Manufacturers have an especially intriguing challenge when it comes to cyber security. Not only do they face the security threats many other types of businesses are confronting, but they also have to deal with the growing presence of the Internet of Things (IoT).
This concept of interconnected objects, including virtually any type of asset or finished product, means manufacturers need to be cognizant of the security issues involved. That includes the ability to hack into various systems and products.
Efforts are underway to prepare manufacturers for the IoT as well as the Industrial IoT (IIoT), or the use of IoT technologies in manufacturing, and other security challenges.
For example, in September 2016, the Industrial Internet Consortium (IIC), a global, public-private organization formed to accelerate adoption of the IIoT, published the Industrial Internet Security Framework (IISF). This is a common security framework that addresses security issues in IIoT systems.
The IISF emphasizes the importance of five IIoT characteristics that help determine trustworthiness of IIoT systems: safety, reliability, resilience, security and privacy. The IISF also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.
“IIoT security cannot be considered in isolation. It comprises a complex set of industrial processes and applications as well as significant safety and reliability requirements,” IIC said. For instance, although it’s desirable to implement predictive maintenance capabilities in high-value electric power generation equipment, doing so might open the door to new threats, the group said.
Adding security in this scenario can be challenging. But without it there could be serious consequences, because a successful attack could cause injury, loss of life, or long-term damage to the environment, IIC said.
Today, many industrial systems lack adequate security, noted Richard Soley, executive director of IIC. “The level of security found in the consumer Internet just won't do for the Industrial Internet,” he said. “In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years.”
The IISF delivers security from business, functional and implementation perspectives, IIC said. It helps managers within industrial organizations make informed decisions based on well-designed risk assessments. The IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks, with subdivisions for each.
Initiatives such as this will be needed. As consulting firm PwC pointed out in its Global State of Information Security Survey, “manufacturing stands on the threshold of profound change: The confluence of cloud computing, big data analytics, sensor-based technologies, 3D printing and robotics is beginning to transform the way products are developed, manufactured and sold.”
This interconnected ecosystem of data-driven technologies will bring enormous efficiencies but will also open new cyber security risks, the report said. Forward-thinking companies are taking steps to capitalize on the opportunities of the IoT while deploying innovative cyber security technologies and solutions, many of them cloud-enabled, to manage risks.
These companies are improving their security programs with technologies including cloud-based cyber security services, advanced authentication and big data analytics, PwC noted. The vast majority of organizations also have adopted risk-based cyber security frameworks such as the NIST Cybersecurity Framework or ISO 27001 to help guide their overall security practices.
Many manufacturers are already deploying inter-connected equipment and sensor-based devices across locations to more efficiently run plant systems and enhance operations and logistics, the report said. Most companies are developing strategies to secure these devices, equipment and data. About two-thirds of the PwC survey respondents in the industry either have an IoT security strategy in place or are implementing one.
In 2015, half of the companies said they use big data analytics to model for and identify cyber security threats. The benefits include better understanding of external and internal security threats, enhanced visibility into anomalous network behavior and an improved ability to identify and mitigate incidents.
The U.S. Department of Homeland Security (DHS) has noted how vital it is for manufacturing companies, particularly the critical manufacturing sector, to protect systems and data. A direct attack on or disruption of certain elements of the manufacturing industry “could disrupt essential functions at the national level and across multiple critical infrastructure sectors,” DHS said.
The sector includes primary metals manufacturing; machinery manufacturing; electrical equipment, appliance, and component manufacturing; and transportation equipment manufacturing. Products made by these industries are essential to many other critical infrastructure sectors, DHS said.
By deploying strong endpoint security measures and ensuring that sensitive data is well protected, manufacturers can protect themselves, their customers and the community in general.