In this new digital manufacturing era, from edge computing and robotic process automation to artificial intelligence and machine learning, firms have never enjoyed as many opportunities to increase efficiency, boost effectiveness and enhance customer experiences.
But these heightened capabilities carry heightened cybersecurity risks, too — and not just from an information technology (IT) perspective. The majority of today’s manufacturing plants are multi-generational, featuring machines and devices that were in place far before anybody started talking about Industry 4.0. Many are simply not designed to protect against the dangers of a modern, interconnected operating landscape.
As they embrace the potential of these new digital tools, firms can therefore not rely on retrofitting their existing IT security solutions for their plants and production facilities. Instead, they require a custom-designed strategy to safeguard their operational technology (OT) against growing threats.
TLC for PLCs (and more)
The cost of not doing so can be considerable. Without the correct cybersecurity protocols in place for their OT, firms leave themselves open to intellectual property theft, production sabotage and logistical disruption — all of which can take a heavy toll on their revenue and reputation.
In some cases, it may even lead to safety risks for employees, partners or local communities due to dangerous levels of waste or the loss of control over hazardous materials.
The risk extends to third parties, too. As manufacturers invest in creating more digitalized and connected supplier networks, they also open up more potential points of cyber vulnerability. All must be proactively monitored and defended to maintain the security and purity of the production environment.
Cybersecurity programs can start small and scale quickly. So, the first thing manufacturers should do is conduct a detailed assessment of their OT. What is their device inventory? What software do they use? Where are the different connection points in their network? By answering these questions, firms can build a foundational view of their production environment and, crucially, identify any gaps or causes for concern.
There will likely be some obvious, low-hanging fruit they can immediately address. Programmable logic controllers (PLCs) are an example. These are used to monitor and automate critical production processes. Yet many have been around for years, so don’t necessarily feature the highest cybersecurity protocols.
Acting to ensure that any communication between PLCs and machinery is fully protected from outside infiltration is a way for manufacturers to make an immediate and positive difference to the security of their OT.
OT SWAT team
Once they have built their baseline inventory and corrected any immediate vulnerabilities, manufacturers can move onto addressing the areas of their production environment that require more rigorous, long-term programs.
This includes establishing ongoing governance of their OT. In particular, they should set clear roles and responsibilities and agree on a cybersecurity standard against which to benchmark themselves. (Here, both the National Institute of Standards and Technology (NIST) and National Emergency Management Association (NEMA) have some helpful frameworks to follow.)
Finally, like so much of modern manufacturing best practices, firms must move into a program of continuous improvement in which they are monitoring, measuring and reporting on cybersecurity performance on an ongoing basis.
Ideally, this should involve creating an Operations Center responsible for ensuring they constantly adapt and improve their processes and systems. This “SWAT team” must comprise a cross-functional set of capabilities, combining a range of people who understand production processes, have knowledge of the supply chain, bring cyber expertise, and are adept at risk management.
Together, the group can build a playbook for responding to issues and incidents and develop the visibility required to get ahead of the game.
Eyes open
Indeed, this need to be ahead of the curve is paramount. Like technology, the nature of the cyber threat that firms face is evolving rapidly. Protecting their OT therefore means having a robust but flexible strategy centered around a real-time view of their plants and supply chain.
Doing so will enable manufacturers to secure their production capacity and quality. It will prevent their IP from falling into the wrong hands. It will create safer working conditions for their employees, partners and communities. And it will safeguard their brand reputation and trust.
Of course, the opposite is true too. So, as the exciting possibilities of the digital era open up in front of them, firms must resist any temptation to take their eye off the back door.
The views reflected in this article are those of the author and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.
Read the full article here