5 minutes with Schneider Electric’s Victor Lough
Why is cybersecurity important for manufacturers?
Cyber-attacks no longer focus only on stealing credit card numbers from banks. Disruption of core business processes via industrial control systems at manufacturing sites is also on the hacker agenda. When it comes to protection from cyber-attacks, most of us think of firewalls. However, firewalls are only one aspect of what now needs to be a comprehensive defence in breadth and depth security strategy for the Operational Technology (OT) environment. Cyber security is now evolving from a set of simple tools used to fend off attacks from hackers to a more formal approach of managing business risk.
Can you talk me through the current cyberthreats faced by manufacturers?
The attack landscape is getting wider, as the industry digitises and becomes more connected. Every connected device is associated with an endpoint that hackers could pinpoint to infiltrate and manipulate the entire digital ecosystem. Today’s smart factories now have hundreds - and even thousands - of connected sensors. A holistic approach to cybersecurity - from product security to supply chain protection - is imperative to mitigate this.
Another significant threat faced by manufacturers is their facility’s regular exposure to third-party access. It’s very common for external vendors/field service engineers to be granted privileges to access OT devices through their own laptops and USB devices, the internet, or fully hosted environments with little control. This broader access poses risk even if there is no inherent malicious intent. The attack surface widens with each connected laptop or thumb drive.
What is the best strategy for manufacturers when it comes to cybersecurity?
Account for cybersecurity in both product and process. Cybersecurity today is no longer an afterthought or a bolt-on solution. Digital products should be made resilient as they are developed and built in the factory. Once installed, these solutions are supported by services that allow factories to maintain high levels of protection and low levels of risk as the cybersecurity outlook continues to evolve.
Organisations that are introducing smart machines onto their plant floors should look to expert partners to perform audits to reveal any potential weaknesses or exposures in the system. Engineers with security responsibilities should then be consistent in downloading all cybersecurity software updates on a regular basis.
What is driving the need for smarter and stronger cybersecurity in manufacturing?
The increase in remote monitoring and third-party access has also led to a rise in cyber vulnerabilities. The IoT connected devices that have enabled so many businesses to quickly transition to homeworking bring challenges along with their benefits. These tools have essentially increased the ‘attack surface’ for hackers and, in many cases, have acted as an organisation’s Achilles heel.
With only 16% of cybersecurity professionals having more than a week to ensure that remote systems were secured before making the shift to remote working, it’s fair to say that the preparation for remote-access related security threats is far from mature in most cases. However, companies must now be taking stock of the new technology they have implemented. Building an awareness of the current risks is the first step in mitigating them.