Rapid advancements in technology and manufacturing processes have accelerated productivity and efficiency gains in the manufacturing sector. The integration of technologies such as artificial intelligence (AI) and internet of things (IoT) with traditional operational technologies (OT) continues to transform and optimize how we manufacture products of ever-increasing complexity globally. This increased interconnectivity and digitization have introduced new threat vectors into traditionally closed systems. These vectors, introduced into a landscape of ever-evolving threat actors, are posing significant risk in the manufacturing sector – both to individuals and to society.
New threats to old systems
New geopolitical risks, global market competitiveness, intricate cybercrime syndicates, and the growing ease of crafting and launching sophisticated cyberattacks are driving a shift in mindset from merely advanced manufacturing to secure advanced manufacturing (AM). Clearly, the wide range of attacks illustrates the threats faced by manufacturing in particular.
- Supply chain attacks: Product and manufacturing complexity and growing supplier inter-connectivity have had a multiplicative effect on the number of vulnerabilities faced by modern supply chains. Exploiting these vulnerabilities can lead to production delays, quality issues,and compromise a manufacturer’s infrastructure.
- Industrial Control System (ICS) attacks: Advanced manufacturing systems enable remoteaccess and control, reducing workforce requirements and reducing processing time. However, malicious control of such systems can disrupt production and endanger worker safety.
- Ransomware attacks: Ransomware attacks continue to rise globally and are increasinglytargeted at the manufacturing sector, leading to increased financial losses along with the cost of recovery.
- Data breaches: Data such as a manufacturer’s Intellectual Property (IP), customer data andother confidential information continues to be a prime target for malicious entities. Unauthorized access and transfer of such data severely impacts an organization’s reputation.
Traditional methods, applied in a new way
How does one tackle these new threats?
Having robust cybersecurity measures becomes imperative in safeguarding critical systems and sensitive data against these multifaceted threats. Not surprisingly, tried-and-tested cybersecurity practices are most effective, yet are best implemented through innovative methods and technologies.
- Integrating and synergizing the cybersecurity organization: Businesses should create and implement a cybersecurity strategy covering the entire enterprise, facilitating application to both IT and OT environments in a consistent manner. This entails aligning people, process and technology to support common cybersecurity goals and priorities based on a regularly updated risk management strategy.
- Control access: Organizations must enforce robust identity and access controls across all environments including on-premise, off-premise, IT (information technology), operational technology (OT), industrial internet of things (IIoT), IoT and cloud. They should maintain consistent controls and processes for managing identities and access across the business.
- System hardening and patch management: Timely patching of products and systems is essential in addressing vulnerable systems. This includes hardening of systems before they are introduced into the environment, as well as ensuring regular testing and application of vendor-published patches.
- Network segmentation: Segregation and isolation of systems and environments based on business criticality makes it harder for malicious actors to access critical systems, even as it simplifies isolation of infected or compromised systems from the rest of the enterprise.
- Security monitoring and incident response: Security monitoring should be performed cohesively so that security events from across different environments are effectively triagedand investigated. This forms a comprehensive view of the attack vector and all affected systems across the enterprise.
- Cybersecurity awareness: While most businesses have cybersecurity awareness and learning programs for employees, few extend these to manufacturing facilities, deeming them irrelevant or low risk. However, the convergence of IT and OT systems has now elevated the risk in these traditionally isolated environments; hence, employees at these locations should be trained accordingly.
- Supply chain security: An effective vendor risk management process enables security and resilience of supply chains. This should be prioritized based on risk and tested periodically to affirm accurate monitoring and reporting across the ecosystem.
EY GDS – leading the charge in Industry 4.0
With the role of cybersecurity professionals becoming more critical, cybersecurity, strategy, risk, compliance, and resilience teams stand at the forefront of protecting organizational assets and maintaining business continuity. As a global leader in assurance, tax, transaction, and advisory services, EY GDS has emerged as a frontrunner in cybersecurity solutions for Industry 4.0. The organization is driving cutting-edge technologies such as AI-based threat detection, blockchain for security, and advanced analytics to protect against cyber threats.
With certifications and up-skilling programs offered to employees to keep them abreast of industry standards and technologies, EY GDS plays a key role in maintaining the integrity and security of industrial systems and data across the globe, protecting businesses and consumers alike. The organization is building inclusive teams to bring in diverse perspectives in tackling cybersecurity challenges. It offers opportunities globally to work with international clients and on cross-border projects, helping shape global cybersecurity strategies. There are ample opportunities to work on innovative projects that address some of the most pressing cybersecurity challenges in Industry 4.0.
EY GDS has facilitated networking opportunities with industry experts and mentors from the global EY network, allowing for professional growth and knowledge exchange. By aligning employer branding and career development strategies with Industry 4.0 imperatives, the organization offers the best opportunities in cybersecurity, enabling a resilient and innovative workforce that can meet the evolving challenges of the digital landscape.
The road ahead
As with addressing any cybersecurity threats, executive leadership buy-in is essential to set priorities for business, and collaboration across the enterprise will be critical to effectively achieve these priorities.
Industry 4.0 continues to drive innovation and transform manufacturing business across the globe. It is for businesses to decide how secure these transformations are, with clear visibility of the risks and a well-defined strategy to address them. How well businesses can do it will determine their level of success and resilience in this new competitive manufacturing landscape.