Posted By Jeff Moad, November 10, 2015 at 10:18 AM, in Category: Cybersecurity
Recently I saw the “The Martian,” the excellent lost-in-space movie thriller directed by Ridley Scott. One of the great things about these kinds of suspense/thriller flicks is how the tension slowly builds. Gradually, as one thing after another goes wrong, you begin to realize the scope and depth of the problems arrayed before the intrepid hero. Potential disaster awaits at every turn.
Lately, the issue of cybersecurity is beginning to resemble a movie suspense thriller, with new threats continuously revealing themselves. The problem is that these threats are all too real.
Not long ago, cybersecurity-related concerns tended to revolve around the very real threats of data and identity and intellectual property theft. The prototype victims typically were consumer-facing retailers and financial institutions that, in some high-profile cases, saw hackers siphon off millions of customer records and account numbers.
While those cases were scary enough, they didn’t tend to target enterprises that were dependent on the reliable operation of very expensive physical assets—such as manufacturers.
That is changing, however, as bad guys begin to target physical assets and threaten to shut down physical infrastructure on which we all increasingly depend. This weekend, the New York Times reported that, within the last year, there have been 16 incidents in the San Francisco Bay Area in which someone cut underground fiber optic cables, bringing Internet access to a halt in some areas. No 911 service. No mobile or landline phone service. Hospital records inaccessible.
Of course, the manufacturing world has seen a preview of this type of thing. A few years ago, the sophisticated Stuxnet virus, most likely created by a nation-state, took over PLCs controlling Iran’s nuclear centrifuges and, at least temporarily, interrupted that country’s ability to produced weapons grade, enriched uranium. More recently, researchers demonstrated that they could exploit its Internet connections to gain control of a Jeep Cherokee.
Many of us have been dreading the escalation of these stories, when someone unleashes a similar virus that targets critical infrastructure such as power plants or, say, all the factories in the U.S. producing a certain, urgently-needed medicine. A recent Wall Street Journal survey of 625 IT executives in the U.S., U.K., France, and Germany found that 48% believe it is likely that, within the next three years, there will be a cyberattack on critical infrastructure that will result in the loss of life.
This cyber threat against infrastructure will only grow as the Internet of Things brings connectivity to most of the physical world.
So this is clearly a very present danger, and it is not one that—as we at one time believed—is limited to the data and intellectual property digitally stored in IT systems. It threatens every part of the manufacturing enterprise—from the supply chain to plant operations and even the post-sale operation of products in the field. As such, this cyber threat demands a coordinated, enterprise-wide approach, not one that is limited to the IT function and digital assets.
Unfortunately, manufacturers seem to be just beginning to realize the scope and potential severity of the cyber threats that their companies face. A new Manufacturing Leadership Council survey due to be released next month in the Manufacturing Leadership Journal found that many manufacturing executives, while aware of the rising rate of cyberattacks they face, still aren’t doing all they could to protect their companies. Only 35% have put into place a formal plan and strategy to combat cyberattacks in manufacturing.
Moreover, 62% said their companies do not have a budget for cybersecurity software, training, and education on the plant floor.
Perhaps even more disturbingly, even though most don’t have a budget for plant floor security software, the vast majority feel that, somehow, their plant floor equipment is well-protected. Only 6% of survey respondents indicate that their plant floor equipment and devices have a “high” vulnerability to a cyberattack.
And most manufacturing leaders still see cybersecurity as an IT issue. Sixty-two percent say that the head of their IT department is in charge of cybersecurity efforts in their companies. Only 12% say they have a chief security officer in that role.
The bottom line is that, as the cyber threat to physical infrastructure rises, many manufacturing leaders need to put more focus and energy into putting into place an effective, enterprise-wide plan to head off the threat.
Let’s hope that happens soon, because, unlike the events in a motion picture like the Martian, a space ship is not going to rush to our rescue. We are going to be responsible for our own happy ending.
Written by Jeff Moad
Jeff Moad is Research Director and Executive Editor with the Manufacturing Leadership Community. He also directs the Manufacturing Leadership Awards Program. Follow our LinkedIn Groups: Manufacturing Leadership Council and Manufacturing Leadership Summit