Manufacturing

Many Manufacturers Still Falling Short in Cybersecurity

Despite the constant news about the growing cyber threats in the manufacturing industry, many manufacturers are still falling short with cybersecurity planning and operating antiquated systems that leave them vulnerable to attack.

Rebecca Taylor, senior vice president of strategic partnerships at the National Center for Manufacturing Sciences, said in a presentation at the recent Automation Conference in Chicago that while 47 percent of manufacturers polled said no cybersecurity attacks have taken place, many companies keep attacks a secret or don’t even know they have been subjected to an attack.  Some of the most common vulnerabilities manufacturers have are unsecured IoT devices, unpatched operating systems, denial of service, malware, coin-mining, ransomware and spear phishing.

Taylor noted today’s ICS (industrial control system) environment is difficult to secure because they have traditionally been protected from cyberattacks by physical isolation, an approach that no longer works. Many manufacturers are trying to integrate new technologies while still running part of their ISC systems on antiquated systems like Windows 98 or Windows 2000. A survey by Deloitte also found that only half of companies segment or isolate their ICS networks from their standard networks, a growing problem when deployments of IoT devices are on the rise.

In 2017, an attack by the NotPetya virus forced Merck to halt production. A Honda facility in Japan was also forced to shut down production last year after the WannaCry virus infected the network. While nearly half of survey respondents to the NCMS survey said they had no breaches, 18 percent admitted to a removable media breach, 12 percent said they had an “other” breach and 9 percent said they had a denial of service attack.

“Even with a hardened target, no organization is ever fully immune to attacks.”

Taylor said in a whitepaper at the organization’s website that small manufactures are especially at risk as they often ignore the topic because of a lack of time and in-house resources. As a result, many who rely heavily on technology for production do not have a cyber protection plan in place to protect their critical assets.

Deloitte Risk and Financial Advisory principals Rene Waslo and Tyler Lewis said in a sponsored post on The Wall Street Journal that today’s connected technologies can increase the risks manufacturers face. While technologies like IoT, analytics, robotics, artificial intelligence and other advanced technologies can bring great benefits, the “elevated threats” can’t be ignored, said Waslo and Lewis.

Manufacturers must implement integrated cybersecurity plans that cover the three essential areas of digital supply networks, smart factories and connected devices. An integrated approach should build in security from the start and protect sensitive data throughout the lifecycle with strong encryption, AI and machine learning solutions to create robust and responsive threat intelligence.

As these connected technologies will only become more complex and integrated in the future, Waslo and Lewis noted there is no “simple patch or fix.” Manufacturers must continually reassess their business continuity, disaster recovery and response plans. “Even with a hardened target, no organization is ever fully immune to attacks. Cyber resiliency begins with accepting the fact that someday the organization could fall victim and then carefully crafting a plan for readiness, response, and recovery. Clearly defined roles, war-gaming exercise, and post-even analysis can all help,” said Waslo and Lewis.


Craig Guillot

Craig Guillot is a business writer based in New Orleans, La. His work has appeared in Wall Street Journal, Entrepreneur, CNNMoney.com and CNBC.com. You can read more about his work at www.craigdguillot.com.

Share
Published by
Craig Guillot

Recent Posts

CEO Of The Year: A Conversation With Eli Lilly’s Dave Ricks

Ricks isn’t just building the most valuable drug company in history—he’s trying to change what…

2 days ago

Royal Caribbean Chairman Richard Fain: Retaining Talent Is About Fit, Not Fitness

The difference between 'useless' and 'fantastic' isn't always performance—sometimes it comes down to chemistry.

2 days ago

Beyond Vision: Why Systems Design Is The CEO’s Core Responsibility

CEOs can create the invisible architecture that sustains purpose, drives enduring value and enables their…

2 days ago

Emerald Ocean CEO Jason Wingate: ‘The Market Doesn’t Reward Ideas’

The Ottawa-based firm powers international brands with a full-service model that turns strategy into shelf…

2 days ago

2026 Macro Briefing

Complimentary Webinar

3 days ago

Three Agreements For Becoming A Better Leader

These agreements make for more authentic, galvanizing leaders, the kind to which employees and marketplaces…

3 days ago