Safeguarding against the increasing operational attacks to manufacturers
Events over the past year have revealed just how enormous the potential cost – both reputationally and financially – of suffering a major security breach can be. No industry, including manufacturing, can afford not to take their data protection and cyber security seriously, or indeed make it a number one priority.
In fact, with our latest report revealing a fifth of the UK public believe cyber-crime and hacking are the biggest challenges facing the UK today, every single manufacturer has an obligation to make data protection as much of a priority as the public expects.
Although organisational awareness is on the rise, it is clear many still struggle to put in place the right measures to safeguard employees, customers and the broader business.
A changing landscape for manufacturers
Whilst it is of course important for security measures to be heavily placed on customer breaches – many organisations are forgetting the increasing threat of operational breaches.
As we move into the Industry 4.0 era – for example, through the deployment of smart factories – manufacturers are exploiting more data from their production systems, extending out the enterprise to be able to connect to the end customer.
And as the manufacturing industry moves into this digital age, many are focusing their efforts on selling a ‘service’ rather than a product.
Take Rolls-Royce as a prime example of this. Well known for their jet turbines, they do not consider themselves an organisation that ‘sells engines’. Instead, with their power-by-the-hour offering, they take the responsibility for service planning and performance off the customer. In doing so, the company is able to record and analyse huge volumes of data meaning they can offer customers better and more comprehensive service agreements.
The increasing risk of operational attacks
In the advent of ‘smarter’ products, there is an increasing opportunity for hackers to either steal or plant false data on the effectiveness of a company’s productivity. For instance, competitors could inject false data into a system to make it look like it had a fault – this in turn incurring costs for the wider business.
An example of this was the infamous virus Stuxnet worm attack on an Iranian nuclear plant almost a decade ago. The first worm of its type, it was capable of attacking critical infrastructure like power stations and electricity grids, rather than simply hijacking targeted computers or stealing information from them. It escaped the digital realm to wreak physical destruction on equipment the computers controlled. Once inside the computer system, Stuxnet searched for software that controlled machines called centrifuges.
The disruption was first noticed when inspectors with the International Atomic Energy Agency detected that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause is still a complete mystery today but was reported to have arrived at the plant via an infected USB stick.
Interestingly, it was only recently that IBM announced plans to ban employees from using removable memory devices such as USB sticks, SD card sand flash drives in a bid to reduce the chances of malicious software or sensitive data being extracted from the company.
One thing is clear; cyber security protection is no longer just about monitoring customer data. Operational hacks are having a fundamental impact on the way an organisation’s product, service or factory works. And with the move towards smart factories, we’re now seeing the growing impact that cyber criminals could have through to the cyber security weak points in an organisation’s sensors.
So, how can manufacturers best safeguard themselves against operational attacks?
As the threat landscape continues to evolve, all organisations – including manufacturers – need to be more proactive in their approach to addressing the likelihood of operational attack to their business.
And there are some relatively simple actions to do exactly this.
Foremost, there are a number of products, policies and processes that can be put in place to give organisations the right level of defence against any impeding attacks.
For instance, as machine learning algorithms have the ability to learn from data and make predictions based on that data. Implementing such algorithms can offer companies with a simple yet effective approach for detecting any anomalies.
The second is all about upskilling talent. With employees on the front line of this battle, more must be done to improve user awareness and training in the potential threats to the operational side of the business. Upskilling employees and making them more cyber aware is one of the most cost effective ways of reducing the probability and impact of human error.
By adopting a two-pronged approach; complementing employee training and awareness with continued investment in technical and security controls, manufacturers can be on the front foot for proactively identifying and managing threats instead of waiting for breaches to happen.
Graeme Wright is the CTO for Manufacturing, Utilities, and Services at Fujitsu UK and Ireland