Whether it’s production lines halted by a malware attack causing millions of lost revenue, or a cyber-espionage attempt that stealthily infiltrates your network and steals your trade secrets, countless plausible scenarios threaten cybersecurity in manufacturing in the modern hyperconnected, digital age.
Arguably, security defenses and awareness still lag behind the pace of digital transformation in manufacturing, where informational and operational technology environments increasingly converge. This article outlines some of the latest cyber risks in manufacturing and provides some tips for strengthening security in the manufacturing sector.
Downtime is enemy number one for manufacturers, and cyberattacks are an increasingly prevalent source of potential disruptions. However, cyber risks aren’t just limited to attacks and threats that may halt your operations—there are also safety hazards to think about, reputations and trusted partnerships to preserve, and sensitive data to protect. Here are four prevalent sources of cyber risks in manufacturing.
The web of interdependence that defines digital manufacturing environments extends beyond your plant’s four walls and reaches the wider world through your supply chain. Digitally transformed and hyperconnected supply chains have undeniably improved efficiency, but they’ve also introduced a heightened set of cybersecurity risks that you need to manage and mitigate.
Supply chain cybersecurity risks stem from the chain being only as strong as its weakest link. If one of your suppliers has lax cybersecurity protocols, it can become an entry point for threat actors aiming to compromise your systems. Nefarious actors intuitively understand this point, and they regularly deploy supply chain attacks as an effective tactic that exploits a lack of insight and visibility into supply chain security risks.
A recent example saw Canadian manufacturer Bombardier Recreational Products (BRP) hit by a ransomware attack in August 2022. The company, which makes skimobiles, ATVs and other vehicles, had to temporarily halt production as a result of the incident. Subsequent investigations found the primary cause to be ransomware intrusion via a third-party service provider.
A couple of months prior to the BRP incident, automotive hose maker Nichirin got hit by a ransomware attack that resulted in delays to customer orders. This incident exemplified the downstream effects that supply chain security compromises can have when vendors of essential parts suffer production halts as a result of security breaches.
For any manufacturer, intellectual property (IP) in the form of trade secrets, proprietary processes and unique designs are perhaps the most valuable assets in their possession. It’s this IP that gives you a competitive edge in the market, fuels innovation, lands new contracts and drives your organization forward.
Cybercriminals are well aware of the value of data, particularly IP, which is why many attacks aim to steal your most prized data assets. Even attacks like ransomware, which traditionally just locked systems down, have morphed to include data theft as a bargaining chip for extorting the maximum sum from companies.
Additionally, in an era of global competition, state-sponsored actors have also been known to engage in cyber espionage to steal manufacturing IP, seeking to give their home industries an unfair advantage. The consequences of IP theft can be devastating, including lost revenue, eroded competitive advantage and even damage to your brand’s reputation.
Despite the high-profile disbandment of several prolific ransomware gangs within the last 18 months, these attacks continue to pose threats across every sector. In fact, ransomware attacks seem to be getting worse in manufacturing. In 2022, ransomware attacks on manufacturers spiked by 50 percent, according to one report.
The sector’s disdain for downtime and the prevalence of valuable data make manufacturing companies particularly appetizing targets for money-hungry threat actors. The most common vectors for ransomware to enter networks include social engineering, the use of stolen credentials, vulnerability exploits and malicious online ads.
Industrial Internet of Things (IIoT) includes internet-connected devices like sensors and actuators that open up a world of possibilities to manufacturers by enabling unprecedented levels of automation, data collection and process optimization. This increased connectivity also comes with cybersecurity risks, which makes IIoT somewhat of a double-edged sword for the manufacturing sector.
In particular, if not adequately secured, each sensor, actuator or industrial controller can be exploited and used as a gateway into your network. Once inside, attackers can move laterally across your systems, disrupting operations or stealing sensitive data. Many IIoT devices have been designed with functionality, rather than security, in mind.
These devices may lack fundamental security features like strong encryption or the ability to be patched, which makes them inherently vulnerable from a security standpoint. Moreover, their firmware might contain hardcoded credentials or insecure configurations that further open the door to potential exploitation.
Finally, because IIoT devices often interact with the physical world—controlling machinery, monitoring processes and managing utilities—they pose unique risks if compromised. A successful attack could lead to data loss or downtime and physical damage or safety incidents.
When the U.S. Department of Defense (DoD) launches a model outlining best-practice cybersecurity expected of contractors and subcontractors of the Defense Industrial Base (DIB), it’s worth noting. This is precisely what the recent Cybersecurity Maturity Model Certification (CMMC) program does. Compliance with the CMMC model assures the DoD that its partners enforce the protection of sensitive unclassified information in alignment with cybersecurity requirements based on NIST standards.
The CMMC model has three tiers corresponding to progressively advanced, more stringent security requirements (Foundational, Advanced and Expert). Compliance with the Expert level requires you to implement over 110 security practices and conduct a government-led assessment every three years. The Foundational level requires 15 practices and an annual self-assessment.
If your company is ever going to do business with the DoD, then meeting at least one of the CMMC compliance levels will be essential for landing contracts. But there’s also a strong argument for all manufacturers to use CMMC as a benchmark to evaluate their own cybersecurity practices. Regardless of whether you’ll ever try to land DoD contracts, CMMC compliance demonstrates you take security seriously and helps to protect your most prized, confidential data, like recipes, trade secrets and other IP.
Remember, each step you take in strengthening your cybersecurity posture is a stride toward a safer, more resilient manufacturing environment. While the challenges in securing connected IT and OT environments are significant, they are not insurmountable.