Ransomware
Unique cyberthreats to smart factories and how to avoid them
The fourth industrial revolution is rapidly transforming manufacturing companies. A positive evolution, yet it also creates unique risks and challenges as information technology (IT), operational technology (OT) and intellectual property (IP) all converge to support these new ‘smart factories’.
The fourth industrial revolution is rapidly transforming manufacturing companies. A positive evolution, yet it also creates unique risks and challenges as information technology (IT), operational technology (OT) and intellectual property (IP) all converge to support these new ‘smart factories’.
Steven Heyde, Regional Director Benelux
The IT networks of manufacturing companies are structured and organized like any other network. However, due to certain operational practices and network configurations, these networks are more susceptible to certain types of malware threats. A single failure from a software update, an incompatible error, or a simple system restart could lead to more significant failures in a production process and thus cause severe financial loss.
Unfortunately, manufacturing companies, are more often than not a preferred target for cyberattacks. In Belgium for example, a company called Asco, made the headlines by losing millions and having more than 1000 employees on technical unemployment, others do not make the news but suffer equally large damage. However, by adopting a proactive attitude towards IT security and by partnering up with a trusted security partner, intellectual and financial loss can be prevented.
Disruptions in production
In modern factories computers control and monitor the production process: from operating machines in the manufacturing line to sorting inventories, orders and shipments. As a result, any form of disruptive cyberattack in a manufacturing network will disrupt the entire production process. For example, when an incident affects enterprise systems such as accounting and order management, the efficiency of the production process will also suffer when orders get mixed up.
Disruption can impact the production process of other companies as well. If a supplier fails to a deliver due to production issues, other companies in the manufacturing chain will need to interrupt their own production process.
Counterfeit goods
Data leakage as well can lead to market disruption. It might not affect the production process, but it could hurt the company in the long run. Especially if the stolen information is IP content, which can be a product design, a manufacturing process, or information such as product recipes, formulas and patented substances. The most famous example is the recipe of Coca-Cola. For manufacturers, this is an important competitive advantage.
The greatest impact of IP leakages is the production of counterfeit goods, a huge problem in the manufacturing industry. The United Nations (UN) estimate that counterfeit products amount to 250 billion dollars of trades every year. Companies invest heavily in research, design and engineering, so these counterfeit goods are a significant burden.
Security in Industry 4.0
With so much at stake, smart factories must focus on security. First, it is important to follow the basic security principles by restricting access and permissions. Only trusted entities should be able to access confidential information and not every laptop in the IT network needs access to the production machines. In addition to that, unnecessary services must be identified and removed. They can contain vulnerabilities which could be exploited and therefore become very costly.
An important effect of connecting Operational Technology (OT) networks to IT networks is the introduction of non-traditional devices. As IT administrators focus on protecting the data, OT engineers prioritize safety and continuous operation, over security. This means that IT and OT in smart factories must collaborate to ensure uninterrupted production, while keeping IP protected and always considering safety and efficiency.
Besides that, all assets connected to the IT network should be accounted for, also those coming from the OT environment. This will give administrators the visibility they need to ensure that patches are sent to all services and ports that can be affected.
People are the most vulnerable asset in any organization. Educating them about the value of important information helps them understand the risks and think twice before they share documents using messaging and social media platforms.
And finally, manufacturers must make security a top priority when introducing smart technologies to existing or new facilities. Cybersecurity features should be integrated in the design of equipment in order to facilitate maintenance and protection.
Read more about securing smart factories in this whitepaper by Trend Micro.