IoT security top of mind for smart manufacturing
In a recent blog post Eric Ehlers, marketing manager for manufacturing and energy at Cisco, noting the numerous opportunities for cyber exploitation faced by manufacturers–legacy equipment with dated or no security protocols, an IT/OT disconnect, guidelines laying out responsibilities and access and “never conducting a risk assessment”–emphasized the importance of strong security in smart manufacturing.
“It’s no secret that manufacturers are concerned about security,” Ehlers wrote, citing recent ransomware attacks that “have shown that manufacturing is a rich target for threats that cause physical damage, facility downtime and breaches of customer data and intellectual property.”
For instance, in June Honda was hit with the WannaCry virus and had to stop production at its plant in Sayama, Japan, where the company builds the Accord, Odyssey and Step Wagon with an output of about 1,000 vehicles per day, according to Reuters.
To support his point, Ehlers pointed to findings of Cisco’s 2017 Midyear Cybersecurity Report:
- 28% of manufacturers lost revenue due to cyber attacks;
- 46% use at least six different technology vendors, some more than that;
- About 60% have “fewer than 30 employees dedicated to security, while 25% consider a lack of trained personnel as a major obstacle in adopting advanced security processes and technology.”
When WannaCry was at its height, Chris Hamilton, MESA International Cybersecurity Working Group co-chair, weighed in sources of cyber security risks in a post to the group’s blog. “The biggest risk,” he wrote, “is generally not our base laptops–or surfing the web (although this is frequently the entry point), but un-patched and unsupported production systems and our development virtual machines (VMs) scattered across various storage devices.”
Hamilton recommended a keen focus on keeping IT systems up to date in terms of patches or updates to security protocols. He also advised smart manufacturing interests to communicate the “immediate risk of ransomware,” and work collaboratively to “mitigate risks through project or support efforts to develop and ensure patching becomes a focus of your business.”