Cyber Security in the Manufacturing Sector
Emerging trends in technology have brought significant innovation in products, manufacturing processes and industrial ecosystem relationships.
Manufacturers are in the middle of one of the most exciting technological upheavals of recent years, in what has become known as the fourth industrial revolution, or Industry 4.0. Manufacturing is the key industry behind innovations such as the Internet of Things (IoT), robotics, sensor technology, automation and smart products.
The complex environments for manufacturers vary from on-premises network to mobile, cloud-based or hybrid infrastructure. However, this accelerating pace of change in manufacturing industry can have a huge impact on the complexity of cyber security risks associated with business processes.
Top Cyber Threats in Manufacturing Sector:
According to Kaspersky, manufacturing companies were the most vulnerable to cyber attacks in the first half of 2017. The majority of these manufacturing companies produced materials, equipment and goods.
The Department for Digital, Culture, Media & Sport (DCMS) listed in its study that the average cost per cyber attack on UK companies was £1,570 for all companies and £19,600 for larger organisations. The top cyber threats facing manufacturing industry are as follows:
- Theft of intellectual property
- Phishing, pharming and other related variants
- Increasing sophistication and proliferation of threats
- Security breaches involving third parties
- Social engineering
- Employee errors and omissions
- External financial fraud involving information systems
- Employee abuse of IT systems and information
- Mobile devices (e.g., smartphones, tablets)
- Attacks exploiting mobile network vulnerabilities
Security in Manufacturing Sector:
Manufacturing is a large and diverse sector. The five business objectives for manufacturing sector developed by the National Institute of Standards and Technology (NIST) for identifying and managing cyber security risks can be identified as Maintaining Human Safety, Maintaining Environmental Safety, Maintaining Quality of Product, Maintaining Production Goals, and Maintaining Trade Secrets.
In the face of ever increasing cyber security issues, manufacturing firms must respond to threats and vulnerabilities to stay operational and protect information from unauthorized access. The manufacturing companies can take following measures to improve their security:
- Increasing the cyber security awareness in top leadership and among workforce
- Performing a risk assessment on enterprise, connected products and networks to identify the possible vulnerabilities and how they could be exploited to launch cyber attacks
- Sharing the results of risk assessment with leadership and recommending strategies to secure critical assets for reducing the impact of possible attacks
- Evaluating business investments in manufacturing technologies such as IoT and connected products to determine if appropriate cyber security measures are being taken
- Protecting the data as it resides in the organization and evaluating its changing risk profile
- Assessing the risks arising from industrial ecosystem relationships and third parties
- Employing monitoring mechanisms that can be effectively deployed and used to monitor cyber security capabilities
- Preparing for cyber threats by simulating possible attacks and focusing on incident preparedness
- Responding and taking counter measures to restore the system to its working condition if a security breach occurs
Author: Muhammad Kazim, University of Derby
Muhammad Kazim is a doctoral candidate in Cyber Security at the University of Derby. His research interests include cloud security, networks security and distributed systems.