As factories become smarter, how can we keep them safe?

Singapore might not be the biggest manufacturing hub in Southeast Asia, but it is one of the largest industries in Singapore, accounting for 18.6% of the nation’s gross domestic product (GDP) in 2023.

To transform the manufacturing sector, the government has charted a strategic 10-year roadmap under the Singapore Economy 2030 vision, targeting a 50% increase in its value-add from 2020 to 2030. This initiative aims to make the manufacturing sector smarter, greener, and more connected, attracting investments to bolster Singapore’s manufacturing landscape.

The nation’s robust support for the manufacturing sector, coupled with its strong talent pool, has drawn the attention of major global players. Over the past year, several industry giants have either established or announced plans to expand their manufacturing footprint in the country. Among them are Dyson, Hyundai, and Volvo.

- Advertisement -

Secure industrial systems underpin Singapore’s advanced manufacturing hub ambitions

In line with Singapore’s Economy 2030 strategy, the manufacturing sector is becoming more advanced with the use of Industry 4.0 technologies. However, amidst this transformative journey lies a pressing concern: the sophistication of technology also gives rise to higher risk. As factories get smarter, their vulnerability to cyberattacks grows too.

Manufacturing facilities rely heavily on interconnected systems, which may inadvertently expand their threat surface and susceptibility to cyberattacks. For example, IoT devices and sensors in industrial equipment, while useful in helping workers monitor and track progress across a distributed factory floor, are typically not built with security in mind and can be an entry point to a cyberattack.

This renders manufacturing a prime target for cyberattacks, impacting not only the victim organisation but also its broader ecosystem. Cyberattacks on manufacturing companies can inflict lasting damage on an organisation’s reputation and erode customer trust, resulting in financial losses. According to a recent survey by LogRhythm, 36% of manufacturing companies globally have lost a deal as a result of a customer’s loss of confidence in their cybersecurity strategy. Of the deals lost, 82% occurred in the last 18 months.

This emphasises the foundational role of cybersecurity in driving Singapore’s advanced manufacturing ambitions, as a key sector in the country’s longer-term economic growth.

Industrial systems are prime targets for cyberattacks  

Attacks on industrial systems pose significant threats to operations as they are the backbone of some of society’s most critical services such as water, power, oil, and gas.

Ransomware ranks as one of the most prevalent forms of attacks targeting industrial systems. This malware is designed to infiltrate and encrypt the data of systems with the intent of disrupting normal operations by temporarily denying access to critical information until a ransom is paid.

Last September, Johnson Controls, a multinational conglomerate specialising in the development and manufacturing of industrial equipment and control systems, experienced the aftermath of such an attack, followed by a data breach. This forced the firm to shut down its IT infrastructure, affecting customer-facing systems. The incident incurred a total cost of SG$36 million for the company to respond and recover from the attack.

Another common method targeting the disruption of industrial systems’ operations is distributed denial-of-service (DDoS) attacks. These tactics consist of malicious attempts to overwhelm and disrupt system functions such as when one or multiple sources simultaneously launch assaults against the system.

Finally, there are phishing and social engineering tactics. In these cases, cybercriminals employ deceptive methods to gain unauthorised access to sensitive information from employees. Typically delivered through fraudulent emails or malicious links, these tactics allow malware to infiltrate the organisation’s IT systems, potentially leading to the theft of valuable data.

Key factors strengthening the security of industrial facilities against cyberattacks

The security of industrial facilities hinges on the organisation’s overall cybersecurity resilience, which is built upon three primary pillars: people, processes, and technology.

Employees serve as a primary line of defence in protecting critical systems. Cybersecurity awareness and training programs that equip employees with basic cyber hygiene practices can go a long way in minimising the risks of cyberattacks through human error. Employees should know how to spot a phishing email and when to report and escalate issues to security operations teams. By fostering a collective culture of cybersecurity awareness, employees are empowered to become active participants in maintaining a secure environment.

In terms of internal processes, the implementation of a zero-trust approach to security architecture is paramount. This approach ensures that only authorised users gain access to sensitive resources with stringent control and verification of access to data and systems, regardless of location or device. Hence, organisations minimise the risk of unauthorised access, thereby reducing the potential impact of data breaches.

When considering technology, a comprehensive cybersecurity strategy is essential. Organisations can take the first step by implementing solutions designed to collect, analyse, and manage log data across the organisation’s environments for real-time security monitoring. This helps teams streamline the visibility of log data across environments, automate security workflows, and detect and respond to potential cyberthreats early. With the evolving threat landscape, AI-elevated security operations are also set to complement and ease the load on security teams by driving down the mean time to detect and respond.

Additionally, organisations can incorporate incident response and recovery planning into their strategy. By enabling organisations to swiftly respond to security incidents, these established protocols effectively detect and contain the impact of cyberattacks, minimising overall downtime and damage inflicted by cyberthreats.

Securing Singapore’s technological future

In Singapore’s ambitious drive towards advanced manufacturing, alongside the global upsurge in industrial attacks, prioritising robust cybersecurity measures becomes essential for safeguarding critical infrastructure and is now key for the nation’s growth. This underscores the crucial role of cybersecurity in sustaining Singapore’s competitive edge as a reliable regional hub for technological excellence.