Featured Image

Manufacturing is Under Attack

Many in our industry are aware of the recent cyberattacks on Colonial Pipeline and JBS Foods. Both situations were ransomware attacks where the “bad actors” took control of all, or part, of the businesses’ computing resources until the ransom was paid.
Jul 29, 2021

Many in our industry are aware of the recent cyberattacks on Colonial Pipeline and JBS Foods. Both situations were ransomware attacks where the “bad actors” took control of all, or part, of the businesses’ computing resources until the ransom was paid. In these cases, the ransom was $5 million and $11 million each – not insignificant amounts. While such attacks are devasting to a company, this type of attack is especially cruel since there are no guarantees that anything will be restored by the attackers after receiving the ransom.

While these attacks were prominently reported in the news media, they represent only the very tip of a much broader issue for manufacturing operations – actually, a much broader issue for all companies, government agencies, and individuals. Historically, the largest network security issue for most manufacturing operations was the introduction and propagation of computer viruses in production equipment. Broader security issues were relegated to the IT (information technology) department, where significant resources were expended to protect business systems from a wide array of security threats. Generally, manufacturing networks received nominal IT support other than the IT department’s best efforts in isolating the manufacturing network from the balance of the company’s systems. 

With the evolution and growth of digital manufacturing technology, this situation is changing. Manufacturing network systems are becoming as advanced as the IT networks found in other parts of the business. These networks involve many of the same computing technologies and numbers of connections – and in many cases more connections – as traditional IT networks. As these networks grow in complexity, they also become subject to the same security threats found in other parts of the business. 

While IT networks and digital manufacturing networks share many of the same technologies and consequently the same risks, there are significant differences in these two network environments which dictate that traditional IT network policies, procedures, and security implementations cannot easily be applied to manufacturing networks. To differentiate between these two network environments, manufacturing networks are designated as OT (operational technology) networks. 

The two biggest differences between IT and OT networks are (1) the age of equipment and other technologies connected to these networks and (2) the different operational characteristics of manufacturing systems. Typically, 20%-25% of the equipment connected to an IT network is replaced or upgraded every year – meaning most equipment on those networks is less than four to five years old. For manufacturing equipment, typically only 3%-4% of equipment is replaced annually – meaning it is not uncommon to find 20-to-30-year-old equipment connected to an OT network. Many of the security technologies applied in an IT network are incompatible with much of the equipment in the manufacturing environment. Additionally, normal IT security procedures, such as software updates, reboots, password changes, logon/logoff policies, etc., are generally not compatible with the operation of many manufacturing systems. 

Solutions for protecting manufacturing equipment from cybersecurity threats are evolving, but many of the current solutions are not ideal. AMT is undertaking a project to identify key factors associated with OT network security and related topics to be addressed in support of the growth of digital manufacturing. The outputs of this project are intended to raise awareness of cybersecurity threats to the manufacturing environment, identify resources to assist companies in addressing cybersecurity threats, and foster increased collaboration between equipment and control system suppliers and the companies deploying those systems in their manufacturing operations. 

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
As part of a new cybersecurity project, AMT hosted a webinar with a panel of experts focused on finding common ground between IT and OT.
At AMT’s 2021 MFG Meeting and MTForecast Conference, Richard Mason, president & CSO of Critical Infrastructure, will share his insight on cybersecurity in the manufacturing industry.
$10 billion toward cybersecurity. People are still trying to use unstructured data. Digital twins are putting in work. In-machine measurements. U.S. Marines and the additive boom.
In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%).
Similar News
undefined
Technology
By Vanesa Powers | Sep 16, 2021

In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.

7 min
undefined
Technology
By Benjamin Moses | Sep 03, 2021

$10 billion toward cybersecurity. People are still trying to use unstructured data. Digital twins are putting in work. In-machine measurements. U.S. Marines and the additive boom.

5 min
undefined
Intelligence
By Bill Herman | Aug 24, 2021

AMT and GBM announce the launch of MT United, a joint venture of the two leading organizations to empower North American manufacturers with data, analysis, and strategic information for accelerated growth, innovation, and global competitiveness.

3 min