In this exclusive op-ed for The Manufacturer, Apollo Tyres’ Hizmy Hassen looks at why manufacturing must step up to meet ever-growing AI cyberthreats.
Artificial intelligence is often described as a key part of a Fourth Industrial Revolution. This may or may not be the case – time will certainly tell. But it is fundamentally changing the amount and type of cyberthreats facing manufacturing.
It is having tremendous positive impacts in our sector, such as its ability to analyse real-time data to predict maintenance needs and reduce production down-time. It can tackle repetitive and administrative tasks to free workers up to be more creative and develop new techniques. It can link sections of large manufacturing processes together to create truly collaborative working. But cybercriminals can use these functions and more to attack vulnerable IT systems. As manufacturers race to adopt AI, there is an air of naivety amongst too many companies, who are putting it closer and closer to the core of their operations, without developing the processes to guard against the cyber risk it creates.
Ransomware threats impacted 34% of UK manufacturing businesses in 2023, a figure expected to rise 42% for 2024. Over the same period, attacks on US manufacturers made up more than 25% of security incidents, with malware attacks – usually ransomware –making up the majority of those incidents. The sector needs to reinvent its approach to avoid AI becoming a cybercrime milestone around its neck.
There are several tactics firms should employ, making sure they provide ample resources and funding to see them through properly.
Evaluating the vulnerabilities AI is creating for a company needs to be a continuous process, not an occasional check. So does ensuring the latest protective tools and methods to guard against cyberattacks are in place. Assessment tools must be employed to highlight potential issues in real time and to flag up new cyberthreats or dark-web chatter that have been identified by other manufacturers or security experts. At Apollo, we also have regular, thorough third-party analysis to pick up on any potential problems that may have been missed by assessment tools. We have invested in a Cloud-Native Application Protection Platform that highlights the attack paths hackers can follow to access management, network and other parts of the business, helping us to seal off those weak points.
Zero trust
Manufacturers should have zero-trust policies on all AI interactions. It should be integral to company operations that every single user and piece of equipment has to go through rigorous, ongoing security processes before they are allowed access to sensitive information. These controls should be uniform across the business, and include the likes of behavioural biometrics and adaptive multi-factor authentication. Companies must ensure intellectual property is extremely well encrypted, too.
Company IT and operations staff should work together to ensure that all systems, from HR to cloud security, to factory-floor machinery, follow the same protocols and safeguards. AI allows all these computers and machines to communicate, so cyber-protection has to be about teamwork, not done in silos. There should be standardised frameworks, policies and collaborative processes. Regular audits and compliance checks should be carried out to ensure systems comply with the same standards, such as ISO 27001.
A cybersecurity governance team should be created, if resources allow. At Apollo, we have formed an AI ethics body to ensure company-wide responsible AI use, including the protection of personal, identifiable information and other sensitive data. AI use is an important part of our company policy too, featuring in the code of conduct and acceptable use guidelines.
It should be embedded deeply into company culture that cybersecurity is a shared responsibility. There should be regular security awareness training for all departments. At Apollo, employees in both IT and operational roles are trained to recognise cyber threats, such as phishing, social engineering, insider threats. Cross-team collaboration for IT and OT security convergence, should be the norm, with cybersecurity teams working alongside operations staff to stiffen up protections on OT environments IoT devices, and supply chain networks.
Image credit: Apollo Tyres.
Supply chain risks
Supply chains can have intricate combinations of AI systems and, therefore, numerous weak points. Manufacturers should develop in-depth understanding of their suppliers’ vulnerabilities and work with them to introduce security protocols, measures and joint security initiatives.
Apollo Tyres asks all new suppliers to fill out detailed security assessment forms covering encryption, access controls, compliance and incident response. They also need to provide the likes of Vulnerability Assessment and Penetration Testing reports, ISO27001 certificates and system and organisational control reports (SOC1 and SOC 2). We embed strict cybersecurity clauses in supplier contracts, which include breach notification , confidentiality, and guidelines on sensitive data storage handling. Manufacturers and their suppliers should have secure access controls, including zero-trust continuous verification and mutual transport layer security , before the supplier can access a company’s system.
If a cyber attack, such as ransomware, occurs, both IT and operations teams and systems should have a clear, detailed incident response plan. But they must ensure that everyone acts as a single unit, to ensure rapid, successful action. Apollo collaborates with suppliers on joint incident response planning too, ensuring vendors follow our playbooks closely. We also have simulated cyber drills, running supply chain attack simulations to test security resilience.
Both with suppliers and internally, AI can help detect and respond to threats and attacks. Next-gen security and incident management systems and managed detection and response services, such as Crowdstrike’s Falcon, use AI-driven analytics to detect anomalous behaviour, insider threats, and AI-powered cyberattacks, such as deepfake phishing. These systems can assist security teams in mitigating their effects, too. Automated incident triage correlates multiple alerts to reduce false positives and speed up attack identification. This reduces response time and alert fatigue.
AI can and will be a tremendous force for good in manufacturing. But according to IBM, the average financial hit of a cybersecurity breach has risen by 10% from 2023 to $4.9m (£3.78m), due in large part to the emergence of AI-powered malware. Cybercrime may cost the global economy $24tn (£18.51tn) by 2027. Manage AI carefully and responsibly and it may transform businesses for the better. But if manufacturers rush into implementing something their security systems aren’t fully prepared for, the manufacturing sector will go through a lot of upheaval and pain before the benefits are ever truly realised.
About the author
Hizmy Hassen is Chief Digital Officer of Apollo Tyres, one of world’s leading tyre makers. Headquartered in Gurugram, India, it exports to more than 100 countries, and has offices in London and Atlanta, and plants in the Netherlands and Hungary.
For more articles like this, visit our Industrial Data & AI channel
