Cyber security and the risk of doing nothing

Posted on 30 Nov 2016 by Tim Brown

Have you ever looked at your system and thought: “Upgrading our equipment is too expensive and likely to cause downtime. Let’s just keep it running.” Ultimately, you made a risk decision. While cyber security hasn’t been a critical risk factor until recently, it has quickly emerged as one of today’s biggest risks.

However, trying to cut corners on cyber security with dated systems unnecessarily expose plant operations to uncontrolled failures, including complete process ‘crashes’.

Find out how to implement cyber security to safeguard your industrial networks

The Manufacturer and cyber security experts, Cisco, are hosting a webinar to help manufacturers understand what new strategies and architectures are needed to ensure best-in-class cyber security.

When: Thursday, 1 December at 10am GMT

Register now. Click here.

The 2016 Cisco Annual Security Report shows that the industrial sector has some of the lowest quality cyber security infrastructure in use. Out on the factory floor, you may be working with a security Frankenstructure and aging industrial control systems that lack protection against modern cyber security threats.

Clusters of machines can be islands of vulnerability, and opening up connections on the plant floor across more sites creates even more opportunities for something to creep in.

In 2014, a German plant sustained massive damage when its blast furnace was hacked. Fortunately no injuries were reported, but the plant incurred damages in the tens of millions of dollars.

And the potential for problems continues to grow as more people, processes, and things get connected on the IoT. Gartner estimates that there will be over 20 billion connected things by 2020. More IoT connections mean more potential targets and cyber security vulnerabilities.

Manufacturing risk management often comes down to a cost and safety discussion. These costs include downtime, IP theft, counterfeiting, brand damage, personal injury, and loss of life. Furthermore, significant security attack costs must be reported on your company’s SEC filings.

“Manufacturers are increasingly being targeted not just by traditional malicious actors such as hackers and cyber-criminals, but by competing companies and nations engaged in corporate espionage. Motivations range from money and revenge to competitive advantage and strategic disruption.” – Deloitte

Here are a few cyber security steps to protect your company while embracing IoT, external connectivity, and machines as a service:

  1. Upgrade your old equipment and control systems to ensure they support the latest virus and malware protection. Until an upgrade is possible, add strict controls on legacy equipment and require purchases of new automation adhere to a much higher cyber attack standard
  2. Eliminate USB Drives – EVERYWHERE, especially on the manufacturing floor
  3. Virtualize PCs and industrial computers on the shop floor to reduce unplanned outages and increase security
  4. Implement edge compute capabilities through centrally managed industrial switching platforms
  5. Install firewall and identity management technologies to allow managing, controlling, and auditing access to your factory floor networks
  6. Partner with leading security companies – Cisco for instance employs over 5,000 people focused on cyber security
  7. Deploy platform-based solutions leveraging a secure, pre-integrated modular platform. While it’s tempting to purchase the hottest start-up’s latest security products, the costs (integration cost, vendor stability, and technology obsolescence) create a HUGE risk to your business

To go even further, register for this Thursday’s webinar (Dec 1 at 10am) with The Manufacturer and Cisco. Click here to register.