Recent Incidents

In the past two months, there have been two major incidents of Ransom ware viruses wreaking havoc across the world. In May, a ransom ware cryptoworm called WannaCry affected computer systems of government and private organizations across 150 countries including UK, Spain, India, Germany etc. It infected computers running on Microsoft Windows OS by encrypting user data, locking down the system and demanding ransom payments in Bitcoin currency.

Just recently and roughly a month after WannaCry, another ransom ware attack called GoldenEye crippled organizations across United States of America, Russia, India, Ukraine, Australia and many more. The worst affected were a US based snack manufacturer, a pharmaceutical giant, and a law firm, a Russia-based energy organization, a steel manufacturer, and a financial institution, a UK based advertising agency, a French construction company, and a Denmark-based shipping giant etc. The ransom ware locked computers and demanded $300 as a ransom amount to free affected systems.

Both these attacks were a jolt out of the blue. In many of the affected organizations, production stopped completely incurring huge financial losses. Some organizations managed to mitigate the risk and run their production units partially. Even the Chernobyl Nuclear Power Plant was not spared and its automated radiation monitoring systems went for a complete toss leading them to monitor it manually.

So in the age of advanced technology, connected environment and Internet of Things (IOT), how could the ransom ware manage to penetrate tight cyber defenses of private and government organizations, disrupt their day-to-day tasks and bring them down like a pack of cards? The answer is, they might have ignored previous warnings and never re-looked/upgraded  their cyber security defenses.

But why would someone attack these organizations specially manufacturers?

Basics first, manufacturing is the financial backbone of any country and determines its health. Crippling the manufacturing industry cripples an entire nation. Considering that manufacturers are increasingly leaning towards connected manufacturing setup with the help of ERP/MRP software, Machine Monitoring and Manufacturing Execution systems, it has become much easier for hackers to exploit the vulnerabilities in their cyber security systems and steal critical data such as customer details, proprietary manufacturing techniques, product warehouse locations, shipment details, personnel details and much more.

Causes

Most of the cyber attacks happen when a vulnerability is detected in the cyber security system. These vulnerabilities occur when the systems are not updated to the latest technology, or when manufacturing systems are not fully integrated with each other opening up loopholes to be exploited by hackers. Also, there are lot of instances when employees unknowingly feed malware into the system through unauthorized pen-drives, hard-drives to transfer information that are virus-ridden and unknown to its owner. Most of the times, these are devices that a personnel found somewhere and wanted to access it for personal use.

Also, more than the external threats, the commitment from the manufacturing organization plays a crucial role. The initial investment in cyber security systems are huge, and most of the times, the organization just settles with the default IT security frameworks and installations as the focus is more on shop-floor safety and continuous production.  

Consequences

The consequences of a cyber attack can be disastrous and unpredictable. Most of these attacks are not detected early on but after a certain period of time, say months or when a terrible mishap happens on the shop floor.

Imagine a situation where a cyber attack is aimed at crippling end-to-end production on a manufacturing site. It can happen that a controller has gone faulty due to the attack and a robotic arm attached to a specific machine can maim or kill a personnel by accident. This will result in the entire plant being shut-down for days or even months together. Most of the time would be spent in identifying what led to the attack and take post-incident measures to bring the plant back online. Till then, the virus would have created havoc across the entire manufacturing unit and even branch subsidiaries connected with each other.

The scenarios are many, from targeting databases that hold customer, vendor and most importantly financial & asset information about the company. Imagine these falling in the wrong hands. The manufacturer would lose his hard-built reputation in the market, his stocks would plummet, customers and vendors will shy away, and profits/bottom-line would be hit beyond repair.

Preventive measures

The first prevention is not to assume, “We are not/or cannot become cyber attack targets”. Considering the extent of automation and computerization in manufacturing, a manufacturer is an easy target as compared to a financial or IT organization.  

So what can a manufacturer do to prevent these?

Set up a IT Vigilance Cell: This department can be responsible to formulate IT security policies, security-check procedures, mitigation strategies, and strict disciplinary practices pertaining to cyber security in the manufacturing environment.

Conduct regular penetration tests: Technology changes every day and so does the threat levels. Hackers are always up-in-arms to detect a vulnerability in a technology and exploit it to the fullest. Therefore, it is mandatory to conduct regular penetration tests and discover potential gaps in the system and patch it.

Set up multi-level authentication: Following the security measures taken by financial institutions, manufacturers can setup multi-level security during login and prevent phishing and malware attacks.

Limit external devices: Most of the times, a malware enters the manufacturing system through external drives. Limiting their usage in the premises or setting up a scan-center helps prevent such nature of attacks greatly.  

Training Employees: Adequate training to employees regarding various types of cyber attacks and preventive measures helps reduce the extent or possibility of a cyber attack by almost 70%. Most of the phishing attacks happen when a personnel clicks on a seemingly innocent but notorious email thereby paralyzing the entire network.

Conclusion

Cyber Security should be given an equal importance in a manufacturing setup. A single attack has the capability of wiping out everything that manufacturing organizations have toiled over the years to build. Being alert, constant knowledge updates and pro-active measures reduces vulnerabilities and prevents attacks to a great extent. By implementing necessary measures, you not only have a peace of mind but also ensure that you grow with technology and not be alienated from it which a cyber-attack is capable to do so.

Prevention is better than Cure – Desiderius Erasmus