Source: Edreformnow.org
Have you ever told your team,"Upgrading our equipment is too expensive and likely to cause downtime. Let's just keep it running." Ultimately,you made a risk decision. While cyber security hasn't been a critical risk factor until recently,it has quickly emerged as one of today's biggest risks.
Manufacturing risk management often comes down to a cost and safety discussion. These costs include downtime, IP theft, counterfeiting, brand damage, personal injury, andloss of life. Furthermore, significant security attack costs must be reported on your company's SEC filings.
"Manufacturers are increasingly being targeted not just by traditional malicious actors such as hackers and cyber-criminals, but by competing companies and nations engaged in corporate espionage. Motivations range from money and revenge to competitive advantage and strategic disruption." -Deloitte
Limited security and dated systems unnecessarily expose plant operations to uncontrolled failures, including complete process "crashes." As cyber-induced crashes become more sophisticated, they are more commonly placing the workforce at personal risk. In 2014, a German plant sustained massive damage when its blast furnace was hacked. Fortunately no injuries were reported, but the plant incurred damages in the tens of millions of dollars.
As part of corporate risk management, more and more manufacturers are adding cyber attack coverage to their overall insurance portfolio. Unfortunately, insurance policies are a reactive approach and represent the cost of doing nothing. Manufacturers need to adopt a balanced approach that includes not only insurance butproactivemeasures that reduce or eliminate plant floor attack vectors.
You can't lock down your factory and limit access because you won't be competitive in a connected world. So what's the best approach?
Here are a few steps to protect your company while embracing IoT, external connectivity, and machines as a service:
To go even further, the National Institute of Standards and Technology (NIST) has created a draft Manufacturing profile for cyber security. The NIST profile details an approach toidentify, protect, detect, respond, and recover.
Additionally our whitepaper,Holistic Security for the Factory of Tomorrow, addresses these topics in more depth from both the business and technology perspective.
If you would like to continue the conversation about security for your manufacturing plant, please send me a note at [email protected]. I welcome the opportunity to learn more about your goals and objectives and see how we can help. I would like to thank my colleagues Steve Marchewitz, Pat Mitchell, and Greg McCarthy for their insights and guidance in creating this blog.
For more information on factory security: