The digital age has ushered in a paradigm shift in manufacturing. Automation, in conjunction with the Industrial Internet of Things (IIot), has linked every aspect of production processes. Everything is on the network. This level of connectivity is revolutionizing how manufacturers do business by improving efficiency, quality and responsiveness across the board. There is, however, a price to pay for the benefits digitization has to offer: security. A study commissioned jointly by the Engineering Employer’s Federation (EEF) of Great Britain and insurance giant AIG has found that modern manufacturers are alarmingly vulnerable to cyberattack.
Connectivity at the expense of security
As the IIoT spreads across the global manufacturing sector, it follows that businesses are exposing themselves to cyber-threats at every level. That comes with total network integration. Hackers that gain access to an IIoT-equipped company’s network can do more than steal information—they can disrupt physical processes. The EEF report indicates that manufacturing companies are collectively unprepared to address their own cybersecurity needs. Nearly half of all manufacturers surveyed in the study indicated that they don’t have the necessary processes in place to even evaluate their risk of a cyber breach, much less address it.
This is a matter of significant public concern. First, government projects and infrastructure depend on private-sector manufacturers to deliver key equipment and material on time. Next, companies that fall victim to a data breach can find themselves in a seriously compromised position, negatively impacting organizations throughout their supply chain. In addition, the increased risk of cybercrime associated with the further digitization of manufacturing processes often deters businesses from making these modernizing investments. The technological progress this thought process prevents could prove costly to society.
A new class of cyber-attack
One type of cyberthreat, however, is completely unique to modern manufacturing—and uniquely terrifying. Highly connected manufacturers that have implemented the IIoT into their production processes are at risk of having their operations physically manipulated by cybercriminals. This opens the door to more than theft of intellectual property or network shutdowns—it raises the possibility of physical damage.
There is precedent for this type of hacking. In August last year, a Saudi Arabian petrochemical plant was exposed to malware that was intended to compromise the factory’s safety systems. If successful, the program would have removed the governors that prevented improper machine usage. Investigators speculate that the intended result could have been a horrific chemical explosion. Another instance of production facilities being targeted came a few years ago, when in 2014 a German steel mill’s office computer network was breached. In an example of the connectedness of modern manufacturing companies, the steel mill’s blast furnace was controllable from the office network. The hackers overrode the shut-off mechanism, ran the furnace non-stop and incorrectly, and caused tremendous physical damage to the factory floor.
A problem for businesses, people, and society
In 2018, manufacturers can’t afford to assume they’ll be left alone in favor of juicier targets in technology or finance. Even without regard to the inevitable impact to individual companies’ bottom line, it should be noted that we are talking about threats to public welfare. The economic ramifications of a failure to guard against both traditional network threats and newer, operational attacks could sink entire supply chains. It’s no stretch to say that in 2018, if IT systems are at risk, the people in the vicinity of the associated production facilities are at risk. It’s clear by now that the rewards for businesses that embrace digitization in manufacturing can be great. What’s becoming increasingly apparent, however, is that the responsibilities could be even greater.
To learn more about how the IIoT is changing the demands of cybersecurity, read The IIoT in a Nutshell.