Manufacturing Under Attack
Manufacturing companies are under threat from cyber attacks more than ever before. In a report published by the manufacturing industry organisation Make UK, in association with the NCSC (National Cyber Security Centre), it was found that manufacturing is the third most targeted sector in the UK and that nearly half of the companies surveyed, 48%, have been hit by cyber attacks.
In fact, manufacturing regularly appears as one of the industries most under threat on the global stage, as cyber criminals and state sponsored groups attempt to steal intellectual property and data or use ransomware attacks for financial gain.
A report published earlier this year revealed that the manufacturing industry spent more than any other sector last year on ransomware payments, paying out $6.9m, according to a study by Kivu Consulting. This represents 62% of the total $11m+ of ransoms transferred to cyber-criminals throughout 2019, despite manufacturing only making up 18% of all paid ransom cases.
In June this year, Tait Towers Manufacturing, a major manufacturing company for live events industry also reported a data breach affecting the personal and financial information of its employees. The US-headquartered multinational company – that waited nearly two months before disclosing the incident – said an unauthorised third party had accessed a server and some employee email accounts.
One of the problems manufacturers face is a complex supply chain of smaller disparate companies, which is often targeted to identify weak links. Earlier this year, a team at Context Information Security identified a new threat group behind a concerted series of incidents targeted at the aerospace and defence industries in the UK and Europe. The AVIVORE group were using legitimate remote connectivity or collaborative working solutions to bypass well-defended perimeters and gain access to the prime target.
Whether the aim is to steal IP and data or demand ransoms, threat actors are developing increasingly sophisticated, multi-function attack tools and using Artificial Intelligence and automation techniques.
Despite efforts to layer up their defences, many organisations are unable to stay ahead of the attackers, while others are struggling to do the basics like patching old vulnerabilities in legacy systems. Many manufacturing systems were designed with efficiency, throughput and regulatory compliance in mind rather than security; while the increased use of smart, connected devices and sensors, hooked up to big data analytics technology, expose manufacturing to further attacks. In the Make UK survey, 35% of businesses said they are reluctant to invest fully in Industry 4.0 due to possible cyber vulnerabilities.
Time for a fresh approach
A fundamental assumption on which the traditional approach to security is based is that you can keep the attackers out. This is simply not true, otherwise we would not see successful cyberattacks. So there needs to be another way of protecting data. IT Security must rethink its traditional 'castle and moat' methods of protection and prioritise a 'data centric' approach, where security is built into data itself.
And this means protecting data wherever it exists: at rest, in transit and in use. Data at rest is stored in a digital form on a physical device, like a hard disk or USB drive. Data in transit is digitised information traversing a network, such as when sending an email, accessing data from remote servers, uploading or downloading files to and from the cloud, or communicating via SMS or chat. Data in use is information actively being accessed, processed or loaded into dynamic memory, such as active databases, or files being read, edited or discarded.
Securing data wherever it exists ensures that if it is stolen at any point, it remains protected and therefore useless to the thief - even if extracted by a member of staff. With transparent, 100% file encryption, all data will be protected no matter where it gets copied, because security is part of the file rather than a feature of its storage location. And by continuing the 100% encrypted principle, IT security experts no longer need to spend hours tweaking data classification rules, so that ‘important’ data gets more strongly protected.
Historically, there has been a trade-off between security and ease of use. For example, full disk encryption is easy to deploy, but security is compromised because a running system seamlessly decrypts any data for any process – legitimate or not. The good news is that we now have the technology and processing power to deliver both – full data protection that is transparent to the end user.
To stem the increasing number of attacks on manufacturing companies, it’s time to take a step up from a ‘high fences’ approach to data security and shift the focus from stopping threat actors getting access to data to protecting the data itself.
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.