It is not often we can pinpoint an exact sea change for trends in cybersecurity, but the manufacturing industry experienced an IT security awakening in 2010. It was September to be exact, when the Stuxnet computer worm, the first malware to attack real-world devices such as centrifuges and other machinery, was discovered.
Before Stuxnet — which was believed to have been in production as early as 2005 — not many people would have predicted real-world devices would be hackable. But Stuxnet revealed that the controls, equipment, and mechanisms of manufacturing were not only hackable, but viable targets for bad actors to disrupt industries, economies, and even entire nations.
Along with innovations in hacking, innovations in the manufacturing sector made the need for IT in manufacturing more necessary than ever.
Read on to find out what makes IT security so essential, from the shop floor and manufacturing processes to the supply chain and your end users.
Risk assessment gap: Why cybersecurity was (and still is) challenging for manufacturers
In short, old habits die hard. Before Stuxnet, security measures in manufacturing had yet to become a priority.
It’s not that manufacturers were cavalier with their trade secrets or sensitive information — in theory, cyberattacks posed less of a threat to manufacturing since controls, operational technology, and sensitive information were largely real-world and non-digital. Also, cyberattacks were believed to be solely about extorting and holding for ransom digital assets for money.
After Stuxnet however, manufacturing firms began to get the message. Fearing their machines and equipment would become the next target, many businesses began to update their IT protections. But change has been slow. Many businesses face daily challenges prohibiting them from making IT security an urgent priority and still have a long way to go.
Why are manufacturers slow to make cybersecurity a priority?
The daily challenges for manufacturers — replacing or updating aging equipment or facilities — will always be a top priority because they are obvious: a leaking roof, for example. Taking measures to protect your Industry Control Systems (ICS) with IT security and safety procedures can be seen as protections against a theoretical threat. It is usually easier to attend to immediate needs.
It’s not that businesses have incorrectly calibrated priorities, they are bound by operating margins that are often too thin to allow for additional and costly ventures. Especially when those ventures face the persistent dilemma of a perception gap: that real world mechanisms aren’t hackable.
But with rapidly evolving technology in the manufacturing sector, paired with the mercurial and shifting motives of hackers, IT security for manufacturers has become a very real and urgent priority.
Innovations in manufacturing and a new kind of cyberwar
By 2017, the ominous warnings of Stuxnet had materialized and grown into a monster. 2017 was the year that 34% of all cyberattacks targeted manufacturers. The businesses that had spent money and years of work to modernize their equipment discovered that once they got up to speed with digital manufacturing, there were a host of modern pitfalls waiting for them.
Years of growth in digital manufacturing resulted in fewer humans at the controls of manufacturing. Even industries like farming are becoming completely automated. Specifically in manufacturing, however, human controllers have been replaced with automated ICS.
While delivering many benefits, ICS have increased vulnerabilities on two levels:
- A variety of loopholes can be found in the connected devices of remote terminal units, programmable logic controllers, control interfaces, and Supervisory Control and Data Acquisition (SCADA) communication systems.
- The internet of things (IoT) for automation or remote-controlling of distribution, production, or handling systems run by software and internet-linked devices that run most ICS.
The manufacturing industry has seen a rise in sophisticated malware attacks specifically targeting weaknesses in ICS. With moves towards modernization, motivations for cyberattacks were now shifting toward manufacturers. Hackers began infecting them with ransomware, conducting industrial espionage and data theft of account numbers, patents and trade secrets.
These attacks are crippling because they are sophisticated and often undetected — at least not immediately. They allow hackers time to establish a foothold that provides free rein to wreak havoc over extended periods.
Unfortunate reminders accelerating the need for IT security
As if this wasn’t enough, 2017 would also deliver a new reminder to the urgency of cybersecurity — two actually. First in May: the WannaCry ransomware cryptoworm. Then in June, the payload of NotPetya’s family of encrypting ransomware was unleashed. Manufacturers from a variety of industries including automotive (Nissan and Renault), pharmaceuticals (Merck), even snack foods (Mondelez), and others were affected.
After these two cyberattacks randomly proliferated malware around the globe, many businesses had to switch their production controls to operate manually (if they had that capability). Businesses of every sector began hemorrhaging capital, finding they were unable to do business with anyone else. Seemingly unrelated businesses suddenly found themselves linked by a mutual inability to buy or sell anything.
Most importantly, these cyberattacks revealed that hackers are not just going after money. It was now conceivable that some nations had the capability and motivation to disrupt or destabilize a political campaign or the national security of their enemies. Manufacturing, along with a host of other industries, was simply swept up in the fallout.
These two cyberattacks, while not aimed directly at the manufacturing sector, would inspire an upswell of manufacturing IT services. Wannacry and NotPetya turned IT security for manufacturing into a basic security measure — one where many manufacturers are now finding a market edge.
Manufacturers get their market edge with IT Security
It is not often a business can kill two birds with one stone, let alone two giant birds: securing your company from cyber threats while enjoying the benefits of a market edge over your competitors.
Meanwhile, those who continue to ignore the importance of cybersecurity in manufacturing, will most likely secede influence in their market because of hacked:
- Patents or proprietary information stolen, deleted or sold to competitors
- Sensitive inter-company communications
- Processes and formulations developed to create a better product faster
- Sensitive supply chain information
- Distribution and product locations, which could be used for stealing products during shipment
The list goes on. Businesses cannot ignore the immediate needs posed by a leaking roof or broken CNC Mill. In the same way, your company cannot afford to ignore weaknesses in your industry control systems, software, or anywhere else a hacker may gain access to your private information.
The simple solution: CIT IT Services for manufacturing
With CIT, you can rest assured that your information is protected, from the controls on your shop floor to the financial and personal information of your end users. Whether you’re a small, mid size or large scale production, if you need IT protection for your business, please fill out our form and we’ll be in contact with you right away.