Manufacturing has entered a new era referred to as Industry 4.0 – the digitisation of everything and the expansion of the Industrial Internet of Things (IIoT). Key to this digital expansion is the usage of the Internet Protocol version 6 (IPv6). When we narrow our view to the Energy manufacturing sector, we see extensive usage of Operational Technologies (OT) and Supervisory Control and Data Acquisition (SCADA) systems along with the aforementioned IIoT.
All connected devices, networked sensors and intelligent devices used in manufacturing make up the IIoT. This advanced level of connectivity is used to transform the traditional, linear manufacturing processes into dynamic, interconnected supply chains. IIoT allows manufacturing companies to be safer, more efficient, and more profitable. All these functions can be monitored via alerts through dynamic SCADA systems, which truncate everything happening on the manufacturing floor onto one device – allowing for more visibility and faster reaction times.
SCADA systems can detect downtime through connected sensors and can automatically alert staff, which maximises efficiency by minimising down time on the production floor. Most importantly, SCADA systems can help keep employees safe. For example, an IIoT sensor on an oil rig can alert engineers when pressure is dangerously high. The engineers can evacuate or begin emergency protocols with advanced notice thanks to IIoT alerts.
Why the manufacturing industry is at a higher risk of cybersecurity threats
If an individual has their credit card information stolen, the identity thief has a limited amount of time before the bank sends a fraud alert and the card is frozen. The victim may be slightly inconvenienced, but for the most part the negative impacts are limited. On the other hand, if a major manufacturer is infiltrated, the negative impacts are exponentially greater. Hackers could shut down oil production, crippling the bottom line. Hackers also could steal sensitive intellectual property data, among other threats.
All companies, even beyond manufacturing, need to take a step back and evaluate IT security tools to prevent the onslaught of malicious cyberattacks. While dynamic Managed Security Service Providers (MSSP) systems seem costly, the potential cyberattack risk is much greater.
Typical causes of breaches continue to range from lack of keeping application software updated against known threats to insider threats attacking privileged access management credentials to supply chains to lack of security on these industrial systems, especially in the manufacturing sector. Challenges also continue in the board rooms, where many members lack the full understanding of funding cybersecurity efforts and often leave the security teams with a lack of tools and staff. These industrial systems are at very high risk to hacking due to their inherent lack of security yet they provide critical functionality to these environments. Imagine thousands of these devices sending data back to be analysed at the same time – it’s a nightmare for most security tools to handle this substantial of data ingress and to manage the IPv6 standards needed to support them. Luckily, Security Information and Event Management (SIEM) systems and similar MSSPs can capture, store, and analyse data in real time alerting companies immediately of a breach or cyberattack.
Companies manage petabytes of data from many different sources. SIEMs offer more control of sensitive data so that leadership knows what data is being taken in, where it is being stored, and who can retrieve it. Where SCADA system alerts the manufacturing floor, SIEMs can alert IT staff when a data breach or similar attack is underway. In a world where the threat of cyberattacks continues to rise, both SCADA and SIEM systems work in tandem to increase efficiency and protect sensitive information, not only for the sake of companies but also for the sake of end-users.
The impacts of cybersecurity breaches
Sadly, the constant cadence of data breach reports is beginning to desensitise us to the news. Unfortunately, more than 50 per cent of small to medium businesses go out of business after suffering a cyberattack. For larger businesses like Equifax, the current documented costs of its data breach have reached $1.4 billion and counting. While Equifax can manage these costs, it will forever have impacted the company’s business model and reputation.
Pharmaceutical provider Merck quantified the impact of its 2017 Q3 cyberattack in the quarterly revenue report at a total of $310 million since June. The reason for the lost revenue can be traced back to NotPetya’s disruption of operations that forced a halt on drug production. In particular, the HPV vaccine was shut down, company email was shut down, and employees couldn’t access their computers.
Many homes are now updating their environments to the latest IoT smart systems, from lights to video doorbells to smart appliances. This is adding substantial risk to cybersecurity teams when their employees are using mobile devices for both work and managing these devices. Imagine thousands to millions of these smart devices all being used to initiate a massive distributed denial of service (DDoS) attack that would effectively shut down the systems they are attacking.
It’s important for companies to remain vigilant in protecting the systems vital to their organisations – IIoT, SCADA, and beyond. Employees also need to also be aware of keeping themselves and their devices secure to further prevent catastrophic breaches, and MSSPs fill the security void for organisations to help protect sensitive information and devices. For these reasons, companies should consider getting acquainted with the best MSSPs for their needs.
Chris Jordan, founder and CEO, Fluency Security