Compliance & Risks
Supply Chain Disruptions changes factory 1 Rebuild
This series of blog posts explains essential cybersecurity for the crucial reconstruction of supply chains from the perspectives of network design for smart factories, remote business operations, and capital expenditures.
Save to Folio
Posts in this series
In the past, when considering the theme of supply chain security, attention was paid chiefly to governance as well as audits of affiliates and subcontractors. However, the issue presented by the current pandemic to the worldwide manufacturing industry is how to reconstruct sustainable supply chains. Cyber security has become an essential factor in continuing to digitalise processes. This series of blog posts focuses the smart factories amongst various security issues in the supply chain.
The pandemic and supply chains
Half a year has passed since the World Health Organization (WHO) recognised COVID-19 as the second pandemic in the organisation's history. In the time since, COVID-19 has forced us to change our behavioural patterns, and supply and demand fluctuate rapidly in the market.
The keyword for behavioural patterns is "contactless." People's movements are being restricted by governments and by voluntary restraint.
Financial research firm IHS Markit has released the Global PMI (Purchasing Managers' Index) Report, which contains indexes to business confidence indicated by a questionnaire sent to procurement staff members in manufacturing and non-manufacturing industries. According to the report, hugely negative effects continue in the sports, tourism, and food service industries, which are associated with contact and movement. Although manufacturing industries (e.g., automotive, electrical components, and apparel) show signs of a positive recovery, the disruption of global supply chains in April and May caused great havoc for them as well. During this period, we think that many people realised that our lives depend on various industries. National governments have started to present their respective budgets and policies, including large financial expenditures and tax breaks, to promote recovery from the pandemic and transformation to sustainable socioeconomic models (examples: Australia and France). Some policies include bringing back domestic production of manufacturing industries and the digital transformation of factory facilities and human resources. Such efforts imply that supply chain risks are not only risks for companies but for nations as well.
The imbalance in the structure of current global supply chains chiefly caused by the excessive pursuit of economic rationality, such as production near the labour force and demand, has come to be seen as a problem, although there have also been effects from social and political factors, such as local employment and customs. In recent years, as geopolitical risks and natural disaster risks have emerged, awareness of issues related to the sustainability of supply chains and businesses has been increasing, and the pandemic has precipitated a crisis.
Although the pandemic has triggered the emergence of problems, the issues that the manufacturing industry must solve in the supply chain are deep and significant, regardless of COVID-19, that will affect the survival of the company. From a cybersecurity perspective, a geopolitical issues have been to prove to the supplier the product in which country it was manufactured and whether it is confidential in the process. We are entering an era in which we must confront the issue of interstate called economic statecraft.
As a security partner like Trend Micro, we will provide a deeper understanding of regional and national policies and players in that region, as well as provide tools and services that support security in each area of ??supply chain procurement, manufacturing, storage, logistics, and sales. As a starting point, it is necessary to build trust within new standards.
Focusing on the purpose of continuing manufacturing process, we predict that a system will be built up for maintaining balance amongst regions, achieving decentralisation and redundancy, and functioning in different ways in an emergency versus normal times. To achieve these goals, the following two are expected of smart factories.
- Distribution of production amongst regions, and remote operation
- Flexibility for keeping abreast of abrupt supply-and-demand changes
One concept of Industry 4.0, which was proposed in Germany and embraces smart factories as its core, is "digitalisation of processes in supply chains." The construction and success of large-scale smart factories will attract attention as government projects in each nation.
Because an increasing number of people in both non-engineering and engineering positions are involved in smart factory projects, this series of blog posts explains the cyber security that is essential to the crucial reconstruction of supply chains from the perspectives of network design for smart factories (things), remote business operations (humans), and capital expenditures (money).
Establishment of new smart factories with cyber security
When establishing a smart factory, it is important to incorporate security at the design stage for the network that will sustain the entire system. IEC62443 (Security for industrial automation and control systems) has been created as an international standard for the security of industrial control systems (ICS). It stipulates the responsibilities to be fulfilled by user companies, system integrators, and vendors with the aim of constructing an ecosystem that incorporates security at all stages, including policy, organisation, system design, operation, and component development. The standard stipulates cyber security as an essential factor for smart factories, which build up a dynamic supply chain by connecting companies and factories.
The basic concept in the design of factory networks is to divide assets into zones and to connect zones to each other via conduits. Under this concept, assets with the same security requirements are grouped together. Adopting this idea at the design stage is vital. We often hear that it is difficult for users to zone their assets without physical borders even when they want to do so from the perspective of security.
The standard recommends that you zone the systems related to safety first. Among safety instrument systems, radio systems, systems directly connected to an Internet endpoint, and mobile devices, extra attention should be paid to systems that are operated for the purpose of securing safety at onsite workplaces. Physical areas in facilities can be roughly divided from the perspective of operation (such as materials storage, processing, and finishing), and then further subdivided into functions. Different requirements are imposed for electrical control systems (PLC), which drive motors, and for instrumentation control systems (DCS), which control sensors and fluids. In some cases in which a redundant configuration is adopted, the main system and subsystem are divided into different zones. The Purdue Enterprise Reference Architecture (PERA) model provides a versatile way to zone a factory's entire network into functional layers.
Trend Micro has released a list of best practices for using the PERA model to take mitigation measures according to the risks in each layer for both new factories and existing factories.
For the details, refer to the following.
Download: Best Practices for Securing Smart Factories: Three Steps to Keep Operations Running
The next part considers security from the perspective of "remote" for smart factories.