Is your manufacturing company practicing proactive cybersecurity?
Manufacturing companies are one of the most popular targets for cybercriminals, based o...
Four methods manufacturers can take right now to remain secure
Manufacturing companies are one of the most popular targets for cybercriminals, based on the sheer amount of classified information they hold. In fact, a recent report from IBM X-Force Research’s 2016 Cyber Security Intelligence Index found that the sector is the second most-attacked industry behind healthcare, with automotive manufacturers and chemical companies scoring as the top targets for attackers.
Hackers’ intentions can vary when targeting the industry, but they are typically financially-motivated, state-sponsored attacks, which occur when government-funded organizations break into a network to steal intellectual property (IP) and trade secrets. These groups are some of the most sophisticated hackers, using a high level of expertise when targeting companies. They seek extremely valuable IP to further the betterment of the people in their country, or perhaps more commonly, for financial gain.
Prevention methods for every manufacturer
With the continuous increase in cyber threats, and large organizations in nearly every sector making headlines as a result of data breaches, it can seem overwhelming to evaluate just where to start to protect a manufacturing company’s data. Let’s break it down:
First and foremost, manufacturers should have a vulnerability management plan in place, and conduct ongoing vulnerability scans. These regular scans can help find unpatched systems and holes, which is often where hackers find their way in. In fact, most of these attackers are not leveraging zero-day vulnerabilities all the time; instead, they are taking advantage of vulnerabilities that have been out for years.
Next, it’s highly critical to prioritize security awareness, and promote this notion to all employees, from the C-suite to temporary hires and third party contractors. From my past experience at a chemical manufacturing plant, I found that 40 to 50 percent of attacks by state-sponsored groups were conducted via spearphishing. These attacks are spread through malicious emails that appear to be from an individual or business that you know, though it isn’t. Employees think the email is from a trusted source, click links within the email, and just like that, a hacker has entry into the company’s network.
A strong example of proactive security awareness is to conduct regular white hat phishing campaigns, where an organization sends out phishing emails to employees that are not malicious, but simply used for education and to gain an understanding of threat levels. This white hat phishing technique captures important data on who is likely to fall victim to an attack, and why. It provides users with education on how to recognize and identify a malicious email, and what to do about it. However, while this is important, manufacturers must also understand that they can’t rely entirely on employees doing the right thing – mistakes will happen and links will inadvertently be clicked.
As employees get up to speed on cybersecurity, an incident response plan should also be in place. This plan should be ongoing and continuously tested, for maximum effectiveness when an incident does occur and organizations have to respond. The incident response plan should feature a few “must-haves,” including:
- Involvement from all levels within an organization, including the CEO, CFO and more. This is not just a project for the IT team. Involve the right people, and ensure there’s a point person who can lead during an incident and make proper, fast decisions when needed.
- A methodical approach on how to respond to an incident. Each incident is different in nature, but should fall under a certain classification, such as high, medium or low risk, so individuals know how to proceed.
- The framework of each type of incident (for example, is it state-sponsored or hacktivism) should also help determine the prescribed approach to take.
Lastly, organizations should harden the security configurations of systems and servers, including revoking privileged access to endpoints. Malware, for instance, requires administrative level privileges to execute on machines. If an organization took these administrative privileges away, nearly 90 percent of infections on machines would stop – all via one fairly simple fix.
Don’t forget that security controls do hinder on culture. How hard is it to implement certain protocols in your organization? IT can make a recommendation for application whitelisting, which is when organizations prevent the usage of unapproved applications that can be launched on end-user / server computers, but it can be extremely difficult to implement since applications within a manufacturing environment can be so diverse and users may be averse to these restrictions. Evaluate your internal culture to determine which procedures are best to secure the business.
Conclusion: metrics matter
With all of the aforementioned prevention methods in place, manufacturers must also understand just how their organization is performing when it comes to cybersecurity. Are the number of threats detected decreasing? Is employee security awareness increasing through the reduction of the number of links or attachments clicked? For this reason, it’s recommended that organizations take a KPI (Key Performance Indicator) perspective to cybersecurity, by setting goals and metrics to improve security stature. Manufacturing companies should have an ongoing, metrics-based intelligence-driven security program in place to evaluate the effectiveness of common programs, like vulnerability management, data loss prevention and antivirus protection.
With these metrics in place, organizations can develop a heat map of sorts, to outline where they should be focusing their efforts and/or where they should continue to invest in protecting their most sensitive assets. This security snapshot will assist in keeping every aspect of a business secure and prepared, making it that much more difficult for even the most sophisticated hacker to take off with a manufacturer’s crown jewels.
By Tim Bandos, Director of Cybersecurity, Global Services, Digital Guardian
Follow @ManufacturingGL and @NellWalkerMG
Lion Electric to Construct US EV Manufacturing Facility
Who is Lion Electric?
Founded in 2008, is an innovative manufacturer of all-electric, zero-emissions, medium and heavy-duty urban vehicles. Lion Electric designs, manufactures, and assembles all components for its vehicles that have unique features specifically adapted to the users and their needs. “We believe that transitioning to all-electric vehicles will lead to major improvements in our society, environment and overall quality of life,” believes Lion Electric.
Lion Electric’s new Illinois Manufacturing Facility
Just two months after announcing plans to construct a battery manufacturing plant and innovation centre in Quebec, Lion Electric is expanding its locations further, selecting Joliet, Illinois for its new manufacturing facility in the US.
The new facility is said to “represent the largest dedicated production site for zero-emission medium and heavy-duty vehicles in the US,” as well as being the company’s biggest footprint in the market. The new facility will give Lion Electric the capacity to meet increasing demand for ‘Made in America’ zero-emission vehicles and bring production closer to customers.
It is expected that the first vehicles off the production line will be in the second half of 2022.
“Lion’s historic investment to bring its largest production facility to Illinois represents not only a win for our communities, but a strong step forward in our work to expand clean energy alternatives and the jobs they bring to our communities,” said Gov. J.B. Pritzker.
“The new Joliet facility will put Illinois at the forefront of a national movement to transition to zero-emission vehicle use, advancing our own goals of putting one million of these cars on the road by 2030. In Illinois, we know that a clean energy economy is about more than just vehicles – it’s about healthier communities and jobs for those who live there. We are excited to welcome Lion to the Land of Lincoln and look forward to their future success here.”
Lion Electric’s Agreement with the Government of Illinois
Over the next three years, Lion Electric will invest a minimum of US$70mn into Illinois. The new facility - totalling 900,000 square feet - is expected to create a minimum of 745 clean energy direct jobs in the next three years, and have an annual production capacity of up to 20,000 all electric buses and trucks.
Scaling electric bus production and decarbonising freight and transportation
As the US moves to electrifying its school buses, the additional production capacity at the facility will help Lion Electric to scale its electric bus production, as well as produce an increased volume of heavy-duty zero-emission trucks to help governments and operators in the US further the decarbonisation of freight and transportation fleets.
“Lion is the leader in electric school buses and has always been dedicated to the U.S. market, and our commitment to be close to our customers is one of the core values we have as a company. This significant expansion into the U.S. market will not only allow us to drastically increase our overall manufacturing capacity of electric trucks and buses but to also better serve our customers, while adding critical clean manufacturing jobs that will form the backbone of the green economy,” said Marc Bedard, CEO and Founder of Lion.
“I also want to acknowledge the crucial role that P33 and Intersect Illinois, civic groups committed to developing developing a long-term roadmap for the local tech industry, played in connecting Lion with the Chicago area’s business and civic community to help further commercial traction, as well as engagement with key workforce and supplier partners.”