Digital transformations are notoriously difficult for small and medium-sized manufacturers (SMMs). SMMs need to meet production goals, recruit and retain talent, and reduce risks in their supply chains all while trying to adapt to an evolving technological landscape. Fortunately, Industry 4.0 is gaining momentum to address these challenges by providing pathways to efficiencies, innovation and growth. As a result, more manufacturers are investing in automation and equipment monitoring.
Industry 4.0 may be revolutionary for SMMs; however, it is not a panacea for all the challenges facing 21st century manufacturers. Like any new technology, Industry 4.0 introduces new vulnerabilities. Connectivity is great, but the cost of protecting critical systems and data cannot be an afterthought. Cybersecurity should be one of the first things to consider with any technology investment.
Physical security is not an afterthought – manufacturers secure their facilities from intruders. They would be wise to do the same for their operational technology (OT), data and connectivity. After all, manufacturing is the most targeted industry for cybersecurity attacks.
Read on to learn how manufacturers can approach the additional vulnerabilities that come with Industry 4.0 and the interconnectivity it provides.
Industry 4.0 means new cybersecurity challenges with OT
Industry 4.0 is all about leveraging connectivity and data, bridging gaps so that traditional IT systems can exchange information with OT. The boundaries between these areas have almost disappeared. While cybersecurity used to be primarily concerned with IT, manufacturers must be more diligent in securing their OT and its many access points. A breach in OT can interrupt the manufacturing process or impact product quality. It can cause companywide disruption in other departments like shipping and billing or endanger sensitive company information.
Many SMMs rely on machines that operate with customized software. However, these systems may not work with current cybersecurity techniques or may unintentionally introduce vulnerabilities. SMMs may not keep software updated or patched to address newly discovered vulnerabilities. It’s also not unusual for manufacturers to have legacy or specialty machines connected to old computers with operating systems and software that are no longer supported.
When dealing with OT cybersecurity, be sure to account for backups of OT configurations and data needed to restore systems, all with secure encryption. Also keep in mind that new regulations and compliance may present vulnerabilities. Some initiatives involve OT monitoring of energy usage and carbon emissions to avoid costs and penalties. These OT-based sensors and controls create a vulnerability to a cyber attack.
AI is the latest example of how Industry 4.0 brings vulnerabilities
New Industry 4.0 technologies will continue to benefit advanced manufacturing – artificial intelligence (AI) is the latest example. AI could help secure OT systems by quickly sifting through security data to identify threats and attacks. It also could help analysts monitor systems and conduct forensic investigations.
But like other technologies, AI represents a new risk and introduces cybersecurity vulnerabilities, including some we may not even be aware of. Hackers more than doubled their AI-powered ransomware attacks between August 2022 and July 2023. Ransomware is the most popular avenue for attacks against manufacturers. It is safe to assume bad actors already are using generative AI.
Create a cybersecurity-aware culture so employees understand threats
Operators should have a full understanding of why cybersecurity controls such as passwords or multifactor authentication are necessary when they engage with a machine. They should also know what types of information can be stolen, such as intellectual property, quality controls, and sensitive business information in contracts.
Cybersecurity is not an inconvenience. Manufacturers can create a cybersecurity-aware culture by starting with two primary vehicles:
- Annual risk assessment: When a company understands the risks they are accepting, it positions itself to establish procedures or actions to minimize risk.
- Cybersecurity awareness and training program: Employees should know which behaviors are appropriate, how to identify suspicious activity, and how to react if they see a problem.
With remote access and so many additional data connections in our Industry 4.0 landscape, it is increasingly important to train employees on how to recognize social engineering. Social engineering refers to the tactics of manipulating, influencing, or deceiving a victim to gain control over a computer system, or to steal sensitive company information. Hackers have been known to pose as suppliers and vendors to gain access or penetrate systems.
Manufacturers should be clear with their cloud computing and other providers about whose responsibility it is to back up data and protect sensitive information.
Securing data and connections in Industry 4.0
Industry 4.0, with all its connectivity and data, is a powerful approach to helping manufacturing processes, products and people. This is why cybersecurity has to be top of mind any time a manufacturer makes an investment in technology. Just as manufacturers secure a building, they should take steps to secure their connections and information. For more information on cybersecurity and Industry 4.0, contact us today.
______
ITAC is the NYC chapter of the Manufacturing Extension Partnership (MEP) network, affiliated with the National Institute of Standards and Technology (NIST). These non-profit organizations deliver technical, consulting, and workforce development services to small and medium-sized businesses in the manufacturing community.
The insight for this article originated from NIST MEP.
