The High-Tech Vision Quest

Manufacturers face IoT security blindspots, from R&D down to the factory floor

High-tech manufacturing can refer to a broad number of areas of specialty—everything from aerospace and automotive companies to the makers of semiconductors and hardware. But they all share one mixed-blessing in common: Their systems are now “smart.”

To remain competitive, enterprises must embrace connectivity, which improves profits through productivity, reduces human error, and cuts expenses. They can also take advantage of an R&D tax credit that encourages innovations. But the critical infrastructure ensconced in increasingly sophisticated operational technology also offers several attack surfaces—even ones that can physically impact the factory floor, creating considerable damage.

Right now, this fear is rooted more in anticipation. But that’s not to say that it hasn’t happened: Three years ago, hackers successfully manipulated furnace controls at a German steel mill, destroying its equipment. Meanwhile, a test by Politecnico di Milano (an Italian university) just proved that the operating system of a robotic arm can, indeed, be hacked. In reality, Internet-connected robot controllers are rife with security holes: Some aren’t password protected, while others lack authentication.

This Italian job was a controlled experiment. But it’s safe to say that since the breaches of high-tech manufacturers at the R&D level frequently come via malware, the stealth of the latter is of great concern. The WannaCry ransomware attack has reminded us that hackers could just as easily halt a company’s production for a fee causing interruptions in productivity and reputational damage.

graphic courtesy of The MPI Group

In a recent story, Forbes writes: “The tiniest of variances in the performance of operational technology could cause manufacturing disruptions, leading to defective products (meaning recalls and reputational losses), production downtime, physical damage, and even injuries and deaths.” The publication paints a (hypothetical) picture of a seemingly functional car with compromised welding settings that could cause safety issues down the line.

“Enabling IoT in manufacturing processes is where we’re seeing some of the biggest opportunities for growth and innovation,” Rick Schreiber, manufacturing lead at BDO, said in a Design News story. “About half of plant processes are currently managed via the IoT.”

As of last year, manufacturing was reportedly the second-most hacked industry after healthcare. This is likely due to its competitive value, in tandem with the fact that it’s perceived as one of the least prepared for a breach.

The good news is that manufacturing companies are beginning to understand the urgency for proactive security. The MPI Group just released its annual IoT study, and found that 13% of global manufacturers it surveyed had no plans to develop an IoT strategy, down from around 33% last year.

Finding security that covers an entire assembly line—from the R&D phase through to production—is a manufacturer’s greatest challenge. Repairing holes one-by-one will only get them so far. Instead, they should look to a holistic solution (such as security analytics), that is eagle-eyed enough to not be limited by rules or false positives in the ways that endpoint protection and SIEMs often fail. Because if visibility is important in cybersecurity, it’s an absolute non-negotiable in the world of high-tech manufacturing.