Jonathan Wilkins, marketing director of obsolete industrial parts supplier, EU Automation discusses three cyber security pitfalls that industry should prepare for – the weaponisation of everyday devices, older attacks, such as Heartbleed and Shellshock and vulnerabilities in industrial control systems.
In 2016, IBM reported that manufacturing was the second most cyber-attacked industry. With new strains of ransomware and other vulnerabilities created every week, what should manufacturers look out for in new year?
‘Weaponisation’ of everyday devices
The advantages of accessing data from smart devices include condition monitoring, predictive analytics and predictive maintenance, all of which can save manufacturers money.
However, recent attacks proved that these connected devices can quickly become weapons, programmed to attack the heart of any business and shut down facilities. In a recent distributed denial of service (DDOS) attack, everyday devices were used to bring down some of the most visited websites in the world, including Twitter, Reddit and AirBNB.
Such incidents raise a clear alarm signal that manufacturers should run their production line on a separate, highly secure network. For manufacturers that use connected devices, cyber security is even more important, so they should conduct regular cyber security audits and ensure security protocols are in place and up-to-date.
Don’t forget the oldies
According to the 2016 Manufacturing Report, manufacturers are more susceptible to older attacks, such as Heartbleed and Shellshock. These are serious vulnerabilities found in the OpenSSL cryptographic that allows attackers to eavesdrop on communications and steal data directly from users.
Industrial computer systems generally aren’t updated or replaced as often as consumer technology, which means that some still have the original OpenSSL software installed. A fixed version of the programme has since been released, meaning that manufacturers can avoid this type of attack by simply updating their system.
Keeping industrial control
Manufacturers understand the need to protect their networks and corporate systems from attacks, but their industrial control systems also pose a risk. If an attacker deploys ransomware to lock down manufacturing computers, it could cause long periods of downtime, loss of production and scrap of products that are being made when the attack happens.
This is particularly true in the era of Industry 4.0, where devices are connected and processes are automated. One of the most effective means of safeguarding automated production systems is cell protection. This form of defence is especially effective against man-in-the-middle attacks, whereby the attacker has the ability to monitor, alter and inject messages in a communications system.
In its report, IBM also stated that cyber security awareness in the manufacturing industry is lower than other sectors. The truth is that any company can be the target of a cyber attack. The only way to avoid a cyber security breach is by planning ahead and preparing for the unexpected.