This summer’s massive Equifax hack was a wake-up call to millions of people about the rising challenge of cybersecurity, but the threats aren’t just to consumer-facing companies or traditionally IT-driven organizations. As the manufacturing sector becomes increasingly interwoven with information technology and the Internet of Things, the risk to industrial firms is growing.
From sophisticated Stuxnet-style attacks to now-commonplace ransomware shakedowns, manufacturers are finding themselves defending against malicious attempts to corrupt data, steal intellectual property, sabotage industrial equipment, and disable communications.
Beyond the scale and intensity of the threat, there’s another issue of critical importance: lack of awareness. Despite an estimated 400 companies being targeted in cyberattacks every day in 2016, resulting in more than $3 billion in losses, many U.S. firms have yet to acknowledge the need for action.
Two think tanks, MForesight: The Alliance for Manufacturing Foresight and the Computing Community Consortium, have teamed up to publish a new report detailing how government, industry, and the academic community can come together to recognize and address the situation.
Among the key recommendations proposed, the report suggests the following steps be considered:
- Create a public-private partnership focused on manufacturing supply chain cybersecurity.
- Establish a federal research initiative to address both near-term and long-term cybersecurity challenges and opportunities. Fundamental research should address systems of systems engineering methodologies for cyber physical systems with designed-in cybersecurity and resilience, treating linked cyber spaces as systems design/interface risk problems.
- Establish manufacturing industry-specific Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organizations (ISAOs), or similar organizations to facilitate fault-free, anonymous sharing of incidents, threats, vulnerabilities, best practices, and solutions. Existing ISACs/ISAOs provide models.
- Establish an executive-level working group to provide a strong industry voice to advocate for and motivate industry action to strengthen cybersecurity.
- Develop a comprehensive framework specifically for manufacturing supply chain cybersecurity, similar to existing frameworks on cybersecurity and cyber physical security.
Cybersecurity needs to become a deeply ingrained part of every manufacturing company’s culture, say the report’s authors; something that is embedded in management decisions, workforce training, and investment calculations. Much like Japanese competition gave rise to a new “quality culture” in North American industry in the 1980s, the report argues that the hacking threat can and should give rise to a new culture of care and vigilance today.