property, and industrial control systems for high risk manufacturing processes – there’s a lot to lose. As new technologies and connected devices continue to be installed in production environments, the need for a proactive, comprehensive approach to cybersecurity grows as well.

How Industry 4.0 is driving new security requirements

Industry 4.0 is a common term for the technological revolution that is happening across the entire manufacturing sector. New technologies, sensors, data and analytics, and advanced robotics have the potential to significantly enhance productivity, lower costs, improve product quality, and increase operational efficiencies.

This requires a complex mix of networks, back-office software and applications, Industrial Internet of Things (IIoT) devices, generations of control systems, and a variety of other systems and equipment. Each device or system that connects to the Internet represents a potential vulnerability that hackers can use to access the internal network, and unsecured IIoT devices, sensors, or machines can become an easy target.

Malicious actors are constantly evolving and changing their approach. Infected USB sticks are among the most common ways for attackers to breach a facility, while phishing and other behavioural attacks trick employees into clicking on links or files that introduce malware or other software. Once in, attackers can remain undetected for weeks or months. IBM found that, on average, it takes companies 241 days to identify and contain a breach. During this time, attackers can steal data, disrupt critical infrastructure, monitor systems, and even take control of and physically damage equipment.

The cost of a breach is massive

In 2019, IBM found that the average global cost of a data breach was $3.9 million. In Canada, this average rises to $4.4 million, and for industrial companies, it rises further to $6.9 million.

The cost of a breach takes years to fully realize. The IBM report showed that the loss of customer trust following a breach was the largest contributor to the total cost. Compromised industrial companies can expect to see abnormal customer turnover of 3.3 percent after a successful attack as customers take their business elsewhere.

While the average cost is high, individual costs can vary greatly. A 2017 virus destroyed the information systems it infected, leading one large logistics company to lose $300 million. What’s more, they were not even the original target of the attack. Instead, they were collateral damage as the infection spread through the supply chain and shared systems of the company that was originally hit.

Taking a proactive approach to cybersecurity

When it comes to security, it is impossible to be reactive. Once an attack has taken place the damage is already done. Instead, manufacturers need to be proactive and consider how they are securing their entire facility. From the devices used by employees on the shop floor to the sensors monitoring equipment to the software used by management, security needs to be at the forefront of the conversation every step of the way.

Unfortunately, a recent report found that only 16 percent of industrial companies had fully deployed a security automation system, while 57 percent hadn’t deployed any security automation system at all. Globally, industrial companies ranked last among all industries.

It is critical that manufacturers bring in the right people with expertise in cybersecurity, either by building a team internally or partnering with a cybersecurity firm. These experts can ensure that companies follow industry best practices, stay on top of security trends and technologies, and identify and address the specific needs of their organization. Depending on the market segment, they may also help manufactures meet regulatory and compliance requirements for data and other sensitive information.

The time for security is now

As technology, data, and connectivity play a greater role in manufacturing, the risk of attack is constantly increasing. A large-scale data breach that disrupts operations and results in the loss of sensitive data or critical information can be a devastating blow that can take years to recover from. Manufacturers of all sizes must think about how they are securing their facilities against attack and ensure that they are prepared in case the unexpected happens.

Source

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…