Navigating cybersecurity challenges in advanced manufacturing
Table Of Contents−
This article is part of our Opinions section.
From the outside, it looks like a busy time for the manufacturing sector. Not only does it face its fair share of cyberattacks, dealing with 25% of security incidents last year alone, but it also contends with waves of digital transformation.
Advanced manufacturing has emerged with the increased adoption of Key Enabling Technologies (KETs), including robotics, AI, and high-performance computing and modelling. These new technologies have necessitated increased connectivity and IT unification, which, while benefiting the production process, also creates a larger attack surface for potential cyberattacks.
This, combined with the increased attention from regulatory bodies like NIS2, has left the manufacturing sector in a state of uncertainty. How can these new technologies be safely integrated while protecting operations from an increase in cyberattacks?
While the increased connectivity of systems can expose them to online threats, this adoption process can also yield unexpected cyber security benefits.
Implementing these new technologies will require systems to be comprehensively assessed, providing manufacturers a chance to bake in new and improved cybersecurity methods at the core. However, the manufacturing sector doesn’t need to reinvent the wheel to do so.
Advanced manufacturing, advanced connectivity
As the manufacturing sector becomes ever more competitive, advanced manufacturing has come to the forefront as a way to improve efficiency and, by extension, improve a manufacturer’s competitiveness in a crowded sector.
With this in mind, it’s more important than ever that every step of the supply chain is connected, as the KETs rely on strong connectivity across sites to be effective. This contributes to a larger trend of manufacturers connecting disparate sites worldwide to access real-time visibility of the entire supply chain.
While this is a significant benefit in terms of efficiency, these increasingly complex digital infrastructures incorporate IoT devices which increase the attack surface substantially, opening the door to data protection issues.
Despite the benefits of having a fully connected supply chain, it becomes a case of ‘the chain is only as strong as its weakest link’. With third parties and contractors often included in these chains, it can become increasingly complex to determine the source of issues when they occur.
Regulatory concerns
Manufacturers also have to contend with increased attention from governments and regulatory bodies, with major incidents such as the infamous Suez Canal blockage drawing attention to the wide-ranging impact of supply chain disruptions.
Regulators have recognised the growing risk of cyberattacks as the sector digitises rapidly and responded with the introduction of NIS2, which sets new benchmarks for cyber security practices in the sector.
The directive redefines the manufacturing industry as an ‘important entity’, highlighting its increased vulnerability to cyber threats and the potential knock-on effects of attacks on the wider public health and safety. It requires manufacturers to prioritise supply chain security, assessing not only internal operations but also the wider network of suppliers, partners and contractors.
No need to reinvent the wheel
With the plethora of technological advancements and the increasing pressure from regulatory bodies, how should manufacturers act to ensure robust cybersecurity protection? Believe it or not, they shouldn’t approach it much differently than they have with previous problems.
Before automation and its associated costs, the biggest issue facing manufacturers was health and safety: how to protect workers and ensure efficiency – an assessment and balancing of risk. These same principles can, and should, be applied to cyber security.
Practically, an in-depth cyber risk assessment tailored to manufacturing-specific cyber threats would be the first port of call to gain a thorough understanding of operational vulnerabilities. Once the areas of concern are identified, then additional security can be built into the system.
A zero-trust strategy would be the logical next step to create robust barriers around high-value applications and data by constantly verifying, authenticating and authorising every user. By building this into the operation, manufacturers can retain security controls throughout the supply chain, even when working alongside contractors and suppliers.
However, manufacturing is such a diverse field where operations can be wildly different. One size certainly doesn’t fit all, which is why carrying out a cyber risk assessment is so essential. Once manufacturers understand the requirements of their operations, value, risk and performance can be evaluated to determine if anything needs changing.
Related reading
Rob Robinson
NEXT UP
Hackers beware: UK data centres now have critical national infrastructure protection (CNI)
UK government beefs up national security by adding CNI status to its data centres – here’s why it should help
Hans-Martin Zogg, Business Director TPS, Leica Geosystems: “Ensuring accurate, tamper-free measurements in high-pressure environments is a complex problem”
If you’ve ever wanted to know how Olympics organisers measured distances thrown in field events, Hans-Martin Zogg, Business Director TPS, Leica Geosystems, has the answer.
Generative AI takes off in business – but don’t call it a bubble
Confused by AI? You’re not alone. Consultancies struggle to understand what’s next in AI, too