Today’s manufacturing industry faces an aging industrial machinery infrastructure that presents huge security challenges poised for continued growth in the coming months and years. Increasingly, manufacturers are beginning to view data security as a top barrier to realizing the value of the Internet of Everything (IoE). In fact, the steady growth of the IoE is creating efficiencies and cost savings across the entire value chain, presenting a $3.9 trillion value opportunity for manufacturers. However, this exponential growth of connections and integration between people, processes, data, and things also presents added security risks and threats that are often complex and multifaceted.
Here are a few of the implications and impacts of security breaches for manufacturers:
- Theft or Loss of proprietary or confidential information and intellectual property
- Downtime in factories and lost productivity – potentially very severe
- Violation of regulatory requirements
- Loss of public confidence and brand
- Economic loss
- Impact on national security
According to Symantec, the manufacturing business sector was the most targeted in 2013, accounting for 24% of all targeted attacks. Of those attacks, industrial networks topped the list of systems most vulnerable to cybersecurity issues. Additionally, the number of attacks on industrial supervisory control and data acquisition (SCADA) systems doubled from 2013 to 2014. Unfortunately for manufacturers, 91% of breaches took just hours or less to perpetrate, yet more than 60% of attacks took months – or even years – to detect. This considerable gap gives cyber attackers plenty of opportunities to access a manufacturer’s trade secrets and sensitive production data.
“How were these security breaches possible?” One might ask. Ultimately, the lack of protection is a direct result of a legacy, one-dimensional security system. Many of today’s manufacturers have no mechanisms to check authorizations or ensure data integrity and confidentiality. Some lack disciplined processes for consistent security policy implementation across all servers, software patching and antivirus protection. Some even have no firewalls or DMZ’s between the factory operational domains and IT domains. In addition, many manufacturers are now evolving to integrate and deploy converged IT and operational technology networks, predictive maintenance tools, machine systems, plant-floor mobile applications, and cloud-based services. It’s become crucial that manufacturers harness the benefits of the analytics and real time visibility those deployments create and take a holistic approach with these efforts; one that facilitates a business-driven security blueprint and strategy that serves as an effective defense for the entire manufacturing value chain.
Cisco’s Connected Factory provides manufacturers with the ability to address the specific security risks of IoE deployments from a holistic perspective. The result is a solution that transforms diverse manufacturing processes into a unified, tightly integrated, and secure communication system, linking infrastructure, machines, processes and people. With the solution, you can:
- Securely access machine data on the plant floor, aggregate it, and apply data-analytic algorithms to determine optimal operations and supply chain actions – improving efficiencies and reducing costs
- Share intellectual property securely with global employees, partners, and vendor ecosystems, helping scale expert resources
- Mitigate risk with a security posture assessment capability that ensures policy compliance, operating system updates, and software patch deployments
- Securely and remotely troubleshoot machines and issues including for new product introductions
Security concerns grow with new threats and as manufacturers converge the traditional boundaries between IT and operational technology systems and organizational silos. The piecemeal product or technology-driven security strategy is no longer effective. A holistic defense in depth approach to IT and operational-technology data security is required to effectively prevent, detect, and mitigate security threats to company intellectual property, capital assets, productivity, reputation, and privacy.