The 2016 report “Cyber risk in advanced manufacturing” from Deloitte and MAPI makes sobering reading for anyone tasked with managing a manufacturing operation. However, the good news is that modern industrial control systems are considerably easier to secure than their predecessors.
The report follows a survey of more than 200 manufacturing enterprises, of which 40% reported they were affected by cyber incidents in the preceding 12 months. In financial terms, 36% of these incidents resulted in damages of $1 million or less, but 38% led to damages in excess of $1 million.
One of the key findings of the report is that the greatest threat exists with legacy industrial control systems, particularly in the light of the difficulty of adding cyber security solutions to these existing assets. The reluctance to upgrade, it seems, stems from the fear of production disruption or aversion to the high costs associated with upgrade projects (or both).
Historically, the information flowing through some of the more antiquated industrial control systems has been protected (almost by accident) by the sheer volume of data involved.
This information density has made it difficult for hackers to isolate individual data streams and thereby make any kind of incursion into the system. However, the report concludes that it is only a matter of time before a determined hacker is able to unravel these data streams.
The report is also scathing on the subject of air-gapping – the traditional security measure of choice for many manufacturers.
Air-gapping is the practice whereby the industrial control system is prevented from connecting to the enterprise network, third parties, or the Internet by means of a physical or logical barrier. However, there have been numerous cases where supposedly air-gapped systems have fallen victim to cyber attack through the connection of portable storage media, via wireless access points, or through low-priority systems (such as HVAC) that have been overlooked and are actually connected to the outside world.
Air-gapping a production facility can also have a damaging effect on productivity as barriers to the free-flow of critical information are deliberately erected. And with the “Industry 4.0” paradigm dictating ever increasing number of devices involved in the production process are connected to each other and the outside world, manufacturers rigidly enforcing air-gap policies risk being left behind.
The report concludes that there are clear cost advantages in upgrading to new shop floor systems that are much easier to understand and are much more standardised.
Australia’s Number 1 Manufacturing & Industrial Equipment Magazine & Directory