Cyber attacks in the manufacturing sector are becoming more and more prevalent. The damage is often in the form of a data breach, disruption of operations or compromise to key systems such as the company’s enterprise resource planning system (ERP).
According to a 2018 Data Breach Investigations Report by Verizon, more than 30% of data breaches at manufacturing companies in 2017 involved the theft of intellectual property. But, regardless of the precise goal of the attack, cyber crime is costly for its victims - potentially resulting in lost revenue, lost customers and public scrutiny.
Vulnerabilities in the manufacturing sector
Across most industries, cyber attacks tend to be opportunistic.
Bad actors may use a shotgun approach to try and gain entry to any number of sensitive company networks. The end goal may be the theft of personal information such as credit card or social security numbers, or cyber criminals may hold access to key files or systems hostage in exchange for a ransom payment.
However, the manufacturing sector is a bit different. The Verizon report revealed that 86% of the cyber attacks experienced by manufacturing companies were targeted attacks. And nearly half (47%) of the breaches involved the theft of intellectual property.
It’s well known that stolen IP can be used to replicate products and processes, gain a competitive advantage and possibly even provide sensitive data to less desirous nation states.
In general, manufacturing companies are more focused on securing their operational technology environment than on cybersecurity.
Unfortunately, this neglect of IT security makes the sector an easy target for cyber crime.
Another inherent vulnerability lies in the frequent reliance on single source supply locations. If all materials come from one location and access is thwarted, the results can be crippling for operations.
The impact of cyber attacks on the manufacturing sector
The very infrastructure of manufacturing companies results in unique vulnerabilities not found in other industries. Aside from interruptions in operations, cyber attacks also have the potential to cause personal injury.
An example is the attack on a German steel mill which resulted in the company’s inability to shut down the furnace. Fortunately, in this case, the resulting meltdown did not claim any casualties.
From chemical plants to steel mills to electronics manufacturers, cyber attacks have the potential to cause:
- Interruptions to daily operations.
- Major operational disruptions result in personal injury or loss of life.
- The theft of IP-protected property (e.g. formulas, blueprints, schematics or plans).
- Loss of personal data (PII).
- Loss of technical trade secrets.
- Loss of unique manufacturing processes.
- Loss of revenue due to operational downtime.
- Liabilities stemming from the exposure or loss of proprietary customer IP data or the transmission of a virus to a client’s network.
How can manufacturers combat cyber crime?
For all types of manufacturers, a key step in cyber crime defense is raising awareness internally about the urgency and scope of the threat.
It is also critical that manufacturing companies fully evaluate and invest in their IT security - both in terms of technology and manpower resources.
The five-section Cybersecurity Framework developed by The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) is a comprehensive roadmap for cyber defense.
The Framework provides detail on five critical functions:
For those manufacturers who serve as government suppliers through the DIBs (Defense Industrial Base) program, cybersecurity takes on an even higher level of urgency.
In an effort to safeguard Department of Defense information residing in or transiting through DIB unclassified networks, the DOD established the DIBNet Portal. This Portal acts as a gateway for DIBs contractors and manufacturers to share cyber threat information and also communicate directly with the Department of Defense.
Even with the implementation of a robust cybersecurity framework, thwarting cyber attacks largely depends on having the appropriate tools.
Security apps and software that require complex configuration, frequent updates and lack flexibility are not the answer.
GoSilent products are highly flexible, secure solutions that do not require specialized customer service support to deploy. GoSilent is the ideal solution for securing endpoints and locking down access to a manufacturer’s network infrastructure.