Manufacturing and Cyber Security: A 5 Step Process to Create Internal and Customers’ Peace of Mind
Editor's Note: As we see the transition to digital manufacturing and the use of the cloud and other web-based systems, manufacturing and cyber security continue to collide. Further, as a provider of a web-based transportation management system, Cerasis has our own documentation on how we protect our customer shippers. You can view our document as a helpful guide for your company here.
Cyber security is rapidly becoming a dominant concern for manufacturers and consumers. According to Andy Szal, the global cyber security market will grow between 20 and 25 percent annually through 2021. Cyber security is often applied to the consumer-driven parts of business, such as logins to internet sites and health care-related information. However, cyber security has become a critical component of effective management in manufacturing. Let’s take a look at how cyber security is changing to become a key focus for the peace of mind of consumers and internal processes of a manufacturer.
When Did Manufacturing and Cyber Security Come Into Focus?
In 2010, explains Robert Krauss, the Stuxnet computer worm attacked programmable logic controllers in manufacturing settings. These controllers were responsible for the automation of many manufacturing processes, and the unheard-of attack left great damage in its wake. As a result, manufacturing and cyber security measures and polices quickly came a concern.
How Does a Cyber Security Threat in Manufacturing Impact Customers?
For consumers, cyber security threats may impact personal or financial information. For example, a consumer orders a product online, and the billing information is transmitted to the manufacturer. If the manufacturer does not have strong security standards in place, the information is vulnerable to attacks. Yet, cyber security vulnerabilities affect consumers in another way.
Think about the cost of a cyber security breach. It may cost the manufacturer proprietary information, unique formulations in creating a product faster, identification of product locations, which could be used for stealing product during shipment, loss of control over the market, and more, asserts Nate Kube. Unfortunately, each of these instances represents an added expense to the company. Since all businesses, including manufacturers, rely on profit margins to survive, each added cost implies an increase in the cost of the product to consumers. As a result, consumers may end up paying more for the same product, which brings the cyber security process back to the mindset of consumers.
How Does a Manufacturer Identify Cyber Security Threats?
What should be protected from vulnerabilities in manufacturing and cyber security? This question seems like a common-sense application of cyber security. However, nearly any process in manufacturing can be subject to a breach in security, especially when considering the level of connectedness in modern manufacturing settings. As a result, manufacturers must “think outside of the box” to assess and identify cyber security threats.
As explained by the cyber security mogul, Booz Allen Hamilton, manufacturers need to follow a series of steps in assessing, identifying, and creating or updating cyber security standards. These steps include the following:
- The manufacturing setting needs to be considered a fully-integrated setting, even if some processes are not integrated into the Internet. Although many breaches start in IT networks, the hackers or attackers may jump into other parts of the setting through connected devices. Furthermore, some connected devices may actually include information about the non-connected process.
- Assign cross-organization accountability in maintaining cyber security. For example, a manufacturer may use Cerasis to maintain cyber security in transportation management systems, as well as in other parts of shipping processes. Additionally, manufacturers must view cyber security measures as a fundament component and aspect of business, and metrics should be in place to track the effectiveness and use of cyber security initiatives across an organization, including minor and major roles in manufacturing settings, such as janitorial services and executive-level leadership.
How to Implement a Cyber Security Policy
Often, manufacturers forgo implementing or updating cyber security policies due to misconceptions about the needs of the organization. For example, a policy that’s viewed as unreasonable or probably not likely to occur may be avoided. In reality, unlikely points of vulnerability are more likely to be targeted by hackers. As a result, manufacturers must implement the “unusual scenario” cyber security policies too, and manufacturers can make the process simpler by using Salo Fajer’s recommendations in Industry Week, which include the following steps:
Step 1: Identify Trade Secrets and Proprietary Information.
This information is critical to the success of a business, and in some cases, the entire business may rely entirely on a key piece of information. For example, the formula for a new cleaning product may be the only thing that stands in the way of a hacker using the formula to create a counterfeit product.
Step 2: Identify Where Information From Step 1 Is Located.
Regardless of the security of an organization, all parties in the organization, from janitorial service providers to executive-level leadership, need to know where pertinent, critical information is stored. This includes both physical and digital storage locations. This may seem counterintuitive, especially since 36 percent of manufacturers reported employees were the likely source of a data breach, asserts Robert Krauss. However, these causes may have been unintentional. For example, an employee plugged in a “found” USB storage device into a computer, and the device contained a Trojan virus. If employees knew where information was located, they could take steps to ensure the information is not available when printing, using, editing, or accessing it. For example, the employee would not access the work-server from an unsecure location if the information is known to be in the superficial files of the server.
Step 3: Label Information From Step 2.
Any information found and identified in Steps 1 and 2 should be labeled as such. This will help employees identify information and help deter cyber security threats.
Step 4: View Cyber Security From an Attacker’s Point of View.
Attackers or hackers are going to try to devise malicious ways of accessing your information, such as posing as a repair man for your building. By thinking of these strange, unusual ways of breaching security, you can actually help avoid cyber security breaches. Try conducting a penetration test.
Step 5: Make Cyber Security a Priority Across the Organization.
Manufacturing and Cyber security should be considered as a company-wide goal and policy. Information on cyber security should be included in basic training for new hires, and manufacturers should consider holding recertification in-services throughout the year to ensure employees understand its role in the company.
Cyber security threats are real. A single breach destroys the perception of trust and rapport with consumers, and manufacturers could lose vital information about key manufacturing processes, especially proprietary information. By understanding the need for cyber security and how to monitor, create, analyze, and implement cyber security measures, customers and the manufacturer can attain peace of mind in the ever-increasing, digitally-connected world of manufacturing.