The risk of cyber-attack has become part of business life. According to a report by the Online Trust Alliance, the number of ‘cyber incidents’ targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017; and that’s just those that were reported, writes David Rand, Information Security Manager, Protolabs.
A recent survey by industry body EEF revealed that the manufacturing industry is the third-most targeted by cyber-criminals, behind the public sector and financial services, with almost half of UK manufacturers claiming to have experienced a cyber-attack at some point. Of these, half reported that their business had been disrupted or that they had suffered a financial loss as a result. Of greater concern, perhaps, was that 45 percent of manufacturers believed they did not possess the right tools to deal with a cyber-attack and its aftermath, with more than ten percent admitting that they lacked the technical or managerial processes required to either assess or mitigate the risk of attack.
What’s more, the evolution of the Industrial Internet of Things (IIoT), and the potential security risks that accompany an ever-growing number of connected devices, means the industry could become even more vulnerable to attack. Making cyber-security a priority is, therefore, now paramount for all manufacturing businesses.
Protolabs recently carried out a survey of business leaders which revealed a clear association between manufacturing and the term ‘Industry 4.0’, the increased use of web-connected industrial processes, which employs software, robotics, and advanced automation for greater efficiency, quality and productivity.
The automation of essential manufacturing processes, a key component of Industry 4.0, involves the use of a number of platforms, tools and systems, many of which will often have access to sensitive corporate information. In addition, many customers will share CAD models and business contact information with their manufacturing partners. Since the GDPR came into force in May, however, the privacy and protection of sensitive corporate and customer information has been thrown into sharp focus like never before.
Digital manufacturers are therefore being entrusted with the intellectual property of their customers – possibly some of the most precious information they could share; a responsibility they must take extremely seriously.
But as the increasing level of businesses falling victim to cyber-attack demonstrates, this information could be left exposed and vulnerable if manufacturers fail to put adequate protective measures in place.
Security teams within the manufacturing industry should be mindful of Article 32 of the GDPR, which requires the privacy, confidentiality, integrity and availability of the data systems critical to their process to be protected. It is also a condition of the same Article that businesses “have the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.”
No one single solution is available, though, that can protect the new vulnerabilities being created as a result of Industry 4.0 and the IIoT, and the volume of devices and endpoints involved. By way of illustration, it’s worth considering that the massive Mirai botnet behind the DDoS attack on Dyn, which led to a large proportion of the internet being taken offline in October 2016, may have comprised up to 2.5 million devices at one point.
It is the responsibility of manufacturers, therefore, to ensure they have the systems, procedures and knowledge in place that will enable them to protect sensitive data, detect active threats, and defend against any external risks to their IT infrastructure. However, the number of potentially vulnerable endpoints, such as sensors, connected devices on the factory floor, and customer-facing CAD systems, will require security teams to work collaboratively, liaising with other lines of business throughout the organisation as they look to manage risks.
Taking a layered approach to security is important, using a range of tools and techniques such as firewalls, intrusion detection and prevention systems and, especially important given the number of connected devices, 24/7 network monitoring tools. It is, after all, impossible to defend against an enemy you can’t see.
Finally, it’s important for all employees from factory floor to board room, to be given regular security awareness training to ensure their cyber-security awareness and skills are kept up-to-date.
Forward-looking manufacturers that embrace the opportunities of Industry 4.0 and evolving advanced manufacturing technologies will enjoy significant efficiency, time- and cost-saving benefits. It’s important to consider, however, that cyber-threats are also evolving at the same pace. By investing in the most robust and effective protection solutions, and ensuring that employees are kept abreast of the latest developments and techniques, manufacturers can continue to deliver high-quality products, while remaining secure and compliant with the latest data privacy legislation.
