What happens to a manufacturing business when its production operations suddenly grind to a halt? And what are the consequences of being unable to satisfy market demand? In today’s business environment of increased automation, connectivity and globalization, even the most powerful organizations in the world are vulnerable to debilitating cyber-threats. Also, as production spreads across the globe, regional and national politics are becoming an increasingly important factor in corporate and manufacturing policies.
Many existing manufacturing systems were developed at a time when security was much less of an issue. Also, the focus of manufacturing technology has traditionally been on performance and safety, not security. This has led to major security gaps in production systems. In addition, the growing complexity of these systems has resulted in large and elaborate network infrastructures that are extremely specialized. And in many cases the systems
are being operated and managed by manufacturing specialists rather than the IT function. Combined with the integration of IT and operations, these trends have created a system environment with a large attack surface that is very difficult to manage and secure.
Types of cyber-attacks in manufacturing vary widely. Traditional attacks involve hackers gaining unauthorized access to sensitive systems and data. Phishing facilitates the process by tricking executives and their staffs into revealing login credentials and other private information, giving attackers front-door access to the organization’s systems.
Advanced malware is another type of attack that is increasingly common in manufacturing – and increasingly disruptive. In an era of ubiquitous connectivity when more and more industrial systems are connected to the internet, this malicious software infiltrates weak systems and hardware (often legacy manufacturing systems) and then spreads itself to other systems, leaving behind a trail of destruction and disruption.
Internal threats, although often less technically sophisticated, can be just as damaging. In manufacturing, there are countless incidents of malicious insiders stealing a company’s intellectual property or other confidential information for personal profit or revenge. These internal attacks can be committed by current and former employees and contractors at any level of the organization – even the executive level.
The results of any of these attacks can be severe, ranging from loss of valuable ideas and market advantage to financial and reputational damage –particularly in cases where sensitive customer data is compromised.