As cyberattacks become more regular, hackers and bad actors are affecting more industries than ever before. While the high profile attacks targeting IT networks, financial and healthcare systems, and government administrations are the most well-known, more recent attacks like the "WannaCry" virus and "Petya (Expetr)" have profoundly impacted the industrial and manufacturing fields. Both WannaCry and Petya are referred to as "ransomware". Ransomware infects a computer and holds the information hostage from the user by blocking access until a ransom is paid.[i]
This growing threat of espionage and cyber-terrorism is designed to steal intellectual property and cripple our nation's infrastructure, which has very significant implications for manufacturing. As information-heavy IT companies now staff entire departments with the job of protecting themselves from cyberattacks, industrial and manufacturing firms have become more vulnerable. Couple this with a hackers' motivation growing beyond simple monetary gain, into a desire to sow chaos and disruption, and you have ever-increasing dangers for the security of our nation's infrastructure.[ii]
While there have been no major attacks on the industrial or manufacturing fields in the U.S., as of yet, it should be noted that more than fifty percent of the organizations targeted with Petya ransomware, which wiped out computers throughout the Ukraine and other parts of Europe, were industrial companies. U.S companies must be proactive to prevent being shut down by ransomware like the Honda plant in Japan recently, which was forced to stop production due to the "WannaCry" virus.[ii]
Complicating the risk has been the manufacturing field's skepticism to cyberattacks as a bona fide risk. The first step towards protecting our industry is increasing "awareness, collaboration with trusted third-party partners, and cybersecurity research and development.[ii]" Instead of viewing this risk as an IT department problem, there is a push to shift the focus to business risk management. This paradigm change can help ensure that you are protecting your company's most valuable assets.[iii]
Halting production due to a cyberattack can have devastating consequences. While you need to protect customer information, a cyberattack can also delay or completely render your production offline. Ransomware specifically blocks access to a computer system until a ransom is paid[iii], preventing you from delivering on time, or even altering your product without your knowledge.
Since the threat of cyberattacks is ever increasing, research and development is essential to protecting the complex systems in an even more complex supply chain. Ideally companies should be able to monitor correct assembly, utilize shop floor data, analyze user and employee behavior for discrepancies, monitor changes in communication, and tech solutions with the ability for digital signatures like blockchain.[iv] Technology such as servers and CNC machines need to be backed up consistently to help mitigate any loss.
For more detailed reading and information on how to start thinking about ways to protect your company from Cyberattacks, you can download a copy of Homeland Security's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-depth Strategies.
[i] Greenfield, David. Will WannaCry Be Industry’s Cybersecurity Wake-Up Call?
[ii] Cavallaro, Frank. Cyberattacks on American Factories Are Real
[iii] Didier, Dan. 3 Surefire Ways To Protect Your Organization From A Cyberattack
[iv] Davis, James. CYBERSECURITY FOR MANUFACTURERS: SECURING THE DIGITIZED AND CONNECTED FACTORY. Alliance for Manufacturing Foresight, Edited by Thomas Mahoney.