5 Cyber Risk (Loss) Scenarios for Manufacturing
Manufacturing is the process of taking raw materials and converting them into products or finished goods. This can be done either by using machines (industrial manufacturing) or through manual labor (artisanal manufacturing).
Modern manufacturing is a complex process that often involves multiple steps, including invention, design, engineering, marketing, finance, and accounting.
Some common manufacturing processes include assembly line production, Mass production, fabricated metal production, semiconductor device fabrication, food processing, soft drink bottling, tea bagging specific industrial process amongst others.
Some types of manufacturing include:
1. Food and beverage manufacturing
2. Textile manufacturing
3. Automotive manufacturing
4. Electronics manufacturing
Each type of manufacturing has its own unique set of processes, but there are some commonalities between them. In all cases, manufacturers need to start with raw materials, which they then use various methods to turn into a finished product. This usually involves some combination of production line assembly, machining, packaging, and testing.
What is the attack surface of a manufacturing company?
In computer security, an attack surface refers to the number of points (the “surface”) at which an attacker can try to enter a system and access its data or functionality. A system’s attack surface includes all of the avenues through which attackers could gain entry, as well as any weaknesses that might make those entry points accessible.
A manufacturing company’s attack surface includes all the points where an attacker could gain access to the company’s systems and data. This includes systems such as the company’s computer networks, internet-connected devices, physical security systems, industrial systems amongst others.
An attacker could potentially gain access to the company’s systems through vulnerabilities in its software or hardware, by hacking into its computer networks, or by stealing or intercepting its data.
In the manufacturing industry, companies use Operational Technology in addition of Information Technology in their environment. Operational technology (OT) monitors and/or controls industrial equipment, assets, processes and events. OT is increasingly becoming a target of cyber attacks.
Some examples of OT include:
* programmable logic controllers (#PLCs)
* Supervisory control and data acquisition systems (#SCADA)
* Distributed control systems (#DCS)
* Computer Numerical Control (CNC) systems, including computerized machine tools
Operational Technology is utilized in many sectors and environments, such as:
* Oil & Gas
* Power and Utilities
* Chemicals manufacturing
* Food processing and manufacturing
* Water treatment
* Waste management
* Scientific experimentation
* Critical Manufacturing
* Building Management and Automation
* Building lighting controls and automation
Often, OT is not considered part of the attack surface and not secured properly due to its historical characteristic of being air-gapped or basically not connected to the Internet.
OT connectivity refers to the ability of different OT systems to communicate with each other. This can be achieved through a variety of means, including cloud-based platforms, dedicated data networks, or even Bluetooth enabled devices.
Organizations are increasingly looking for ways to improve OT connectivity in order to increase efficiency and decrease downtime. By connecting different parts of the organization, companies can get a better overview of their operations and make better decisions about how to optimize their processes.
If this were to be compromised, an attacker could potentially disrupt or even sabotage production.
Another potential attack surface is the company’s intellectual property (IP). This could include things like trade secrets, product designs, and marketing plans. If this information were to leak, it could give competitors an edge or allow them to recreate products without having to go through the costly R&D process.
Of course, the People & HR department is another potential area of attack. This is where sensitive employee data is stored, such as social security numbers, addresses, bank account information amongst others.
What are the threats for a manufacturing company?
Threats faced by manufacturing companies include global economic uncertainty, tariffs and trade wars, rising labor costs, natural disasters, and cyber. To survive and thrive in today’s environment, manufacturers must be nimble and adaptable, using technology to automate processes and stay ahead of the competition. By understanding the landscape of risks faced by manufacturers and taking proactive steps to mitigate them.
In a recent survey, nearly half of all manufacturing companies reported that they had been the target of a cyber attack in the past year.
One of the key threats facing manufacturing companies today is cyber-crime. Cyber criminals are targeting manufacturing companies more and more, looking to exploit financial data, confidential customer information, and intellectual property but as well interrupting production lines and processes.
