Does more need to be done for cyber security?

22 November 2021

Claire Price discusses the current cyber security risks and what the manufacturing and engineering sectors can do to keep their new systems safe?

The digitalisation revolution allows the flow of data throughout a business and its operations, integrating production with business processes and introducing artificial intelligence, cloud computing and augmented reality into the workplace.

By introducing ‘smart’ manufacturing, factories and warehouses into their operations, businesses are gaining unparalleled visibility and control over supply chains, machinery and facilities. With real-time data collected across the business and supply chain, businesses can better understand their operations and analyse and improve performance and maintenance.

But this greater connectivity opens manufacturing and engineering businesses up to novel threats when it comes to cyber security. 

Manufacturers and engineers today are more vulnerable to malware, denial of service, device hacking and exploitation. This could result in the loss of intellectual data, a damaging amount of downtime, product sabotage and even threats to health & safety if equipment is hacked and control lost.

These threats have increased with Industry 4.0. With the new emphasis on the transparent flow of data, factory floors and equipment can no longer work in isolation, cut off from the main network. The fact that everything is linked, and more people and systems have access to that network, is opening up multiple gateways to cyber criminals. Mobile devices are also becoming more common, which can be difficult to protect and keep on top of security updates. 

In 2016, nearly half of manufacturers in the Deloitte-MAPI survey were already saying that they were using mobile apps for connected products, a figure that is likely to have grown.

Digital transformations are also often done piecemeal, meaning that old systems exist alongside the new with varying levels of security and vulnerability. Combined with the slow installation of upgrades or patches across a network, this creates another challenge for businesses – and another opportunity for criminals.

Improving cyber security 
The manufacturing and engineering sectors need to adopt a holistic approach which integrates cyber security into every aspect of their business, creating a culture of security.

Key considerations when thinking about cyber security for Industry 4.0 include:
• How you can ensure the integrity of your systems and information
• The protection of sensitive information throughout the data life cycle
• The recovery process of critical systems and how to minimise the effects of an incident

To start, you must first assess your risk.

To protect a smart network from cyber criminals it is first necessary to identify possible risks and their likelihood of occurring.

A comprehensive risk assessment should be carried out which must consider the organisation, its suppliers and its technology. Assess how secure the industrial control systems are (ICS), how and where sensitive data is stored, the vulnerabilities of the supply chain and who has access to the system. Also look carefully at what systems control or are linked to physical processes and what may happen if they get disrupted.

Once the risks are known it is possible to begin to develop ways to mitigate or remove these risks.

Hardening systems
‘Hardening’ systems will help to reduce the risk of cyber threats. This includes:
• The installation of firewalls
• The creation of processes to install patches
• The installation of real-time intrusion detection or threat intelligence
• Encryption
• Access and identity management (physical and digital)
• Regular back-ups
• The segmentation of systems

Creating a disaster recovery plan or business continuity plan can also help increase an organisation’s resilience by ensuring it is ready deal with an incident and detail the steps needed to return to normal.

Staying vigilant
Ongoing vigilance is key and should be undertaken by both workers and technology. Monitoring of our networks, personnel and the environment should be continuous to pick up on threats as quickly as possible.

To aid vigilance, workers need to be trained. Cyber security awareness training should be carried out regularly, especially if new technology is introduced or novel threats emerge. 
Also seek to ensure that suppliers or any other organisations connected to your systems commit to regular audits and the installation of software patches as soon as they become available.

A culture of security
To create a security-first approach that integrates information security throughout an organisation, it is a good idea to implement a comprehensive information security management system, such as ISO 27001, which includes processes for physical, digital and legal risks. 

ISO 27001’s 114 controls have been developed to help implement best-practice processes when it comes to integrating security into personnel, leadership and digital and physical assets. These processes include access control, operations security, system acquisition and maintenance, supplier relationships and incident management, giving the framework necessary to build a true culture of security within a manufacturing or engineering business.

The Standard can also be extended with additional codes of practice to tailor it to an organisation’s needs. ISO 27017, for example, provides additional controls that cover information security for cloud services, while ISO 27018 tackles the protection of personally identifiable information kept in a cloud.

Whether a management system is employed or not, it remains important to create an integrated defence strategy so that your security is as consistent as possible both within and without your business.

Claire Price is content marketing executive at QMS International.

Contact Details and Archive...

Related Articles...

Additional Information...

Print this page | E-mail this page