Happy National Computer Security Day!
Manufacturers are especially vulnerable to cyber crime, says a new report, because “they have an abundance of data and relatively weak security.” Does that sound like you?
How about this: manufacturers tend to have lots of different equipment from different companies and different time depths. This makes it hard to test for vulnerabilities in the system. Your machinery ranges from 20th century components that don’t communicate with anyone to retro-fitted machines that gather data to newer devices that actively use the cloud. Connections may be ad hoc and there may not be any one individual that really knows all the possible vulnerabilities.
Finally, manufacturing often is unaware of the threats. Since factories typically don’t have a lot of sensitive personal data in their databases, they may think they have nothing to interest cyber criminals. In fact, theft of intellectual property is a real threat, and sabotage can be even worse. In 2014, a phishing email got access to a German steel mill and took control of the furnace.
Plan a cybersecurity audit
You may not have a devious enough mind to be able to identify all the vulnerabilities in your operation. Consider bringing in specialist for the purpose of identifying the problems that might arise. Check all along your supply chain and your vendors’ supply chains to be sure you don’t have dangers you haven’t thought about.
The German steel mill might have joked that their furnace didn’t have an email address. But chances are good that the printer in your office has one… as well as every computer in every office in your facility. And the furnace’s lack of email didn’t stop the cyberattack.
So think about an audit unless you’re sure you have no connections that could be exploited.
Establish protection and monitoring
Make sure you have anti-malware software that monitors all the computers in the building. Malware can attack machinery directly, causing temperature sensors, for example, to malfunction. But it usually makes its way in with computers rather than through industrial automation. Catch the issues before they reach the factory floor for best results.
Don’t forget the people
Most cyber security breaches come through people. The German steel mill got in trouble through an email that persuaded a human being to let the malware in. People may give out passwords on the phone to someone who sounds official, or they may just leave their computer logged in while they run a few errands. A miscreant can watch for the right moment to stroll into that empty office and get busy.
If you do nothing else for National Computer Security Day, make sure that every member of your team has their own login information for all your mission-critical software. “Username ‘Guest’ and the password is just ‘password’!” are the cheery last words for many insecure facilities.