How manufacturers can improve cybersecurity

 

The digitalization revolution is integrating production with business processes and introducing artificial intelligence (AI), cloud computing and augmented reality (AR) into the workplace. With real-time data collected across the business and supply chain, businesses can better understand their operations and analyze and improve performance and maintenance. This greater connectivity, however, opens manufacturing and engineering businesses up to novel threats when it comes to cybersecurity.

Manufacturers and engineers are more vulnerable to malware, denial of service, device hacking and exploitation. This could result in the loss of intellectual data, a damaging amount of downtime, product sabotage and even threats to health & safety if equipment is hacked and control lost.

These threats have increased with Industry 4.0. With the new emphasis on the transparent flow of data, factory floors and equipment can no longer work in isolation, cut off from the main network. The fact that everything is linked, and more people and systems have access to the network, is opening up multiple gateways to cyber criminals. Mobile devices are also becoming more common, which can be difficult to protect and keep on top of security updates.

Digital transformations are often done piecemeal, meaning old systems exist alongside the new with varying levels of security and vulnerability. Combined with the slow installation of upgrades or patches across a network, this creates another challenge for businesses – and another opportunity for criminals.

How manufacturers can improve cybersecurity

The manufacturing and engineering sectors need to adopt a holistic approach which integrates cyber security into every aspect of their business, creating a culture of security.

Key considerations when thinking about cyber security for Industry 4.0 include:

• How you can ensure the integrity of your systems and information
• The protection of sensitive information throughout the data life cycle
• The recovery process of critical systems and how to minimize the effects of an incident.

To start, manufacturers must first assess their risk.

To protect a smart network from cyber criminals it is first necessary to identify possible risks and their likelihood of occurring.

A comprehensive risk assessment should be carried out which must consider the organization, its suppliers and its technology. Assess how secure the industrial control systems are (ICS), how and where sensitive data is stored, the vulnerabilities of the supply chain and who has access to the system. Also look carefully at what systems control or are linked to physical processes and what may happen if they get disrupted.

Once the risks are known it is possible to begin to develop ways to mitigate or remove these risks.

Hardening systems reduce cybersecurity threats

Hardening systems can help reduce the risk of cyber threats. This includes:

• The installation of firewalls
• The creation of processes to install patches
• The installation of real-time intrusion detection or threat intelligence
• Encryption
• Access and identity management (physical and digital)
• Regular back-ups
• The segmentation of systems.

Creating a disaster recovery plan or business continuity plan can also help increase an organization’s resilience by ensuring it is ready deal with an incident and detail the steps needed to return to normal.

Staying vigilant

Ongoing vigilance is key and should be undertaken by both workers and technology. Monitoring of our networks, personnel and the environment should be continuous to pick up on threats as quickly as possible.

To aid vigilance, workers need to be trained. Cyber security awareness training should be carried out regularly, especially if new technology is introduced or novel threats emerge.

Also seek to ensure suppliers or any other organizations connected to the systems commit to regular audits and the installation of software patches as soon as they become available.

Developing a culture of security

To create a security-first approach that integrates information security throughout an organization, it is a good idea to implement a comprehensive information security management system, such as ISO 27001, which includes processes for physical, digital and legal risks.

ISO 27001’s 114 controls have been developed to help implement best-practice processes when it comes to integrating security into personnel, leadership and digital and physical assets. These processes include access control, operations security, system acquisition and maintenance, supplier relationships and incident management, giving the framework necessary to build a true culture of security within a manufacturing or engineering business.

The standard also can be extended with additional codes of practice to tailor it to an organization’s needs. ISO 27017, for example, provides additional controls that cover information security for cloud services, while ISO 27018 tackles the protection of personally identifiable information kept in a cloud.

Whether a management system is employed or not, it remains important to create an integrated defense strategy so security is as consistent as possible.

Claire Price is content marketing executive at QMS International. This originally appeared on Control Engineering Europe’s website. Edited by Chris Vavra, web content manager, Control Engineering, CFE Media and Technology, cvavra@cfemedia.com.

MORE INNOVATIONS

Keywords: cybersecurity, Industry 4.0

CONSIDER THIS

What is your company doing to address cybersecurity issues?

Original content can be found at www.controlengeurope.com.

For more cybersecurity coverage and information check out our sister site, Industrial Cybersecurity Pulse.