Cyber crime

Posted on 21 Sep 2011 by The Manufacturer

Just a few days ago Mitsubishi Heavy Industries, Japan’s largest defence contractor, suffered a significant attack on its IT infrastructure leading to security breaches. Jane Gray asks if manufacturers are really ware of the dangerous exposure attacks on IT can lead to.

The attack on Mitsubishi was made public on Monday this week when the company admitted that 45 servers and 38 PCs in Japan had become infected with malware.

IT systems supporting Mitsubishi’s business in nuclear and missile guidance systems were targeted i the attack and a spokesman from Mitsubishi stated that the assault was the most serious the company had ever experienced.

The hackers that broke into the Mitsubishi infrastructure planted eight different types of malware, including so called Trojan viruses and certainly succeeded in obtaining IP addresses. It is not yet completely clear what other information might have been extracted.

This kind of attack on the defence manufacturers is far from original. Earlier this year Lockheed Martin suffered a similar breach – an attack conducted in a worrying domino effect, using information taken from RSA Security in a previous incident.

Every time an event like this happens there seems to be a panic-stricken review of IT security at firms in similar markets. It is all too similar to the approach to disaster recovery after a natural disaster hits. Companies hurriedly put money behind disaster recovery, business continuity and supply chain strategies which had previously been sidelined as an unnecessary cost. The pressure of the present always bearing down more heavily than the need to protect against unforeseen scenarios.

This approach is understandable – but the unfortunate fact of business in an IT enabled world – is that the security of your virtual business is at risk far more consistently than you physical operations. And the effects of loosing core information, IP and transactional data might well be crippling.

I am not an IT expert. And nor are many engineering and manufacturing professionals. But lack of expertise should not make us reluctant to deal with the virtual security of our business with the same rigour as we would put into the physical security of capital equipment, products, plant and employees.

Just as there are strategies that can be put in place to mitigate the risk of damage or loss to these assets, there are strategies for best practice, employee behavior and reporting that can be built to mitigate the risk of IT vulnerability.

Threats exist to IT security from both without and within and it is important, no matter what you sector (this is not just an issue for defence companies) to understand them. This is the very subject to be tackled by TMs IT editor Malcolm Wheatley in the October issue of the magazine. I urge readers to take a look at his insights.

TM October will be available soon – follow us on Twitter @TheManufacturer to be notified exactly when it rolls off the press!