30, April 2017
Cybersecurity: Protecting Manufacturing Technology and Innovation
By Pat Toth on · Cybersecurity
Recently a segment on my favorite morning news program stopped me in my tracks. The young and attractive hosts (why are they always so young and attractive?) were demonstrating new appliances including a smart refrigerator. The fridge was equipped with all kinds of high-tech features including touch screen displays, a camera inside that allows you to see the contents and Wi-Fi connectivity. You can see inside your fridge while grocery shopping, how convenient! But I must ask, how secure is it?
The Internet of Things (IoT) is revolutionizing everything from home appliances, nanotechnology and cloud computing, to manufacturing. Advancements are enabling manufacturers to become more innovative, productive, efficient and globally competitive. Computers, the internet, and digital devices are positively impacting communication, operations, product developments, and more. As we increase our connectivity we must also be aware of the importance of cybersecurity for manufacturers.
Jared Newman recently wrote in Fast Company, “Smart homes and other connected products won’t just be aimed at home life. They’ll also have a major impact on business. And just like any company that blissfully ignored the Internet at the turn of the century, the ones that dismiss the Internet of Things risk getting left behind.”
The Importance of Cybersecurity for Manufacturers
Technology has evolved and empowered manufacturers in a variety of ways, and companies have become increasingly reliant on computer systems and IT. Because of this, cybersecurity has emerged as such a critical topic in the industry. Strong cybersecurity practices are crucial to:
- Defending your company’s vital data and information.
- Preventing theft or damage to your infrastructure, equipment and systems.
- Avoiding major disruptions to operations and the delivery of products.
- Protecting your employee’s personal information.
- Shielding your organization from negative publicity.
Manufacturers are unfortunately a frequent target of hackers and attackers. According to a report from the U.S. Department for Homeland Security, manufacturing is the second highest industry with the most reported cyber attacks, only subsequent to the energy sector. Foxconn, an international manufacturer of electronics, was attacked in 2012 and all of its employee’s login information was released publically. A Honda breach in 2010 resulted in the disclosure of personal vehicle identification numbers.
A Kaspersky Lab Survey of IT managers published in Virus News also found that “21 percent of manufacturers suffered a loss of intellectual property (IP) within the past year.” The most commonly cited reason was malware (computer viruses, spyware, etc.), although a host of related issues including software susceptibilities and misplaced or stolen mobile devices were listed as causes as well.
Three Tips for Improving Cybersecurity
Cybersecurity is a complex issue and there are no “quick fixes” to address it. IoT has made security an even more difficult challenge. However, there are things you can do to improve your cybersecurity posture. Here are three important factors to consider:
- Be proactive about prioritizing cybersecurity initiatives: Lapses in cybersecurity are very costly. An IndustryWeek article, “Cyber Security on the Factory Floor,” highlighted studies showing that “the average cybersecurity data breach costs more than $3 million.” Don’t wait to get hit.
- Prepare for the worst: In a Manufacturing Business Technology article highlighting the 2016 biggest cybersecurity issues facing manufacturers, cybersecurity professional Andrew Ginter, said, “The biggest mistake I see routinely is an overemphasis on vulnerabilities in cyber-risk assessments, rather than attacks.” Don’t just focus on the short-term—your organization needs a developed contingency plan in the event of an attack. Conducting a simulation of an attack has been beneficial for manufacturers looking to develop a comprehensive plan.
- Communicate with employees and vendors: Human error occurs, which is why everyone from the CEO and down should be trained about cybersecurity and data protection. Include policies in your employee manuals and regularly have your staff trained on best practices.
Digital Manufacturing Pilot
NIST MEP is working to improve cybersecurity for small- and medium-sized manufacturers across the U.S. We have partnered with the Digital Manufacturing and Design Innovation Institute (DMDII) to operate a joint Digital Manufacturing Pilot. This pilot will address technical opportunities and challenges and also assist manufacturers with a basic understanding and implementation of digital manufacturing approaches.
In addition to improving cybersecurity, the partnership will address specific topics under the digital manufacturing umbrella, including innovative engineering approaches and improved supply chains operations.
As the Internet of Things evolves and becomes a fixture in manufacturing, cybersecurity will continue to be an issue that small manufacturers must address. As you connect more and more devices to the internet, ask yourself, “how secure is it?”
Pat is a Computer Scientist at NIST MEP and serves as the Cybersecurity Program Manager. Pat has over 30 years of experience in Cybersecurity and worked on various NIST Cybersecurity guidance documents including "NISTIR 7621 Small Business Information Security: The Fundamentals".
The post Cybersecurity: Protecting Manufacturing Technology and Innovation appeared first on the Manufacturing Innovation Blog.