The interconnectivity of the Industrial Internet of Things (IIoT) is formidable. So many components seamlessly working together produce a bounty of positive outcomes for a company. Making better business decisions, uncovering inefficiencies and being proactive in mitigating risk are just a few of the benefits it brings. However, like all developments in technology, the good comes with the bad. In this case, endpoints are becoming gateways for breaches. And as the IIoT really cranks it up a notch, these attacks are on the rise.
Manufacturers’ Monthly reports that Australia currently has the fifth highest level of cyber attacks in the world. And these attacks are set to increase and become 'more sophisticated and harder to combat due to faster internet speeds, more interconnectedness and the proliferation of code.’
While manufacturing has not seen an attack on the same scale as 2016’s DDoS Dyn attacks, the threat is still dire. An attack doesn’t just necessarily equate to stolen data. In the wrong hands, affected systems could be very dangerous. As the Financial Times illuminates:
‘In industries such as oil and gas, for example, the ability to monitor and alter well pressure, temperature and flow extraction rates remotely offers opportunities to streamline operations and maximise production and profitability. But these networked systems also create areas of vulnerability. At the end of last year, Germany’s Federal Office for Information Security revealed that hackers had managed to access the control systems at an unnamed steel mill in the country, preventing a blast furnace from shutting down properly and causing “massive” — though unspecified — damage.’
Manufacturers manage a number of unpredictable and hazardous components. When the systems fall down, (such as was the case in the devastating Brisbane 2011 floods) it’s not just profits that are lost, people can (and have), lost their lives. It’s a big remit to manage risk, but when a cyber attack could mean that unknown parties have the power to control pipelines, or your release valves, then real damage could occur.
However, the news isn’t all doom and gloom. Mature cybersecurity protocol is about being vigilant, cautious and collaborative with other departments within your organisation and within the wider industry. Here are some best practices you can undertake to reduce the threat of attack.
Create an internal cybersecurity framework
The Harvard Business Review (HBR) recommends that the most significant action you can take is to create a rigorous internal guideline for cybersecurity. Contrary to popular belief, the majority of breaches occur because of faulty internal practices. HBR says that one of the most common ways that systems are threatened are with infected USBs. They state, ‘the best way to get into an unprepared company is to sprinkle infected USB sticks with the company’s logo around the car park.’
It seems unbelievable that your company’s assets could be compromised with such an action, yet the numbers support it. A report commissioned by Intel discovered that ‘internal actors were responsible for 43% of data loss, half of which is intentional, half accidental.’ Therefore, organisations cannot take for granted that their employees are adhering to best practices. It is imperative that the senior team of an organisation work together to create a comprehensive cybersecurity plan. The plan should include:
Education for staff and management
Whether it’s a guidebook or training, your entire organisation should be made aware of the common scams that allow hackers entry, such as phishing, scam phone calls and emails. HBR recommends hiring an external cybersecurity team to test your staff.
A best practice checklist
This education should cullminate in best practice literature. It should be a rolling document and its purpose should be to continually make staff aware of new developments in cybersecurity, as well as making your staff responsible for their actions. If they are clear in what safe and appropriate practices are (and are held to account for those practices) then they will be much more open to potential threats
Screening processes for potential employees
HBR suggests that manufacturing companies should make criminal background checks a priority when looking to employee a potential candidate. They also suggest subtly putting in questions that ascertain a candidate’s ‘moral compass’ and thoroughly check for gaps, or inconsistencies in their resumes. It’s also good to check a candidate’s knowledge of cybersecurity practices.
A thorough subcontractor screening process
Security Affairs describes subcontractors as the weakest link in the security chain, and claims that the manufacturing industry is particularly susceptible to this form of attack. Interestingly the report states that while these businesses are stringent with internal security practices, they don’t hold their subcontractors to the same rigorous standards. When hiring a contractor, it is crucial that have a demonstrable culture and commitment to security practices. This needs to be supplemented by regular auditing.
Be proactive and collaborate
Work with others in the manufacturing industry and the wider tech space to come up with solutions to the proliferation of cybersecurity attacks. We are all against threats that can wield untold power, so it’s in our interests to work together to make the sure that the hackers aren’t winning the war. Given how exciting the potential of IoT technology could be, we want to make sure that we are deriving value from it, and the best way to do that is to be curious proactive and collaborative.
If you would like to know more about how you can make the most of the Internet of Things, you need to check out or guide to Driving operational efficiencies through real-time data.