Welcome to Cyberstrike Brief, your source for the latest cybersecurity insights in smart manufacturing.

Why Weak Links in Supply Chains Put Manufacturers at Risk

A robust risk management strategy is essential for manufacturers to safeguard their operations against evolving cyber threats.

Supply chain cyber-attacks are a favorite method used against manufacturers. Today’s goods and services rely on supply chains, which link a global network of service providers, software developers, and manufacturers. Although supply chains are vital to commerce, they also put manufacturers at risk because of the many places where parts and software for final products come from.

Criminal hackers and nation-states often perpetrate supply chain breaches. They want to enter supply chains, companies, systems, contractors, and providers through the weakest links. Attackers usually do this by:

  • Taking advantage of vendors in the chain who don’t take security seriously.
  • Putting hacked or fake hardware and software into networks.
  • Using insider threats.

IIoT and OT Vulnerabilities

Adopting the Industrial Internet of Things and operational technology (OT) has further expanded the attack surface. IT/OT supply chains in manufacturing can be particularly vulnerable as they cross-pollinate and offer attackers many points of entry. Older Legacy OT systems were not designed to protect against cyber-attacks.

According to PMMI Business Intelligence’s “2021 Cybersecurity: Assess Your Risk,” report, Information Technology (IT) attacks “specifically target the enterprise IT systems at a manufacturer, seeking to gain entry through vectors such as email, a CRM system, or an ERP program, which can span across an operation.”

Read More: Keep Your Manufacturing Operations Safe with This Cybersecurity Checklist

Operational Technology (OT) attacks “are designed to exploit the systems that are directly on the plant floor. An OT attack can originate through vectors such as individual sensors on the production line, SCADA/HMI panels, or even unsecured PLCs.” (Cybersecurity 101: The Difference Between IT and OT Attacks | OEM Magazine)

Another significant target for hackers when they peruse the manufacturing industry is the Internet of Things (IoT). The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable, and/or controllable via the Internet. In factories that build things, IoT devices are often prevalent.

By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average. That also amounts to trillions of sensors connecting and interacting on these devices. According to the McKinsey Global Institute, 127 new devices connect to the internet every second. (What’s new with the Internet of Things? | McKinsey)

Unfortunately, many of these devices are not manufactured in the West, lack standards and users often rely on the weak security of default settings. They make an enticing collection for targets for criminal hackers.

The Rise of Ransom Attacks

Since it was first created decades ago, ransomware has become a popular tool for hackers. Some of these actors are loosely state-sponsored or connected. Phishing and ransomware are always at the top of the cyber-threat matrix. Advances in technology have made it easier for hackers to phish. They can use readily available digital graphics, apply social engineering data, and a vast array of phishing tools

Manufacturers are prime targets for ransomware attacks because they often cannot afford to shut down factories or operations.  Malware that demands cryptocurrency in exchange for data has made ransomware more popular. Hackers are always looking for zero-day vulnerabilities, seeking supply chain attacks, and attempting to find weak spots to make their ransomware attacks more likely to succeed.

Read More: How Cybercrime Threatens the Automotive Manufacturing Sector

The current state of cyber affairs is especially alarming because ransomware attacks are growing not only in numbers but also in the financial and reputational costs to businesses. Moreover, ransomware has become more sophisticated and more widely available. Cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments.

Supply chain and IoT situational awareness, combined with systematic skills for operational risk management and critical communications in case of disaster, are the threads that help connect a manufacturing industry cyber security approach.

Because the sophistication and number of cyber threats are evolving and replicating so quickly, there needs to be a clear security plan for who will handle the constantly changing range of cyber threats[TH1] , such as phishing scams, bots, DDoS attacks, ransomware, and many types of insider threats.

A strong risk management method is key to keeping things cyber-safe. This is true for both physical and digital security. Both of these elements come together in the manufacturing setting. Knowledge of how to best protect the most important assets and successfully prevent and mitigate security incidents and breaches are a big part of cyber-securing manufacturing.

About the Author

Chuck Brooks, President and Consultant, Brooks Consulting International

Chuck Brooks serves as President and Consultant of Brooks Consulting International. Chuck also serves as an Adjunct Professor at Georgetown University in the Cyber Risk Management Program, where he teaches graduate courses on risk management, homeland security, and cybersecurity. Chuck has received numerous global accolades for his work and promotion of cybersecurity. Recently, he was named the top cybersecurity expert to follow on social media, and also as one top cybersecurity leaders for 2024. He has also been named "Cybersecurity Person of the Year" by Cyber Express, Cybersecurity Marketer of the Year, and a "Top 5 Tech Person to Follow" by LinkedIn” where he has 120,000 followers on his profile. Chuck has keynoted dozens of global conferences and written over 350 articles relating to technologies and cybersecurity. As a thought leader, blogger, and event speaker, he has briefed the G20 on energy cybersecurity, The US Embassy to the Holy See and the Vatican on global cybersecurity cooperation. He has served on two National Academy of Science Advisory groups, including one on digitalizing the USAF, and another on securing BioTech. He has also addressed USTRANSCOM on cybersecurity and serves on an industry/government Working group for DHS CISA focused on security space systems. In his career, Chuck has received presidential appointments for executive service by two U.S. presidents and served as the first Director of Legislative Affairs at the DHS Science & Technology Directorate. He served a decade on the Hill for the late Senator Arlen Specter on Capitol Hill on tech and security issues. Chuck has also served in executive roles for companies such as General Dynamics, Rapiscan, and Xerox. Chuck has an MA from the University of Chicago, a BA from DePauw University, and a certificate in International Law from The Hague Academy of International Law.

 

You Might Also Like