The manufacturing sector cites cybersecurity as its biggest risk as reports from the U.S. show that the volume of attacks on the manufacturing sector in 2016 was second only to the healthcare sector and ahead of financial services. These attacks were primarily executed to steal intellectual property and disrupt the manufacturing process. The consequences of a successful attack can be catastrophic – ranging from financial loss, recalled products, criminal proceedings and a company’s demise.
CyberSecurity has a very high profile in the enterprise and there is a wide range of tools and practices available to mitigate the risks. These include network segregation, firewall deployment, intrusion detection systems, virus detection, etc. Within the industrial context, however, there are a growing number of factors which need to be addressed and the standard IT tools and processes do not directly apply – amongst these factors are:
- Age of equipment – systems deployed in the factory are not updated/replaced as frequently as they should. Some may be ten or more years old and hence are not supported by most of the security industry.
- Traditionally, industry deployed closed networks on the factory floor with little or no connection to the corporate network. This is no longer the case as more sophisticated systems are deployed for example to monitor and report. Consequently, these factory networks may now be comprised via the corporate network.
- Roll out of Smart Factory initiatives (the adoption of Industrial Internet of Things and Industry 4.0) mandates greater connectivity options and information exchange. This introduces many new actors and protocols to the organisation, for example supply chain, partners and end customers.
- There is less awareness amongst automation personnel when compared to their IT equivalent. Typically, automation systems lag behind in adopting security measures.
- Compared to other verticals, there is no definitive compliance standard for manufacturing industry.
IMR can help to enhance a member company’s cybersecurity through:
- Providing advise as to security strategy, tools and processes
- Informing member companies of emerging risks and their mitigation
- Working with the security industry and our research partners to leverage emerging technologies and solutions