Okay, I have your attention with a flashy title and blast from the past with hamburger icon, Clara Peller, but it is important to share that we need to “beef up” the rhetoric to stop the desensitization to cyber crime.
Businesses are dying. Heck, people are dying. Yes, people are dying because of ransomware and malware attacks that have disrupted supply chains and manufacturing. From the utilities industries that ensure fuel and electricity are available to keep life saving technology, medicine, and transportation flowing; to healthcare organizations providing critical care and support; to manufacturers whose production and components keep people alive and employed in industries throughout the globe.
We only have to look back weeks and months from the JBS and Colonial Pipeline ransomware attacks to the disruption of COVID-19 vaccine distribution that could have been delivered sooner to more people and thus, saving more lives. Cybersecurity is truly a life-or-death issue. And, for manufacturing and distribution it is only getting worse. It was just reported that JBS paid an $11M ransom in Bitcoin and it has been widely reported that Colonial Pipeline paid a ransom of $4.4M in Bitcoin ($2.3M was actually recovered).
Manufacturing entered a new era referred to as Industry 4.0 – the “digitization” of everything and the expansion of the Industrial Internet of Things (IIoT). Key to this digital expansion was the usage of the Internet Protocol version 6 (IPv6). When we narrow our view to the Energy manufacturing sector, we see extensive usage of Operational Technologies (OT) and Supervisory Control and Data Acquisition (SCADA) systems along with the aforementioned IIoT.
All connected devices, networked sensors and intelligent devices used in manufacturing make up the IIoT. This advanced level of connectivity is used to transform the traditional, linear manufacturing processes into dynamic, interconnected supply chains. IIoT allows manufacturing companies to be safer, more efficient, and more profitable. All these functions can be monitored via alerts through dynamic SCADA systems, which truncate everything happening on the manufacturing floor onto one device – allowing for more visibility and faster reaction times.
Downtime is detected via connected sensors and can automatically alert staff and most importantly, employees are kept safe. For example, an IIoT sensor on an oil rig can alert engineers when pressure is dangerously high. The engineers can evacuate or begin emergency protocols with advanced notice thanks to IIoT alerts.
But if they are hacked??? Safety becomes a life-or-death issue for all manufacturers. If an individual has their credit card information stolen, the identity thief has a limited amount of time before the bank sends a fraud alert and the card is frozen. The victim may be slightly inconvenienced, but for the most part the negative impacts are limited. On the other hand, if a major manufacturer or supplier is infiltrated, the negative impacts are exponentially greater. Hackers not only cripple pipelines or shut down meat facilities, but they also steal sensitive intellectual property data, steal company, employee, and client data; halt production; and endanger lives of employees and those who rely on their delivery of products and service.
All companies, even beyond manufacturing, need to take a step back and evaluate IT security tools and expertise to prevent the onslaught of malicious cyberattacks. While a proactive strategy with the proper AI tools and professional expertise may seem costly, the potential cyberattack risk is much greater and potentially deadly for a business and people. The time to argue over whether a proper, proactive cybersecurity investment is a necessary expense is over. No, you are not required to have certain tools and strategies, yet, but not properly weighing the risks and getting expert advice from outside of the C-suite or board room is now officially improper corporate hygiene.
For manufacturing, typical causes of breaches continue to range from lack of keeping application software updated against known threats to insider threats attacking privileged access management credentials to supply chains to lack of security on these industrial systems. Challenges also continue in the board rooms, where many members lack the full understanding of funding cybersecurity efforts and often leave the security teams with a lack of tools and staff. These industrial systems are at very high risk to hacking due to their inherent lack of security, yet they provide critical functionality to these environments.
Companies manage petabytes of data from many different sources. AI tools offer more monitoring control of sensitive data so that leadership knows what data is being taken in, where it is being stored, and who can retrieve it. Where SCADA system alerts the manufacturing floor, SIEMs and AI tools with a 24/7 Security Operations Center (SOC) can alert your IT staff or partner when a data breach is attempted and mitigate it in real time. In a world where the threat of cyberattacks continues to rise, SCADA, SIEM, and AI systems monitored by a live SOC work in concert to increase efficiency and protect sensitive information, not only for the sake of companies, but all the people they serve.
Properly managed security services designed for manufacturing tend to have three elements. The first part is a data collection and monitoring layer that feeds real-time information used for threat detection and remediation into the second part, a Security Operations Center, usually referred to as a SOC. SOC analysts monitor systems and specialist operators with infosec and ICS / SCADA expertise evaluate the flow of data, generate alerts, and potentially respond to attacks. The last part is the ongoing service to proactively look for weaknesses within systems and to monitor threat intelligence feeds for new vulnerabilities and exploits that impact the specific client assets.
River Run has been serving manufacturing companies for over 28 years and combines those three elements and much more into our R-Security offering that is tailored for each manufacturer based on industry and individual needs. There are a lot of small, pop-up providers hawking tools and services claiming to be IT experts in manufacturing with little to no experience other than a flashy website and nice marketing materials. Find a provider that truly understands manufacturing with decades of IT experience keeping manufacturers up and running. Nobody likes a sales pitch for a big burger that ends up containing a wimpy patty. It is a matter of survival.
Share this article