Tackling cyber vulnerability: know your exposures and how to protect against them
No company is immune from the rising risks surrounding cyber security and manufacturers now find themselves in the unenviable position of being the second most hacked industry, according to IBM’s latest intelligence index. In fact, manufacturers are facing a ‘perfect storm’ of cyber risk susceptibility, with this heightened risk of attack compounded by an increased vulnerability flowing from their own readiness to adopt new technology, which has seen the convergence of industrial control systems with ‘hackable’ enterprise systems.
To exacerbate things further, coverage for many of manufacturers’ most prevalent and potentially catastrophic risks are typically excluded from general liability and property insurance policies, leaving companies badly exposed. While tailored coverage can now be sourced through specialists, manufacturers must first understand their greatest areas of vulnerability in order to address these through a combination of risk management measures and effective risk transfer to protect their balance sheets.
The manufacturing sector has long been a leader in embracing technological advances and has become increasingly connected as a result, revolutionising user-machine interaction and the way in which systems communicate with one another. While this enhanced connectivity offers tremendous potential – faster production times, improved supply chain management, increased efficiency and accuracy of output – it is simultaneously increasing manufacturer vulnerability to cyber-attack.
Cyber criminals come in a variety of forms and their motives vary. One of the most underestimated threats to manufacturers is rogue employees, disillusioned with their employer or falling victim to blackmail. Yet the industry faces threats from traditional malicious actors too, such as hackers for hire funded by nation states or terrorist groups or rival corporations in their quest to secure highly valuable intangible assets – notably intellectual property – which often causes the greatest concern.
However, the potential for extensive physical damage and thus injury to those on site is also very real. Take the example of a blast furnace at a steel mill in Germany, which suffered a severe attack in 2014. A report by Germany’s Federal Office for Information Security revealed that hackers took control of the mill’s industrial control systems through hacking its enterprise systems. The unauthorised party was in control of almost all of the facility’s control systems and prevented employees from shutting down a blast furnace, causing irreparable damage to expensive equipment. This hack is thought to have been carried out by, or with the help of, a rogue employee.
An event as catastrophic as that of the German blast furnace serves to highlight the exposures of increased connectivity throughout the manufacturing industry. As the sector becomes more technologically advanced, the possibility of such an attack becomes ever more likely. It also highlights the shortfall in the preparedness of the industry; the Industrial Internet of Things has changed the risk landscape and it falls to manufacturers to ensure they are prepared for every eventuality.
Part of being prepared is investing in a fully comprehensive insurance solution. However, the most common risks facing manufacturers are rarely covered in standard insurance or even cyber-specific policies. The risks for which coverage gaps exist — when the loss is triggered by a cyber event — can broadly be divided into five categories:
- Business interruption – including physical damage to products, machinery and plant.
- Bodily injury of employees — which can cause crippling long-term costs
- Reputational damage — for failure to supply, insecure systems and defective products
- Supply chain risk – including costs for downtime, increased working and contractual penalties
- Intellectual property theft — a big driver of industrial cyber-attack
The problem for manufacturers is that many of their biggest exposures fall between two areas in insurance. Traditionally, cyber insurance policies do not offer cover for property damage or disruption in supply chains, as these are tangible risks avoided by the intangible focus of the cyber insurance market. Likewise, standard property policies do not offer cover in eventualities where property has been damaged due to a cyber security breach. Even general liability policies present gaps: in the event a hacker gains control and creates a dangerous working environment, or if unauthorised activity disrupts a business’ supply chain, neither would be covered because general liability policies do not typically insure against the outcomes of a cyber incident.
Manufacturers’ C-suites are increasingly aware of the mounting cyber threat they face but it’s imperative they understand the specific nature of the risks emerging and how best to mitigate them. Employees need to be educated on recognising these threats, weak links between interconnected operating and enterprise systems protected and any insurance coverage gaps identified and addressed through a bespoke programme tailored to each manufacturer’s need. Only then can manufacturers feel confident they have the most robust defence possible against the increasingly prevalent, insidious attacks.
By Tom Draper, Technology & Cyber Practice Leader at insurance broker Arthur J. Gallagher
Follow @ManufacturingGL and @NellWalkerMG
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.