For example, a ransomware attack on the company’s computer networks could prevent employees from accessing critical files or programs needed to run the manufacturing process. This could result in a stoppage of production, loss of revenue, and possible damage to hardware or data.
A Scada system is used to control and monitor industrial processes, such as water treatment facilities, power plants, and oil refineries. If an attacker were able to gain access to these systems, they could potentially sabotage the operations or release hazardous materials into the environment. Here again, we hear that the scada systems are rarely connected to the Internet, however many times, the systems are exposed indirectly. There are a few different ways that you can connect devices to a SCADA system. One way is the connectivity between SCADA and Industrial IoT devices, enabling your enterprise to connect OT data to IT services for big data analytics.
Another way to connect devices is by using something called an OPC server. This is also a software program, but it runs on the device itself instead of on a computer. It communicates with the SCADA system over either Ethernet or wireless connections. OPC specifies the communication of the real-time plant data between control devices for different developers of SCADA software.
Finally, some devices can be connected directly to the SCADA system without any intermediary software. This can be done either by using a dedicated communications port on the SCADA system itself, for example for remote maintenance…
The most common cyber threats to manufacturing companies include:
1. Malware and viruses: Malicious software (malware) and viruses can enter manufacturing companies’ networks through infected emails, websites, or other digital files. Once on the network, these programs can wreak havoc by deleting important files, corrupting data, or even bringing production to a halt.
2. Phishing attacks: Phishing is a type of social engineering attack in which scammers try to trick employees into revealing sensitive information or clicking on malicious links. Manufacturing companies are often targeted with phishing attacks that purport to be from suppliers or business partners.
3. Ransomware: Ransomware is a type of malware that encrypts data and systems, then asks for a ransom.
What are the cyber vulnerabilities for a manufacturing company?
There are a number of cyber vulnerabilities for manufacturing companies, across IT, OT, people, and process. And, if a manufacturing company’s systems are hacked or otherwise disrupted, it can mean big losses in productivity and revenue. Moreover, if customer data is compromised in such an attack, it could damage the company’s reputation and lead to litigation.
Many manufacturing companies rely heavily on legacy systems and outdated software. This makes them vulnerable to exploitation by cyber criminals. For example, several manufacturing companies are still using Windows XP. Windows XP is no longer supported by Microsoft, so it has many vulnerabilities that are not patched. This means that your computer is more likely to be hacked if you are using Windows XP. In fact, according to one study, 95% of all infections occur on devices running Windows XP. So if you’re using XP, you’re putting yourself and the company at risk. However, updating such systems is also a challenge, and might not be that straightforward.
What are the cyber risks for a manufacturing company?
There are a few risks that manufacturing companies face, but one of the biggest is cyber.
Cyber criminals often target manufacturing companies because they have valuable data and intellectual property that can be stolen or ransom. They also try to disrupt or disable manufacturing operations, causing significant financial damage.
Let’s look at a few cyber risk scenarios:
- Production interruption: In fact, a 2019 study found that nearly 60 percent of manufacturers had experienced a cyber attack in the previous 12 months. And of those companies, more than one-third said the attack resulted in production disruptions. There are a number of ways that cyber attacks can disrupt production. One is by disrupting communication systems. This can make it difficult or impossible for employees to coordinate with each other, which can lead to errors and delays. Another is by damaging or destroying machinery. This can cause shutdowns and unwanted downtime. Finally, cyber attackers may ransom industrial control systems (ICS)or sensitive data in order to extort money from the company.
- Product recall: A cyber attack might lead to a change for example in food labeling. In many cases, the food itself might be fine, but the label is inaccurate. This can cause confusion and legal liabilities due incorrect labels on food products. When a product is recalled, it not only hurts the company’s reputation, but it can also cost them a great deal of money in terms of recalling and replacing the item.
- Equipment replacement: A manufacturing company might need to proceed with equipment replacement following a cyber attack and abrupt disruption. Generally speaking, it’s best to avoid stopping industrial equipment suddenly if possible. This is because doing so can often cause damage to the equipment or cause it to malfunction. The systems should be turned off in a controlled manner rather than sudden and abrupt stop.
