Featured Image

Manufacturing is Under Attack

Many in our industry are aware of the recent cyberattacks on Colonial Pipeline and JBS Foods. Both situations were ransomware attacks where the “bad actors” took control of all, or part, of the businesses’ computing resources until the ransom was paid.
Jul 29, 2021

Many in our industry are aware of the recent cyberattacks on Colonial Pipeline and JBS Foods. Both situations were ransomware attacks where the “bad actors” took control of all, or part, of the businesses’ computing resources until the ransom was paid. In these cases, the ransom was $5 million and $11 million each – not insignificant amounts. While such attacks are devasting to a company, this type of attack is especially cruel since there are no guarantees that anything will be restored by the attackers after receiving the ransom.

While these attacks were prominently reported in the news media, they represent only the very tip of a much broader issue for manufacturing operations – actually, a much broader issue for all companies, government agencies, and individuals. Historically, the largest network security issue for most manufacturing operations was the introduction and propagation of computer viruses in production equipment. Broader security issues were relegated to the IT (information technology) department, where significant resources were expended to protect business systems from a wide array of security threats. Generally, manufacturing networks received nominal IT support other than the IT department’s best efforts in isolating the manufacturing network from the balance of the company’s systems. 

With the evolution and growth of digital manufacturing technology, this situation is changing. Manufacturing network systems are becoming as advanced as the IT networks found in other parts of the business. These networks involve many of the same computing technologies and numbers of connections – and in many cases more connections – as traditional IT networks. As these networks grow in complexity, they also become subject to the same security threats found in other parts of the business. 

While IT networks and digital manufacturing networks share many of the same technologies and consequently the same risks, there are significant differences in these two network environments which dictate that traditional IT network policies, procedures, and security implementations cannot easily be applied to manufacturing networks. To differentiate between these two network environments, manufacturing networks are designated as OT (operational technology) networks. 

The two biggest differences between IT and OT networks are (1) the age of equipment and other technologies connected to these networks and (2) the different operational characteristics of manufacturing systems. Typically, 20%-25% of the equipment connected to an IT network is replaced or upgraded every year – meaning most equipment on those networks is less than four to five years old. For manufacturing equipment, typically only 3%-4% of equipment is replaced annually – meaning it is not uncommon to find 20-to-30-year-old equipment connected to an OT network. Many of the security technologies applied in an IT network are incompatible with much of the equipment in the manufacturing environment. Additionally, normal IT security procedures, such as software updates, reboots, password changes, logon/logoff policies, etc., are generally not compatible with the operation of many manufacturing systems. 

Solutions for protecting manufacturing equipment from cybersecurity threats are evolving, but many of the current solutions are not ideal. AMT is undertaking a project to identify key factors associated with OT network security and related topics to be addressed in support of the growth of digital manufacturing. The outputs of this project are intended to raise awareness of cybersecurity threats to the manufacturing environment, identify resources to assist companies in addressing cybersecurity threats, and foster increased collaboration between equipment and control system suppliers and the companies deploying those systems in their manufacturing operations. 

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to ...
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
As part of a new cybersecurity project, AMT hosted a webinar with a panel of experts focused on finding common ground between IT and OT.
At AMT’s 2021 MFG Meeting and MTForecast Conference, Richard Mason, president & CSO of Critical Infrastructure, will share his insight on cybersecurity in the manufacturing industry.
$10 billion toward cybersecurity. People are still trying to use unstructured data. Digital twins are putting in work. In-machine measurements. U.S. Marines and the additive boom.
Similar News
undefined
Technology
By Benjamin Moses | Sep 24, 2021

Episode 57: Steve explains why electric motorcycles are failing and he’s part of the problem! Ben pivots to the success of robotics in woodworking. Stephen quotes some Wall Street nerds with their take on additive manufacturing in/for space.

37 min
undefined
Intelligence
By Patrick McGibbon | Sep 24, 2021

At AMT’s 2021 MFG Meeting and MTForecast conference, Mark Killion, CFA, director of U.S. industry for Oxford Economics, will discuss his forecast for manufacturing and the machine tool sector and where the biggest growth opportunities lie in the next ...

5 min
undefined
Technology
By John Turner | Sep 23, 2021

Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to ...

7 min