The manufacturing sector develops everything from aeronautics infrastructure, to power equipment, to electrical equipment, to grain silos, to vehicles, along with many other goods demanded by global markets. As the manufacturing processes around these consumables has matured, and as breakthrough technologies -robotics, artificial intelligence, and the Internet of Things- have been integrated into manufacturing processes, manufacturing security has gained attention as a topic of import.
In 2020, the manufacturing sector represented the second most commonly attacked industry sector. Thirty-three percent of cyber attacks on manufacturing entities succeeded, and 35% led to operational or plant outages. But forget about the percentages – manufacturers encountered ransomware demands for as much as $34 million.
Given the increased attack volume and increased levels of attack sophistication, older security mindsets are no longer adequate. “Air gapping” and firewalls alone are not enough. Despite extensive security hardware investments, new policies, and industry compliance, many manufacturing groups continue to question the caliber of their security infrastructure.
Risks: Manufacturing security
Mitigating risk in the manufacturing sector is tough. Security programs will vary based on the specific needs and risk profiles of organizations. For example, some will require a greater focus on Supervisory Control Data Acquisition (SCADA) systems, and real-time data analysis than others. Nonetheless, all owners and operators of manufacturing security programs can benefit from consideration of the following security fundamentals:
1. Exhaustive risk analysis. Exploration and identification of risk areas across the business allow for the design of highly effective cyber security programs. People can’t protect what they cannot see. Risk analysis can also assist with gaining security buy-in and investment interest from executives and other organizational stakeholders.
2. Proper staffing and resource allocation. The absence of proper staffing and security resources can lead to lack of accountability and can diminish the overall effectiveness of security programs and practices.
3. Partnerships. The development of security partnerships with federal, state and local agencies can increase security effectiveness. These entities and their employees can provide valuable insights into risk identification, risk management, threat intelligence, incident response, and more.
4. Physical security. Any manufacturing security plan needs to take physical security into account. Manufacturers need to conduct physical security risk assessments that focus on threats, vulnerabilities, and consequences related to physical breaches. Afterwards, owners can implement a variety of measures that can prevent physical security incidents.
In the manufacturing sector, risks exist around both malicious human threats (ex. crime, sabotage, terrorism), and unintentional human threats (accidental misconfigurations, clicks…etc). This point should receive consideration as organizations implement new controls and security solutions.
The manufacturing sector is the industrial lifeblood of many nations, and a major driver of economic growth. But ever-evolving next-generation security challenges require further strategizing around protecting information, personnel, products, facilities and supply chains.
It’s critical for manufacturers to adopt a suite of modern security practices that span beyond air gapping and firewalls. Well-managed security can yield increased confidence in operations, and facilitate productivity, progress and growth.
With risk assessment and mitigation strategies in-place, the issue of manufacturing security can be solved. For more information about manufacturing security, please see this whitepaper.