Getty Images
Cybersecurity 5e7cc74c6fbc9 5e8388b5341d1

With Opportunity Comes Vulnerability

March 31, 2020
As the IIoT creates highly complex networks, manufacturers face far more cybersecurity risk.

Spear-phishing. Drive-by downloads. Watering hole attacks. Wrappers. The language may be captivating and even amusing, but the reality it represents is not so alluring. While the novel coronavirus has introduced fresh concerns for manufacturers, cyber threats have never gone away. And as bad guys become more cunning, manufacturers must scramble to stay ahead of them even as they navigate new public health and economic uncertainties.

Why has the threat of cyber terrorism risen dramatically in recent years? A key reason is that the successful convergence of information technology and operations technology – so critical to reaping the rewards of Industry 4.0 – has also opened the back door to cybercriminals. A new report, Securing Critical Operational Technology in Manufacturing, by the Manufacturers Alliance (MAPI) and cybersecurity firm Fortinet found that operational technology security at large manufacturers is considered a top-five business risk, yet there remains high variability in corporate security practices and capabilities, including activities for monitoring and responding. 

It’s worth a brief review of the evolution of cyber terrorism. A few years back, former CIA and National Security Agency chief Mike Hayden warned our members that the risk to manufacturers was diversifying and escalating quickly. First-generation cyberattacks had involved the theft of personal identities and money. But enhanced connectivity on shop floors around the world changed the profile of the bad guys. Second-generation thieves started targeting companies’ intellectual property (IP) so they could either make counterfeit products, sell the information, or use the IP to jump-start their own designs. Next, rogue nation-states like North Korea, Iran, and Russia found success in disrupting not just political processes but individual businesses in other countries. Finally, perhaps most dangerous of all because of the difficulty in tracking them down, individual hacktivists emerged, dedicated to creating chaos in government and business systems around the world. 

And now manufacturers are more vulnerable than ever. As the Industrial Internet of Things creates highly complex networks, manufacturers are exposed to a far greater variety of risks.  Not only are their internal systems now connecting outside the factory walls with assets not designed for data connectivity, the so-called “attack surface” continues to grow exponentially with the growth in the wireless transfer of data, third-party access, and interconnected supply chains.

The study found rapidly changing attitudes and approaches to this business menace. For example, a majority of companies told us that over the past 12 months, they faced at least one specific security incident that resulted in unauthorized access to data – a sizable jump from just a few years ago. For those who experienced a breach, the most commonly reported setback was operational outages affecting productivity.

Manufacturers’ incidence levels aren’t the only thing inflating. As IT and OT converge and the attack surface expands, cloud, IoT, email, mobile devices, and thumb drives rank highest among OT exposures to cyber risk recognized as falling outside of the firewall. Our research shows that phishing and malware, and to a somewhat lesser degree spyware, remain the most common forms of attacks outside the firewall. But our survey also found increased concern in recent years over the growing number of advanced tactics used by cyber terrorists. These include, in order of perceived threat level: mobile security breaches; insider breaches (through carelessness, well-intentioned actors, or bad actors); SQL injection (executing malicious statements in SQL programming code); Man-in-the-Middle (MITM) attacks on communications; Distributed Denial-of-Service (DDoS) disruptions; and Zero-Day attacks on unknown or unaddressed software vulnerabilities. 

Stephen Gold is president and CEO of MAPI, the Manufacturers Alliance for Productivity and Innovation.

About the Author

Stephen Gold

President and Chief Executive Officer, MAPIhttps://www.mapi.net/

Previously, Gold served as senior vice president of operations for the National Electrical Manufacturers Association (NEMA) where he provided management oversight of the trade association’s 50 business units, member recruitment and retention, international operations, business development, and meeting planning. In addition, he was the staff lead for the Board-level Section Affairs Committee and Strategic Initiatives Committee.

Gold has an extensive background in business-related organizations and has represented U.S. manufacturers for much of his career. Prior to his work at NEMA, Gold spent five years at the National Association of Manufacturers (NAM), serving as vice president of allied associations and executive director of the Council of Manufacturing Associations. During his tenure he helped launch NAM’s Campaign for the Future of U.S. Manufacturing and served as executive director of the Coalition for the Future of U.S. Manufacturing.

Before joining NAM, Gold practiced law in Washington, D.C., at the former firm of Collier Shannon Scott, where he specialized in regulatory law, working in the consumer product safety practice group and on energy and environmental issues in the government relations practice group.

Gold has also served as associate director/communications director at the Tax Foundation in Washington and as director of public policy at Citizens for a Sound Economy, a free-market advocacy group. He began his career in Washington as a lobbyist for the Grocery Manufacturers of America and in the 1980s served in the communications department of Chief Justice Warren Burger’s Commission on the Bicentennial of the U.S. Constitution.

Gold holds a Juris Doctor (cum laude) from George Mason University School of Law, a master of arts degree in history from George Washington University, and a bachelor of science degree (magna cum laude) in history from Arizona State University. He is a Certified Association Executive (CAE).

Sponsored Recommendations

Navigating ESG Risk in Your Supply Chain

Sept. 26, 2024
Discover the role of ESG in supply chains, from reducing carbon footprints to complying with new regulations and enhancing long-term business value.

Understanding ESG Risks in the Supply Chain

Sept. 26, 2024
Understand the critical role of ESG in supply chains, the risks for hiring companies, and the competitive edge suppliers gain by prioritizing sustainability.

Best Practices for Managing Subcontractor Risk

Sept. 26, 2024
Discover how to effectively manage subcontractor risk with unified strategies, enhanced oversight, and clear communication for consistent safety and compliance.

Building a Culture of Support: Suicide Prevention and Mental Health in the Workplace

Sept. 26, 2024
Find best practices for setting up an organizational culture that promotes positive mental health and suicide prevention.

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!