- Physical damage, like fire: An attack on thermostats might lead to overheating and eventually even a fire, for example. IoT devices are becoming increasingly common in manufacturing environments. However, these devices bring with them new cyber risks. Most attackers access to IoT networks via the telnet protocol, a command line interface that enables remote communication with a device or server. Then, continue with their attacks Because IoT devices are not well protected or designed with security always in mind, the attacks might be pretty easy.
- Human loss: Accidents happen sometimes, and sometimes they can be fatal. Here are some examples of accidents that have occurred in factories, resulting in death: In 2010, an explosion at a gas plant in Xuecheng District, China, killed 11 people and injured 37 others. The cause of the explosion was blamed on a build-up of combustible gases. In 2012, a fire at a garment factory in Dhaka, Bangladesh killed 112 workers and injured scores more. Most of the victims were trapped inside the burning building because the exits were blocked or locked. In 2013, an explosion at a fertilizer plant in West, Texas killed 15 people. All those accidents did not happen due to a cyber attack, however a cyber attack can eventually lead to such catastrophic consequences due to further connectivity and technological dependence.
In order to protect themselves, manufacturers need to invest in robust cybersecurity infrastructure and educate their employees on best practices.
Cyber attacks examples
Several thousand My Book Live devices from major storage device maker Western Digital were entirely erased. A combination of two vulnerabilities contributed to this, the first of which allowed it to be hacked and the second of which was a serious security vulnerability that allowed hackers to remotely do a factory reset without entering a password.
It was in March 2021 that an organized gang of hackers was successful in gaining access to and controlling hundreds of security cameras designed and operated by Verkad, a Silicon Valley-based firm that provides “security (physical) as a service.” The malicious hackers gained access to the system after obtaining a set of Verkada user credentials that had been made available on the internet. Once they had gotten access to the Verkada database, they were able to migrate laterally across the network and take control of a super-admin account. From there, they were able to take over control of the cameras in order to execute further assaults and get access to video material saved on Verkada’s cloud servers, which included footage from more than 24,000 clients.
An incident occurred in December 2017 when a ransomware attack hit an Taiwanese semiconductor manufacturer. The malware spread to the company’s production computer network, prompting the shutdown of some facilities including those making chips for Qualcomm, MediaTek, Nvidia, Xilinx, Broadcom and Huawei chip unit Hisilicon Technologies. Tens of thousands of machines were affected.
Convergence between OT and IT in manufacturing is the coming together of operational technology (OT) and information technology (IT) into a single platform. This platform allows for the seamless sharing of data between devices, machines, and people across the entire manufacturing process.
The goal of convergence is to improve communication and collaboration within the manufacturing process in order to create a more efficient and productive work environment. By bringing OT and IT together, manufacturers are able to optimize operations, reduce waste, and improve product quality.
This convergence, however, is raising cyber risk and requiring immediate attention. OT has traditionally been isolated from IT, but the adoption of IoT is blurring the lines between these two domains. As more and more devices are connected to the internet, the potential for a cyber attack increases. To mitigate this risk, manufacturers need to take steps to secure their systems and protect their data. This can be done by hiring a cybersecurity professional who can assess your vulnerabilities as well as cyber risk, and help you put in place appropriate security measures.
Are you doing everything you can to protect your business from cybercrime? If not, now is the time to act.
Contact us today to learn how we can help you stay safe online.
By Magda Chelly
Chief Security Officer | TEDx Talk | Author & Keynote Speaker | IFSEC Global Top 20 Cybersecurity Influencer | Entrepreneur | PhD, S-CISO, CISSP, Cert SCI (General Insurance)
Find out on magda-on-cyber.com
- The IFSEC Global influencers in security and fire 2021
- Top Women in Security Asean Region 2021 Awards https://www.asiapacificsecuritymagazine.com/winners-and-judges-of-the-top-women-in-security-asean-region-2021-awards/
Follow Magda on her Social Media Accounts: