Manufacturing Global hears from Censornet CEO Ed Macnair who reasons that while digital might hold the key to the future for manufacturing in the UK, the cybersecurity risks it brings must be addressed.
Faced with an uncertain future, British manufacturers are adopting next-generation technologies in an effort to boost productivity and remain competitive. However, while the Industrial Internet of Things (IIoT), artificial intelligence (AI), automation, and robotics are disrupting how the sector operates, these technological developments are also increasing its vulnerability to cyberattacks and data breaches.
As manufacturers become ever more connected, they must ensure measures are in place to tackle the growing onslaught of cyber threats they face, protecting their organisations against the theft of sensitive data and the disruption to their systems or operational technology.
The future is digital
The long-term prosperity of the UK manufacturing sector is under jeopardy. Commenting on the CBI Industrial Trends Survey for July 2019, Anna Leach, CBI Deputy Chief Economist, said, “UK manufacturers remain on the receiving end of a double whammy: the slowdown in the global economy and Brexit uncertainty. Trade tensions between nations such as China and the US only exacerbate the demand uncertainty.”
It’s perhaps unsurprising, therefore, that manufacturers have been turning to the latest advances in digital technology to help turn the odds in their favour. Indeed, three quarters of the respondents to a recent survey by PwC accepted they would need to adopt digital technologies in order to prosper.
This need hasn’t gone unrecognised by the UK Government. Its Industrial Strategy, published in late 2017, focuses heavily on technology as an enabler to productivity in the manufacturing sector, for example. To help facilitate this, it launched “Made Smarter” aimed at encouraging the widespread adoption of cutting-edge Industry 4.0 technologies across the entire UK manufacturing industry. Former UK Business Secretary, Greg Clark, said of the initiative, “We want to support companies of all sizes who want to develop new digital capabilities… we are committed to making sure manufacturers are best placed to take advantage of the opportunities being created by Industrial digitalisation.”
Digital is clearly seen as the future of manufacturing. But it brings with it a host of threats to the security of the industry.
According to a report by the EEF, the manufacturer’s organisation (now MakeUK), the manufacturing industry is the third most targeted by cyber criminals, after the finance sector and government. The report reveals that almost half of manufacturers have been victims of cybercrime at some point, with about a quarter admitting they had sustained financial or other business losses as the result of a cyberattack.
A fear of suffering such losses actually appears to be holding businesses back from adopting more advanced manufacturing technology. While nine in 10 manufacturers are investing in digital technology to some extent, more than a third said concerns over cyber security prevented them from investing fully.
Such fears are not unfounded. After all, the efficiency and productivity benefits that digital technology can offer a manufacturer can easily be undone as the result of a single cyberattack. Attackers tend to have one of three primary objectives in mind – to steal data, to gain business intelligence, or to disrupt systems or operations. And any one of these can have a negative impact on a manufacturing organisation’s productivity, its bottom line, or its reputation.
It’s imperative, therefore, that manufacturers consider the state of the threat landscape, where their own vulnerabilities may lie, and how they can best defend their business against attack.
Open to exploitation
To illustrate the extent to which manufacturers are vulnerable to attack, consider the growth of the IIoT. In basic terms, IIoT refers to a network of connected sensors, instruments and other devices across a factory floor, which leverage data analytics and AI-powered “smart machines” for greater automation, efficiency and productivity. So desirable are its potential benefits, global spending on IIoT platforms for manufacturing is expected to grow from $1.67 billion in 2018 to over $12 billion in 2024.
A growing number of connected “things” equates to a growing attack surface. Each of these things can be seen as an endpoint, and endpoints are vulnerable to exploitation by anyone with the will and the means to do so. By using such vulnerabilities as a point of entry, hackers can introduce malware into a manufacturer’s network; to exfiltrate sensitive corporate information, for example, or to take control of systems – and even shut them down. Sometimes, their aim may be simply to wreak havoc. Devices can be hacked to misbehave, performing the wrong action, or communicating the wrong information with other connected devices, causing them to fail.
Compromised devices can also be used to disable an organisation’s IT network as part of a distributed denial-of-service (DDoS) attack. Forming a botnet made up of a large number of compromised devices, attackers can bombard a victim’s server with queries, overwhelming it to the point that is no longer able to function.
These are, of course, only a few of the many threats faced by manufacturers today. Cyber criminals don’t rest on their laurels; they’re constantly updating and refining their attack techniques. And this continuous development makes it hugely difficult for manufacturers to detect a potential cyberattack, let alone defend against it.
Quick to react
Given the scale of the cyber threats facing the manufacturing industry, it’s essential that security solutions are as up-to-date and quick to react as possible. Any delay in identifying and preventing an attack can prove costly to a manufacturing organisation, and could have a knock-on effect on its wider supply chain.
Essentially, knowledge is power. The ideal solution would be to integrate all of an organisation’s existing security products using real-time intelligence – on user activity, device behaviour and network activity – combined with the latest threat intelligence from different operation centres and third-parties such as suppliers and customers. Armed with the knowledge needed to identify potential threats to the network – the moment they emerge – such a defence platform could act autonomously, and strike – often before the threat has even entered the kill chain.
As a result of current uncertainty around Brexit and concerns around the wider economy, the future of the UK’s manufacturing industry is in a precarious position. Offering the opportunity to improve operational efficiency and productivity, manufacturers must embrace advances in digital technology if they are to remain competitive. They must be mindful, however, of the opportunities this technology also offers cyber criminals, and ensure provisions are in place to protect against them. Any security solution must be ready to act instantaneously. Factory floors may be becoming more automated, but when it comes to security, autonomy is more important than automation.