The Cyber-Threat Shadowing Digitisation
As the manufacturing industry becomes ever more digitised and interconnected, whole supply chains are becoming vulnerable to cyberattacks. With the assistance of cybersecurity experts at Equilibrium Risk and Dragos, MEPCA examines this growing threat and how manufacturers can protect their businesses.
The global cost of cybercrime is projected to be 12 trillian dollars in 20251 , according to Forrester’s Cybersecurity, Risk, And Privacy prediction report, released last year. As previously reported in MEPCA, manufacturing has quickly risen amongst those industries most at risk from cybercrime. The embracing of digitisation in manufacturing and the increasingly interconnected systems it relies upon, where the breach in one system can impact an entire supply chain, have made it vulnerable to cyberattacks. More worrying is the fact that manufacturing is now being targeted, particularly by ransomware attacks.
For many manufacturers beginning their digitisation journey, this is highly concerning, as digitisation has become necessity to remaining competitive, so they have no choice to place their businesses in the path of this risk. In this feature, we identify the cybersecurity threats manufacturers need to be most aware of and determine what a robust cybersecurity strategy entails.
To assist us in this, we sought expert advice from Luke A. , Security Consultant and co-founder of Equilibrium Risk | Security Management for UK Manufacturing & Engineering , a company that provides expert cyber security services to the manufacturing sector, among other industries, and Phil Tonkin , Field Chief Technology Officer at Dragos, Inc. , a leading industrial cyber security company.
As manufacturers embrace digitisation, what cybersecurity threats should they be most aware of?
Ransomware figures highly amongst the risks that manufacturers face and involves encrypting data until a ransom is paid. As downtime is disastrous for manufacturing, this form of attack is particularly attractive to cybercriminals as the industry is more likely to pay the ransom than endure even costlier downtime.
Commenting on behalf of Dragos, Phil Tonkin explained: “Ransomware attacks are perhaps most notable, as multiple ransomware groups refine their techniques and enhance their capabilities. Recent Dragos research shows manufacturing is the most impacted industrial sector from ransomware perpetrators.”
Speaking to our editor, Luke Appleby also noted the prevalence of ransomware attacks, but highlighted the different level of threats faced: “Generally, threats are split down into four different categories. There’s internal threats, so people from within the business there are external threats and there’s obviously different varieties of those, including malicious threats and accidental threats … all the way up to state sponsored. And it could be an email with a link, but there’s also threats in the supply chain.”
Phil also pointed out the risk inherent risk in unprotected Operating Technology (OT) systems: “Additionally, the integration of Industrial Internet of Things (IIoT) devices often expands the attack surface, making OT systems more vulnerable to breaches. Legacy OT systems, which often lack modern security measures, are most at risk to attack.”
Further elaborating on this: “Legacy OT systems, which were often not designed with modern cyber threats in mind, can be a weak point. Outdated systems can lack basic protections like encryption and access controls. At the same time, the rapid adoption of IIoT devices can lead to insufficiently secured endpoints. Poor patch management can leave vulnerabilities unaddressed, making systems susceptible to exploitation, while misconfigured systems and a lack of network segmentation can create security gaps that attackers exploit.”
Adding to threats to be aware of, Luke highlighted something rarely considered: “If they [manufacturers] have electronic parts supplied, there is the threat of malware getting injected into microchips before they get welded to the motherboard. There’s an intrinsic vulnerability in that.”
What are the key components of a resilient industrial cybersecurity strategy?
With some of the threats identified, we look at how manufacturers can avoid these issue.
Phil: “A resilient industrial cybersecurity strategy for key operational technology must encompass several key components. Firstly, risk assessment and management are crucial for identifying and protecting critical assets. Strict governance and compliance procedures are also needed to ensure adherence to both regulatory requirements and the most up-to-date industry standards.
“Technology and infrastructure investments are required too, such as in advanced threat detection systems to monitor potential threats in real-time and allow for a fast response. Regular training and awareness programmes for all relevant employees help to mitigate the risks associated with human error. If a breach or attack does occur, having incident response and management plans in place to enact swift action to contain and remediate cyber incidents is a necessity.”
Most crucially, he concluded: “All manufacturing organisations should also look to ensure continuous improvement through regular reviews and updates to ensure strategies and technologies deployed remain effective against evolving cyber threats.”
Looking at it from business resilience perspective, Luke: “To be resilient, [you] have to go beyond threats. So we’ve got the threats as just the potential for something to happen. But from a business point of view, to be resilient, we have to take those threats. And we have to make those pertinent to our business. If it does happen, what could happen and what’s the impact to the business should it happen? Then we can start looking at mitigating those risks.
“It’s always assets that draw risk. So assets in the manufacturing organisation, so from machinery to people to assets, [including] intangible assets. And then you’ve got to look at the likelihood and impact against those threats. To be resilient, you’ve got to look at reducing the likelihood and obviously reducing the impact … there’s no security measures that are 100 % effective. It’s always about delaying or reducing the likelihood.
Conclusion
Cyber threats can never be completely prevented: they are just far too numerous and fluid to stamp out. Manufacturers simply cannot guarantee safety from such a threat without completely isolating themselves from their supply chain, returning to a predigital age, which is now an impossibility if they wish to thrive. What they can do is be aware of the latest risks and ensure they are implementing the latest in cybersecurity methods, and to know when taking greater risk is permissible, and when it should be avoided.
It is a certainty that AI will feature heavily in manufacturing’s future cyber-threats, but also just as certain is that AI will play a vital role in future cybersecurity solutions. The two are destined to evolve in parallel with one another, with one attempting to identify and the exploit vulnerabilities of current and future manufacturing systems, while the other attempts to plaster over them just as quickly. This cat-and-mouse game previously played by human consultants and hackers has itself been digitised.
Excellent to be included, thank you #UKManufacturing