Manufacturing-Defenses-Against-Cyberteurs

The term saboteur is a bit of an urban myth, originally used as a way to describe French workers who would throw wooden shoes (sabots) into gears of machines to ruin them. In actuality, these workers used the noise of the loud wooden shoes to disrupt working conditions. Despite the misnomer, saboteur is a term that still exists today, and history is replete with examples of sabotage that have impacted manufacturing organizations.

I would argue that a variant on the modern-day saboteur could more appropriately be redefined as a “cyberteur” — one who does damage, steals trade secrets, or ransoms your enterprise maliciously using cyber-attacks.

In modern times, we’ve seen physical assets targeted by cyberteurs.

Cyberteurs

You may be familiar with some stories of production lines like the 1972 Chevy Vega line that was internally sabotaged by workers who complained about the production line being too fast.

More recent examples include Elon Musk and the leaking of proprietary data to outside competitors, or the physical damage done to a German steel plant by hackers who sabotaged the plant through a very sophisticated phishing attack.

And now it’s not just machine downtime manufacturers need to be concerned with. Data centers all over the globe are vulnerable through attacks on manufacturers.

We recently saw an attack on a foreign chip manufacturer who makes computer boards for Amazon Web Services in a facility in China. After a while, AWS realized that tiny computer chip fractions the size of a grain of rice had been added to the boards and had been placed into servers that would be installed in 30 or so companies— including some United States Department of Defense data centers. This chip would ultimately have enabled attackers to access a backdoor into the network and potentially gain access to anything they could.

How This Impacts Your Manufacturing Business

The Amazon Web Services story is an extreme example of a sophisticated attack and it’s likely that your company isn’t the target of this comprehensive an attack. Still, it should teach you something that is critical to the longevity of your company. Take information security/cybersecurity seriously.

A damaging attack could impact the technological backbone of your company, warehousing, supply chain, or any back-office function. A loss of production controls could create machine downtime that would prevent you from manufacturing— or perhaps cause you to make the parts incorrectly, which could be incredibly dangerous.

Breaches and ransom attacks are often quick, quiet, and can easily go undetected until it’s too late and damage is done. These attacks can be just as effective as physical ones, but rather than physically shutting down an assembly line or destroying raw materials, the attacks will cripple the machines, hold them ransom, destroy their data, or completely incapacitate machinery over time.

Need More?

Still not convinced that cybersecurity is a crucial component to your manufacturing business?

Let’s assume that you are a manufacturer of a part that helps make up the hottest gizmo in the marketplace. Your critical component is only manufactured by you and is vital to the success of the product. Now, let’s also assume that you are like many manufacturers who focus more on the capabilities of your manufacturing plant than the computer network that supports it. Assume, too, that you are like many business owners in manufacturing who would rather buy a new piece of equipment, hire more employees, and pursue automation to help grow your business than invest in things like remote monitoring, penetration testing, vulnerability scanning, vendor risk management, social engineering, firewall protection, or even understanding what the overall security risk situation of your company is.

If this is you, are you positive that your machines will be up and running 100% of the time, and that the confidential data behind them is safe?

But That’s Not Me…

You hear things about cybersecurity protection at conferences, or networking groups, but many of those colleagues don’t even manufacture what you do. You tell yourself, “what could they possibly know that I don’t? We are so different that they can’t possibly understand or know what I am going through.”

Some of that may be true, and they may make something very different than what you do, but their problem is the same as yours. You rely on technology, the internet, mechanization, automation, and other technological advances. You all have the same problems that impact your different products. Because you use varying degrees of automation (and don’t make your product by hand over an anvil), you are a target. You are susceptible to being probed or breached. You can take that probable outcome and make is less probable.

What Should I Do About It?

Taking information security seriously and building it into your business practices is a daunting task, and it can be difficult to know where to begin.

The first step is knowing where you are currently in your manufacturing environment. If you don’t know what your current cybersecurity state is, you will be spending money on things that may not make immediate improvements. You assess your current state by getting a FISASCORE.

FISASCORE is a baseline assessment of your cybersecurity situation. It looks and acts a lot like your personal credit score. The lower the score, the more prone you are to be being breached or attacked. The higher the score, the more sophisticated and well-rounded your company’s security measures are. In addition to your score, it gives you a detailed report that you can use as a roadmap to increase your information security program and measures over time.

So, start with an assessment.

Get an overview of how likely it is that these cyberteurs will get ahold of your machines and/or the data they hold. Your business depends on it.

For more information on how FISASCORE can help your manufacturing organization improve its cybersecurity measures and machine uptime, check out frsecure.com.

fisascore-information-security-risk-assessment

Jim Nash on EmailJim Nash on Linkedin
Jim Nash
Chief Storyteller at FRSecure
Jim's experiences in both politics and the InfoSec industry have cultivated him into a strong and animated communicator that has the ability to crystallize difficult concepts into digestible ideas. These skills and experiences have morphed him into a cybersecurity and information security evangelist, focusing on publicizing the need for organizations to make cyber threats a business liability and not just an IT problem.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *