Manufacturing Cyber Resilience
Date: Friday, April 20, 2018
Cyber Security has drawn a lot of attention in recent years but many businesses can start protecting themselves starting with simple principles and not necessarily detailed network architectures.
What is Cyber Security?
Cyber security used to mean protecting against unauthorised use of data, but as we adopt more connected devices and digitise more processes in industry we have to expand the focus beyond this to include misappropriation and corruption of hardware and software. We are concerned with losing customer data, accounting records, product design, communications as well as having machinery or processes hijacked.
Media attention often focuses on data theft with a reported 2.6 million data records stolen annually. However of the reported breaches the majority (37%) were against the Healthcare sector. Industrial targets only make up 3% of data records compromised.
However this does not mean the manufacturing industry is safe as that figure is only for reported breaches, and only applies to data theft. It is important to remember the majority of hacks generally go undetected for over 200 days. The sectors reporting the highest incidences are generally in the most conspicuous and regulated fields dealing with individual personal data.
What should I consider for my business?
Theft: Loosing customer data, accounting records, product design and confidential information.
Industrial Espionage: If your supply chain contains large-scale projects and businesses, you may be the weak link and easiest way to obtain data or designs of others.
Employee theft: Threats can include theft of customer lists, order books or financial records from outgoing employees to name a few. This threat highlights the need for control and managing access roles within your own company.
Cyber Vandals: Some attackers simply wish to demonstrate their own technical prowess, be it a hijacked website or a denial of service attack. Political Activist are increasingly recognising that cyber-attacks can be more effective at disrupting activates, than traditional protests.
Business Interruption and Ransomware: The WannaCry ransomware attack was a disaster for the NHS and countless other organisation. This didn’t focus on stealing data rather it encrypted files and drives on targets system, making them inaccessible, if you want them back you have to pay the ransom.
Virus: Malicious software can find its way onto a system through compromised websites, false email links or attachments, third party sources or use of contaminated devices pens. Recent research at the University of Liverpool has even proven the concept of WiFi viruses. A virus can erase data, make system unusable or hijack them to work as “bots” in some cases without realising it your computer can be used to hack systems as part of a distributed attack. You lose data, your privacy and your network.
How vulnerable is your business to such threats?
Cyber security is as much about behaviour and process as it is about equipment or design. Firewalls, automatic software updates and anti-virus software go a long way in helping but good working practices and education can do just as much.
- Is your hardware and software still supported?
- Are you updating regularly?
- When was the last time your routers, switches and firewalls had a firmware update?
- Are you using group policies well?
- Do you have a strong alphanumeric password convention?
- Who holds admin credentials, server logins, firewall passwords, firewall settings?
- Does your team move data on pen drives?
- Who has remote desktop access and to what?
- How will you know if you are or have been the subject of a remote attack?
- What do you back up, when and how long do you keep archives and where
- Do you have a cyber security policy & risk assessment?
- Do your employees receive a cyber security training?
What are the opportunities to take advantage of your vulnerability?
If you have an older computer with no antivirus, browse the internet and send emails in a public space that would be a big risk as you are open to opportunists. If that same computer is standalone with no interface or network ports, operating a 20 year old machine tool, there will be very little opportunity for vulnerabilities to be exploited.
How would the perpetrator profit from exploiting your business?
Many manufactures worry about networked machine tools being hacked. However if the tools are only logging their status and cannot be shut down or controlled over the network then the risk is smaller than a network dependent system that could be the target of a ransomware attack or virus.
What can I do to protect my business, reduce my vulnerability and ensure infiltrations are quickly detected?
Consider the environment, look for hazards, put controls in place to reduce risks, consider different working practices where possible, review their effectiveness and repeat.
What is Cyber Resilience?
It’s the combination of cyber security, business continuity and disaster recovery. In reality we need to plan for how businesses will continue in the event of a cyber security incident and in the worst case scenario, how the business will recover. This will be the focus of our next article and the core principle of the VEC’s workshop. Protect, Endure and Recover.
The Virtual Engineering Centre will be hosting a free event on Manufacturing Cyber Resilience later in the summer. We will be providing free onsite advice and helping Manufacturing and Engineering firms develop not just a cyber-security plan, but a cyber-resilience plan.
For more information on this workshop, please contact Andrew Borland: A.Borland@liverpool.ac.uk or call 01925 864 857.