The manufacturing industry remains highly vulnerable to cyberattacks, and experts say it’s largely due to a lack of awareness and action.
A report by Accenture and the Ponemon Institute found that the average cost of cybercrime globally reached $11.7 million per organization in 2017, a 23% increase over $9.5 million the previous year. Accenture said the average company now suffers 130 breaches per year.
Manufacturers are frequently targeted because they have an abundance of data and relatively weak security. Sridhar Kota, Herrick Professor of Engineering at the University of Michigan-Ann Arbor, served as the assistant director for advanced manufacturing at the White House Office of Science and Technology Policy from 2009 to 2012, and said one of the biggest challenges is a lack of awareness.
“The bottom line is simple: businesses and government need to get together and think strategically about cyber defense.”
“Too few manufacturing firms in the United States acknowledge the need for action,” Kota said. “Cybersecurity needs to become a deeply ingrained part of every manufacturing company’s culture—embedded in management decisions, workforce training and investment calculations,” Kota said.
Manufacturers are at heightened risk for a number of reasons. The sector relies on a large number of parts and materials from diverse and changing sources with complex supply chains. Most manufacturing facilities also run around the clock and have mixes of modern, complex equipment operating with decades old machinery. The combination can make systems difficult to test in an efficient manner. Aside from traditional random malware attacks, cyber attacks on manufacturers can include efforts to steal intellectual property, corrupt data, disable networks and sabotage equipment.
A report by MForesight in cooperation with the Computing Community Consortium identified emerging cyber risks to manufacturers and practical solutions to address the problem. MForesight said many U.S. manufacturers do not recognize the growing dangers and that the complexities of the modern supply chain mean that “at least some attacks are inevitable.”
The report identified several opportunities to mitigate the risk. First, manufacturers need to collaborate with trusted third-party partners. They should also expand and coordinate manufacturing cybersecurity “boot camps” to boost awareness of best practices and train key manufacturing personnel to identify threats and attacks. They also can invest in cybersecurity R&D and look to things such as automated risk assessment tools, tools to audit the extent of the attacks, and data validation. They also recommended long-term research investments and information sharing with other industry partners. Finally, they recommend the industry look to federal agencies such as the Manufacturing USA institutes, and the departments of defense, energy and homeland security for protocols and tips.
“The bottom line is simple: businesses and government need to get together and think strategically about cyber defense…Cybersecurity is a serious challenge for the manufacturing sector. But—with foresight—it’s surmountable,” Kota said.