Getty Images
Cybersecurity 5e7cc74c6fbc9 5e8388b5341d1

With Opportunity Comes Vulnerability

March 31, 2020
As the IIoT creates highly complex networks, manufacturers face far more cybersecurity risk.

Spear-phishing. Drive-by downloads. Watering hole attacks. Wrappers. The language may be captivating and even amusing, but the reality it represents is not so alluring. While the novel coronavirus has introduced fresh concerns for manufacturers, cyber threats have never gone away. And as bad guys become more cunning, manufacturers must scramble to stay ahead of them even as they navigate new public health and economic uncertainties.

Why has the threat of cyber terrorism risen dramatically in recent years? A key reason is that the successful convergence of information technology and operations technology – so critical to reaping the rewards of Industry 4.0 – has also opened the back door to cybercriminals. A new report, Securing Critical Operational Technology in Manufacturing, by the Manufacturers Alliance (MAPI) and cybersecurity firm Fortinet found that operational technology security at large manufacturers is considered a top-five business risk, yet there remains high variability in corporate security practices and capabilities, including activities for monitoring and responding. 

It’s worth a brief review of the evolution of cyber terrorism. A few years back, former CIA and National Security Agency chief Mike Hayden warned our members that the risk to manufacturers was diversifying and escalating quickly. First-generation cyberattacks had involved the theft of personal identities and money. But enhanced connectivity on shop floors around the world changed the profile of the bad guys. Second-generation thieves started targeting companies’ intellectual property (IP) so they could either make counterfeit products, sell the information, or use the IP to jump-start their own designs. Next, rogue nation-states like North Korea, Iran, and Russia found success in disrupting not just political processes but individual businesses in other countries. Finally, perhaps most dangerous of all because of the difficulty in tracking them down, individual hacktivists emerged, dedicated to creating chaos in government and business systems around the world. 

And now manufacturers are more vulnerable than ever. As the Industrial Internet of Things creates highly complex networks, manufacturers are exposed to a far greater variety of risks.  Not only are their internal systems now connecting outside the factory walls with assets not designed for data connectivity, the so-called “attack surface” continues to grow exponentially with the growth in the wireless transfer of data, third-party access, and interconnected supply chains.

The study found rapidly changing attitudes and approaches to this business menace. For example, a majority of companies told us that over the past 12 months, they faced at least one specific security incident that resulted in unauthorized access to data – a sizable jump from just a few years ago. For those who experienced a breach, the most commonly reported setback was operational outages affecting productivity.

Manufacturers’ incidence levels aren’t the only thing inflating. As IT and OT converge and the attack surface expands, cloud, IoT, email, mobile devices, and thumb drives rank highest among OT exposures to cyber risk recognized as falling outside of the firewall. Our research shows that phishing and malware, and to a somewhat lesser degree spyware, remain the most common forms of attacks outside the firewall. But our survey also found increased concern in recent years over the growing number of advanced tactics used by cyber terrorists. These include, in order of perceived threat level: mobile security breaches; insider breaches (through carelessness, well-intentioned actors, or bad actors); SQL injection (executing malicious statements in SQL programming code); Man-in-the-Middle (MITM) attacks on communications; Distributed Denial-of-Service (DDoS) disruptions; and Zero-Day attacks on unknown or unaddressed software vulnerabilities. 

Stephen Gold is president and CEO of MAPI, the Manufacturers Alliance for Productivity and Innovation.

About the Author

Stephen Gold

President and Chief Executive Officer, MAPI

Previously, Gold served as senior vice president of operations for the National Electrical Manufacturers Association (NEMA) where he provided management oversight of the trade association’s 50 business units, member recruitment and retention, international operations, business development, and meeting planning. In addition, he was the staff lead for the Board-level Section Affairs Committee and Strategic Initiatives Committee.

Gold has an extensive background in business-related organizations and has represented U.S. manufacturers for much of his career. Prior to his work at NEMA, Gold spent five years at the National Association of Manufacturers (NAM), serving as vice president of allied associations and executive director of the Council of Manufacturing Associations. During his tenure he helped launch NAM’s Campaign for the Future of U.S. Manufacturing and served as executive director of the Coalition for the Future of U.S. Manufacturing.

Before joining NAM, Gold practiced law in Washington, D.C., at the former firm of Collier Shannon Scott, where he specialized in regulatory law, working in the consumer product safety practice group and on energy and environmental issues in the government relations practice group.

Gold has also served as associate director/communications director at the Tax Foundation in Washington and as director of public policy at Citizens for a Sound Economy, a free-market advocacy group. He began his career in Washington as a lobbyist for the Grocery Manufacturers of America and in the 1980s served in the communications department of Chief Justice Warren Burger’s Commission on the Bicentennial of the U.S. Constitution.

Gold holds a Juris Doctor (cum laude) from George Mason University School of Law, a master of arts degree in history from George Washington University, and a bachelor of science degree (magna cum laude) in history from Arizona State University. He is a Certified Association Executive (CAE).

Sponsored Recommendations

Free Webinar: ISO 45001 – A Commitment to Occupational Health, Safety & Personal Wellness

May 30, 2024
Secure a safer and more productive workplace using proven Management Systems ISO 45001 and ISO 45003.

ISO 45003 – Psychological Health and Safety at Work

May 30, 2024
ISO 45003 offers a comprehensive framework to expand your existing occupational health and safety program, helping you mitigate psychosocial risks and promote overall employee...

DH Pace, national door and dock provider, reduces TRIR and claims with EHS solution

May 29, 2024
Find out how DH Pace moved from paper/email/excel to an EHS platform, changing their culture. They reduced TRIR from 4.8 to 1.46 and improved their ability to bid on and win contracts...

Case Study: Improve TRIR from 4+ to 1 with EHS Solution and Safety Training

May 29, 2024
Safety training and EHS solutions improve TRIR for Complete Mechanical Services, leading to increased business. Moving incidents, training, and other EHS procedures into the digital...

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!