Apr 1, 2021

Cybersecurity: Industrial needs industrial protection

David Pownall
5 min
David Pownall, VP Services at Schneider Electric discusses the importance of protecting industrial processes with cybersecurity...

Continuous innovation is probably one of the more important, if not the most important aspect of success. However, our desire to leverage innovative ideas can also bring us into risky territory. This is especially true in the context of the Industrial Internet of Things (IIoT).

Whilst IIoT benefits industrial facilities in many ways, this increased connectivity also poses a number of challenges and potential vulnerabilities. Between sensors, remote monitoring systems and the cloud, openness is essential to uncovering business insights from process and IT data. To truly reap the benefits of IIoT, industrial digitalisation projects must be built on a foundation of security.

When they hear cybersecurity, most people will think of data or intellectual property theft. However, those same transparent networks are also used to operate machinery and major industrial facilities. If these signals and indeed all data flowing on industrial networks are compromised it could pose a threat to a facility’s finances, and its safety.

Whilst there’s a lot to be gained by crossing the digitisation frontier, as many have seen over the past year, it’s critical that this progress is made securely. Industrial digitisation cannot be successfully carried out before strong, reliable cybersecurity is established.

A journey, not a destination

Industry requirements and standards such as ISO27001 can provide a consistent framework for industrial cybersecurity strategies. There is also a vast selection of cybersecurity solutions to help plant operators implement these standards. Much like health and safety, a cyber-secure facility requires enduring commitment and maintenance. In particular, ongoing efforts to create the right culture and educate the workforce on cybersecurity practices is vital. Effective cybersecurity strategies always involve people, processes, and technology from the start.

Companies tend to move through three different levels of maturity when it comes to cyber-secure digital operations: awareness, active management and finally, security excellence. It’s essential that companies recognise this process, and continually push themselves to move from the most basic, fundamental security policies to a fully-fledged, end-to-end lifecycle approach to cyber defence.

Cybersecurity is everyone’s job

Awareness is step one of any cybersecurity strategy. Many cybersecurity breaches and incidents are accidental – simple mistakes and human errors that are due to a lack of education and awareness – so it pays to get the fundamentals right. Addressing these basic kinds of risk should be a priority when embarking on an industrial digitalisation project and lays the foundations for a successful cybersecurity strategy.

An effective place to start in achieving this foundational security is building it into your company’s culture, training and employee experience. Cybersecurity is not the sole responsibility of the IT team, as it is often assumed. It’s therefore vital that security training is built into the entire employee lifecycle, for all team members. From recruiting to onboarding to employee development and succession planning, education, awareness and training is critical. By making everyone, everywhere responsible for cybersecurity, you can move employees from simply executing their traditional tasks to recognising that implementing and adhering to cybersecurity best practices is now part of their core responsibilities. 

Technology for efficient management

Having trained teams in cybersecure behaviours and created a culture that appreciates the importance of these, companies should further develop their cybersecurity strategies by adopting an active management approach. Active management cybersecurity strategies are designed to defend against more opportunistic or deliberate attacks. Most larger companies will typically have comprehensive organisation-wide cybersecurity processes in place with cybersecurity teams whose job it is to regularly review the performance and metrics of these processes. 

To reach this level of maturity, available technologies should be leveraged to plug the gaps that human efforts can’t necessarily fill. This technology comes in the form of anti-virus software and firewalls, installed across enterprise networks. Some organisations may even implement automatic monitoring, to bolster security 24 hours a day, 7 days a week.

To protect a facility from attacks that cause downtime, loss of intellectual property or other operational damage, active management is a must. However, at this level, enterprises are usually only protected from threats that originate inside their four walls. This level of vulnerability is unacceptable for critical infrastructure or anyone whose operations demand the next and highest level of protection.

End-to-end protection

At a fully mature level of cybersecurity, security excellence will be interwoven with every stage of a company’s processes, from end-to-end. At this level, protection defends against deliberate, skilled attacks on industrial control systems. Security Excellence secures not only a singular facility, but the entire value-chain. 

Cyber protection is even more critical where complex software from multiple sources connects to drive a business, and as cyber-attacks become more sophisticated and malicious, viruses or malware are more likely to enter via external parties such as partners, suppliers or even customers. Whilst many organisations are increasing their spending and commitment to cybersecurity internally, only 15% of businesses have reviewed the risks presented by their suppliers (Gov.uk, 2020). These external vulnerabilities are especially threatening to industrial organisations, who interact with a vast number of external parties on a daily basis.

In this way, protecting others is an important part of protecting yourself. Ongoing training and development programs should be put in place and best practices shared with supply chain members and customers – it is not enough to assume that your partners are implementing the same precautions as you are. Technology such as automatic monitoring should also extend to the supply chain and customers via Security Operations Centers (SOC).

The future is digital, and technology is ever-evolving, so reaching a fully mature level of cybersecurity requires more than a single initiative - a lifecycle approach is essential. To fully embrace the power of digitisation, it’s important to first make sure that cybersecurity is covered from the three angles of people, process and technology. As control systems, networks etc. evolve, so too must cybersecurity strategies and tools. Businesses who successfully commit to this can securely and confidently reap the many rewards to be had in the digital and connected future.

For more information on manufacturing topics - please take a look at the latest edition of Manufacturing Global.

Follow us on LinkedIn and Twitter. 

Share article

Jun 8, 2021

IMF: Variants Can Still Hurt Manufacturing Recovery

Elise Leise
3 min
The International Monetary Fund (IMF) claims that while markets are rising and manufacturing is coming back, it’ll push for global immunisation

After a year of on-and-off manufacturing in the US, UK, and the eurozone, demand for goods surged early last week. Factories set growth records in April and May, suppliers started to recover, and US crude hit its highest price point since pre-COVID. As vaccination efforts immunise much of the US and UK populations, manufacturers are now able to fully ramp up their supply chains. In fact, GDP growth could approach double-digits by 2022

Now, the ISM productivity measure has surpassed the 50-point mark that separates industry expansion from contraction. Since U.S. president Biden passed his US$1.9tn stimulus package and the UK purchasing managers index (PMI) increased to 65.6, both sides of the Atlantic are facing a much-welcomed manufacturing recovery. 

Lingering Concerns Over COVID

Even as Spain, France, Italy, and Germany race to catch up, and mining companies pushed the FTSE 100 index of list shares to a monthly high of 7,129, some say that UK and US markets still suffer from a lack of confidence in raw material supplies. Yes, the Dow Jones has made up its 19,173-point crash of March 2020, and MSCI’s global stock index is at an all-time high. 

Yet manufacturers around the world realise that these wins will be short-lived until pandemic supply chain bottlenecks are solved. If we keep the status quo, consumers will pay the price. In April, inflation in Germany reached 2.4%, and across the EU’s 19 member countries, overall prices have increased at an unusual pace. Some ask: Is this true recovery? 

IMF: Current Boom Could Falter

Even as Elon Musk tweeted about chip shortages forcing Tesla to raise its prices, UK mining demand skyrocketed; housing markets lifted; and the pound sterling gained value. The International Monetary Fund (IMF), however, cautioned that manufacturing recovery won’t last long if COVID mutates into forms our vaccinations can’t touch. Kristalina Georgieva, Washington’s IMF director, noted that fewer than 1% of African citizens have been vaccinated: “Worldwide access to vaccines offers the best hope for stopping the coronavirus pandemic, saving lives, and securing a broad-based economic recovery”. 

Across the globe, manufacturing companies are keeping a watchful eye on new developments in the spread of COVID. Though US FDA officials don’t think we’ll have to “start at square one” with new vaccines, the March 2021 World Economic Outlook states that “high uncertainty” surrounds the projected 6% global growth. Continued manufacturing success will in large part depend on “the path of the pandemic, the effectiveness of policy support, and the evolution of financial conditions”. 

Mathias Cormann, secretary-general of the Organisation for Economic Co-Operation and Development (OECD) concurred—without global immunisation, the estimated economic boom expected by 2025 could go kaput. “We need to...pursue an all-out effort to reach the entire world population”, Australia’s finance minister added. US$50bn to end COVID across the world, they imply, is a small investment to restart our economies.

Share article