Cyber risk in an era of smart manufacturing

Manufacturing is expected to be one of the biggest adopters of 5G technology during the next few years. Taking advantage of its many benefits will increase the risk profile for businesses that make the switch, but the biggest risk of all is likely to be failing to act and falling behind.

Juniper Networks estimates that global 5G connections will increase more than tenfold to 3.2 billion during the next five years[1]. The same analysis shows that the enterprise market will grow fivefold to $US10.9 billion by 2027.

The continued rise of ‘smart’ factories making use of artificial intelligence, data analytics, industrial control systems and sensor-based technologies will be a major driver of this rapid growth.

5G will enable greater process automation – meaning robots can do more dangerous work in harsh environments – and remote monitoring to empower the preventative maintenance of expensive equipment.

These maintenance tasks, and the training of staff to complete them, will also rely on 5G to power augmented reality and virtual reality experiences. This isn’t currently possible in some remote sites where high-speed fibre connections aren’t available but will become viable over a 5G network.

Opportunity brings new risk

As with all new technological developments, these new opportunities also bring greater risk that must be managed. One of the biggest challenges for manufacturers in the next few years will be the proliferation of devices equipped with sensors.

From large-scale power generators to low-cost CCTV cameras, huge numbers of sensors are monitoring motion, pressure, temperature, vibration and more. The risk profile shifts with every sensor on each new device added to the network. This is where the security challenge begins.

As more and more sensor-based devices are added to the network, hackers will be able to use a compromised device to infect other devices in an internal network, effectively turning the organisation’s technology on itself.

This loss of control through an exponential increase in potential points of failure dramatically changes the risk profile. If one device gets hacked out in the field, the hacker could potentially use it to get into the production environment if the right controls aren’t in place.

Once a hacker obtained access, they can deliberately or even accidently disrupt the entire production environment, causing equipment to fail, leading to serious consequences and damages. Entire systems can be locked up from ransomware attacks.

Damaging knock-on effects

If a major piece of machinery is taken offline at a major processing plant, it could be weeks or months before an organisation is able to replace it. This could take a heavy toll on production, significantly impacting financial performance and potentially causing severe reputational damage.

This risk profile also extends out into extended supply chains, which is a major headache for large organisations reliant on the services of many smaller businesses that may not have the financial resources or technical skills to ensure the same level of rigour.

Manufacturers are encouraged to improve their security culture and clearly identify business risks. This means conducting a proper risk assessment to see where weaknesses are and working with industry experts to fix them.

Good security hygiene including antivirus and malware protection, patch management, multi-factor authentication, network monitoring tools to detect suspicious activities earlier, secured communication channels and network segmentation should be implemented, so that you are better able to isolate compromised systems and limit the spread of an infection.

Security requirements should be built into the procurement process of new equipment, with older and less expensive equipment protected by perimeter security to help prevent hackers getting at them. Continuous training and highly visible reminders should warn staff about the dangers of clicking on email links.

If and when you do have an incident, it’s all about the strength of your response and recovery plans just like any other business risk. Everybody should know where to run and what to do from internal technology and operations teams to the legal team, to the external messaging provided by senior management.

The majority of loss is preventable, not inevitable. Manufacturers have too much to gain from implementing 5G technology to sit on their hands and watch others find advantage.

Taking an engineering-based approach to protecting equipment from cyber attack will minimise the risk associated with embracing these exciting new opportunities.

[1] Global 5G market forecast to hit 3.2bn connections by 2026. Technology Decisions. 11 August 2021. 

Pankaj Thareja is a cyber security consultant at FM Global