Manufacturers Assemble Cyber Threat Responses
The manufacturing and automotive industries have embraced a technological revolution that is rapidly transforming many sectors of the industry and giving rise to a wave of significant advances. As detailed in the Global Risks Report 2016, the growing integration of physical production with computer networks brings new risks and expanding threats:
- Increased reliability on networks that control production lines means increasingly complex cyber supply chains.
- Hyper-connectivity means that manufacturers are collecting greater volumes of data on the habits of end users. For example, smart cars deliver GPS data to provide information on driving habits. Regulators are currently debating such data collection methods and whether controls might be needed.
- The products being developed have greater technology risks. For example, manufacturers are road testing GPS-guided, self-driving cars for consumer applications. 3D printing delivers on-the-spot, custom creation of parts and even entire products.
With enhanced connectivity comes increased vulnerability to cyber risks. In fiscal year 2015, the US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 295 cyber-incidents — a 20% increase over the previous year. Critical manufacturing accounted for fully one-third of those attacks.
Manufacturing executives should closely examine how their companies can be affected by the following:
- Malicious industrial espionage from a competitor or even a sovereign state.
- Disgruntled employees with the skills to infiltrate their employers’ IT networks.
- High-end hackers with criminal motives to steal money or data, or extort the company.
Reining in cyber risk at manufacturers requires that:
- Senior leadership be presented with approved and detailed cyber risk management plans.
- Cyber risk mitigation plans are tested and refined, with a focus on:
- Prevention — identifying and plugging gaps in one’s operations and supply chain network.
- Mitigation — including cyber insurance coverage.
Assessing one’s cybersecurity posture, using both internal and external professionals, can help make your organization risk ready and keep the assembly lines humming and the business running.