How the manufacturing industry can protect itself in a digital world

In the 1936 American comedy film Modern Times starring Charlie Chaplin, his onscreen persona Little Tramp struggles to stay afloat in a modernizing, industrial world. The scene in which he tries to keep up with the assembly line with his flailing arms as he screws nuts at an ever-increasing rate onto pieces of machinery, is one of the best-known in film and a cinematic hallmark of manufacturing.

Fast forward 80 years into the future with new-fangled technology at the core, we’re looking at Singapore, the gleaming manufacturing knowledge center of the region that contributes to about 20% of the nation’s GDP.

The impact of technology on all facets of the manufacturing sector – from the shop floor to distribution centers – translates to faster-moving ecosystems of customers and suppliers.

Industry 4.0’s next act

Data levels are rising. The pipelines are in place, and the valves are starting to open. Data generated across manufacturing value chains from smart products, customers and suppliers has grown dramatically in volume and variety.

The fourth industrial revolution is set to transform factories and no part of the modern manufacturing organization will remain untouched by this flood of data and digital-manufacturing techniques. In fact, research by the Boston Consulting Group showed that advanced manufacturing could boost labor productivity in Singapore by approximately 30% in five years.

Industry 4.0 ushers in the use of the Internet of Things (IoT) in manufacturing – as embodied by a smart factory. With robots and automated machines, smart factories are carrying out everything from geo-fencing systems for transportation and materials handling, to predictive maintenance – remotely. The interplay of sensors, data, and analytics is the catalyst for this revolution.

We’re realizing a factory where production is possible 24 hours a day without the need for a human operator.

The manufacturing industry: Where IT, OT, and IP intersect

However, moving to Industry 4.0 drastically alters the threat risk model of a manufacturing company.

According to a March 2019 report conducted by Ponemon Institute, 90% of organizations dependent upon OT (such as those in the manufacturing, pharmaceutical, and transportation industries) experienced at least one major cyberattack in the past two years.

The manufacturing industry is an interesting convergence of OT (the industrial network), IT (the enterprise network), and IP[1] (intellectual property). Most critical infrastructures, such as those responsible for the provision of energy or water, are a mix of OT and IT only, while some advanced research facilities, such as universities, only have IT and IP.

However, the manufacturing industry combines all three, thereby creating a unique set of challenges. More connected endpoints – in the form of machines and industrial IoT devices – mean more potential gateways for cybercriminals to gain access to networks and infrastructure systems. And since these networks are connected to machines and entire production lines, cyberattacks can be manifested in all-too-real, physical incidents.

For instance, operational disruption in a water facility could mean manipulated temperatures and supply of drinking water in an area. And power services to homes and businesses could be cut off by malicious actors.

There are several factors that render the manufacturing sector susceptible to cyberattacks.

  • For one, the industry is often running systems that are significantly outdated compared to those used in other industries. End-of-life systems are almost impossible to protect; the only way is through virtual patching – an agentless emergency security tool that enterprises can use to quickly remedy vulnerabilities on affected servers and endpoints.
  • Secondly, proprietary hardware and software are also copiously used, which can present a challenge when it comes to configuring security technologies.
  • Thirdly, the machines in the factories often use different protocols. This means the security technologies that are implemented will have to provide bespoke protocol support.

Implementing Industry 4.0 technologies securely – with foresight

Cybersecurity spend used to be an indicator of security standards. However, peace of mind doesn’t come with a set price tag.

Strong relationships need to be established between manufacturers across different sectors and government bodies for the sharing of information, intelligence, capacity building and research. Governing bodies can insist on the sharing of vulnerabilities by suppliers, creating a central response hub.

Adopting Industry 4.0 goes beyond just interconnecting IT and OT networks to build smart factories; it also means having shared responsibilities between IT administrators and OT engineers. These include: accounting for assets such as equipment, underlying platforms, and protocols or services in use; assessing them for their criticality in the overall operations; and applying the appropriate protection to each asset.

We have entered a new era of manufacturing for modern times, where it’s at least as hard for organizations to keep up as it was for Charlie Chaplin. Today’s modern times have brought unprecedented cybersecurity challenges. While it might pose challenges to design and implementation, it’s important to know that cybersecurity is part of the process of adapting to the changes in the world of manufacturing and protects the value created by the industry’s recent innovations.

[1] IP in the form of documents and design files introduces unique types of malware threats, as these two formats have macro and scripting capabilities that are being abused by malicious actors