The term saboteur is a bit of an urban myth, originally used as a way to describe French workers who would throw wooden shoes (sabots) into gears of machines to ruin them. In actuality, these workers used the noise of the loud wooden shoes to disrupt working conditions. Despite the misnomer,
I would argue that a variant on the modern-day saboteur could more appropriately be redefined as a “
In modern times, we’ve seen physical assets targeted by
You may be familiar with some stories of production lines like the 1972 Chevy Vega line that was internally sabotaged by workers who complained about the production line
More recent examples include Elon Musk and the leaking of proprietary data to outside competitors, or the physical damage done to a German steel plant by hackers who sabotaged the plant through a very sophisticated phishing attack.
And now it’s not just machine downtime manufacturers need to be concerned with. Data centers all over the globe are vulnerable
After a while
This chip would ultimately have enabled attackers to access a backdoor into key areas of the network and potentially gain access to anything they could.
How This Impacts Your Manufacturing Business
The Amazon Web Services story is an extreme example of a sophisticated attack and it’s likely that your company isn’t the target of this comprehensive an attack. Still, it should teach you something that is critical to the longevity of your company. Take information security/cybersecurity seriously.
A damaging attack could impact the technological backbone of your company, warehousing, supply chain, or any back-office function.
A loss of production controls could create machine downtime that would prevent you from manufacturing—or perhaps cause you to make the parts incorrectly, which could be incredibly dangerous.
Data breaches and ransom attacks are often quick, quiet, and can easily go undetected until it’s too late and the damage is done.
These attacks can be just as effective as physical ones, but rather than physically shutting down an assembly line or destroying raw materials, the attacks will cripple the machines, hold them ransom, destroy or steal intellectual property, or completely incapacitate machinery over time.
Another Case for Manufacturing Cybersecurity
Still not convinced that cybersecurity is
Let’s assume that you are a manufacturer of a part that helps make up the hottest gizmo in the marketplace. Your critical component is only manufactured by you and is vital to the success of the product.
Now, let’s also assume that you are like many manufacturers who focus more on the capabilities of your manufacturing plant than the computer network that supports it.
Assume, too, that you are like many business owners in the manufacturing sector who would rather buy a new piece of equipment, hire more employees, and pursue automation to help grow your business.
Do these seem more important than investing in things like remote monitoring, penetration testing, vulnerability scanning, vendor risk management, social engineering, firewall protection, or even understanding what the overall security risk situation of your company is?
If this is you, are you positive that your machines will be up and running 100% of the time, and that the confidential data behind them is safe?
But That’s Not Me…
You hear things about cybersecurity protection at conferences, or networking groups, but many of those colleagues don’t even manufacture what you do. You tell yourself, “what could they possibly know that I don’t? We are so different that they can’t possibly understand or know what I am going through.”
Some of that may be true, and they may make something very different than what you do, but their problem is the same as yours.
You rely on technology, the internet, mechanization, automation, and other technological advances. You all have the same problems that impact your different products. Because you use varying degrees of automation (and don’t make your product by hand over an anvil), you are a target.
You are susceptible to being probed or breached. You can take that probable outcome and make is less probable.
What Should I Do About It?
Taking information security seriously and building it into your business practices is a daunting task, and it can be difficult to know where to begin.
The first step is knowing where you are currently in your manufacturing environment. If you don’t know what your current cybersecurity state is, you will be spending money on things that may not make immediate improvements. You assess your current state by getting an information security risk assessment.
Risk assessments give you a baseline of your manufacturing cybersecurity situation. It looks and acts a lot like your personal credit score. The lower the score, the more prone you are to be being breached or attacked.
The higher the score, the more sophisticated and well-rounded your company’s security measures are. In addition to your score, it gives you a detailed report that you can use as a
If you work with the Department of Defense, you’ll already have to do this. And, while compliance is only a bare-minimum approach to security, an assessment is a great way to get a baseline understanding of your weaknesses and strengths and determine where to put your security efforts and dollars moving forward—while hitting your compliance requirements in the meantime.
Get an overview of how likely it is that these
For more information on how security risk assessments can help your manufacturing organization improve its cybersecurity measures and machine uptime, check out frsecure.com.