Cybersecurity in manufacturing companies and supply chains
For any business, cybersecurity is important. But for manufacturers — and their supply chains — the dangers are greater than most. The theft of valuable intellectual property such as designs and customer lists, disrupted factory floor equipment and supply chains, fraud, downtime, ransomware: the risks, and costs, are obvious.
So, what can manufacturers do to minimise these risks? How can they avoid losing valuable intellectual property through weak links in their supply chains? What represents best security practice in the coming era of Industry 4.0 and the Internet of Things? Talking to experts and those close to the issues, we investigate.
Andrew Borland, commercialisation manager at the Virtual Engineering Centre, one of the partners in the Industry 4.0 business support programme, LCR 4.0, comments:
In the age of the connected factory and supply chain, the topic of industrial cyber security has rightly received a lot of press. These cyber security challenges are nothing new, but are the culmination of security problems that the industry has been tackling for decades. In the 1990s, the concern was that software viruses could wipe out accounting software and cripple payroll systems. Then in the 2000s, the threat of industrial cyber-espionage meant R&D data, product designs and plans could be stolen from servers by unscrupulous competitors. More recently the focus has moved to the risk of ransomware and the internet of things (IoT).
A government report delivered in April 2017 highlighted that 46% of manufacturing businesses surveyed had identified at least one cyber security breach in the last 12 months. Of these incidents, 72% stemmed from traditional fraudulent emails rather than direct attacks against industrial control systems or IoT devices which are much harder to achieve and by their nature more targeted.
In the Liverpool City Region, the LCR 4.0 programme provides guidance on cybersecurity as one of nine core pillars of Industry 4.0 (4IR). While promoting and supporting the adoption of 4IR technologies amongst our SME clients, security has proven to be a key concern. No system will ever be completely secure but vulnerabilities can be minimised through proper consideration of cybersecurity led from board level down to shop floor operators.
Businesses should consider:
- At board level, proper delegation of responsibility for cybersecurity to a qualified person and a suitable risk assessment are essential. Revising disaster recovery and business continuity plans accordingly may help reduce insurance premiums and reassure big customers.
- At the operational level, checking network devices are secured, monitored and regularly patched goes a long way to preventing successful remote incursions. Consulting with staff and establishing proper user privileges (who can do what and from where) paired with a programme of workforce education and awareness raising of cyber security also goes a long way to minimising risk.
- At the technical level, ensuring bugs in software are kept to a minimum and exploits are patched as soon as they are discovered will become par for the course. Perhaps most challenging of all will be the process of integrating legacy systems into the brave new world in a way that does not make one system accessible at the cost of compromising another’s security.
As more industrial devices join the IoT and greater volumes of manufacturing data, control software and sensitive intellectual property becomes cloud hosted it will be imperative that manufacturing SMEs become more tech-savvy.
There is plenty of information and support available in the Liverpool City Region through the LCR 4.0 programme. As well as the hands–on support from LCR 4.0, the National Cybersecurity Centre also offers some excellent resources.