Business leaders across all industries face a common challenge. To stay relevant, they have to embrace digital transformation. To stay secure, they have to manage risks.
In some ways, industrial manufacturing companies are the canary in the coal mine. These companies are dependent on uptime and safety to be successful. If production is down, particularly if there is unplanned downtime, the entire business is impacted—sales, profits, brand reputation, partner relationships and customer goodwill.
The cost of a data breach in industrial manufacturing is among the highest of any industry. A single breach averages $5.2 million in the industrial sector, according to the 2019 Cost of a Data Breach Report by the Ponemon Institute. It can be much worse. When the WannaCry ransomware attack took place in May 2017, many manufacturing companies were hit particularly hard, with several automobile companies shutting down factories for days. Overall losses totaled in the billions of dollars.
“In industrial manufacturing, uptime and safety are the highest concerns, keeping the plants running and making sure people are safe.” says Del Rodillas, senior product marketing manager at Palo Alto Networks.
Modernization is necessary in this era of Industry 4.0, a term that is often used to describe the fourth industrial revolution. The concept is that automation, intelligence and the Internet of Things will infuse all aspects of manufacturing and supply chain, revolutionizing processes and delivering greater speed, agility and innovation than we could have ever imagined.
For today’s manufacturing companies, the question is not whether to embrace the concepts behind Industry 4.0; rather, it is a question of when and how.
Although manufacturing companies may be at different stages of digital transformation, they all have to assess whether they are modernizing the factory floor with sensors, wireless technologies, analytics and machine learning. “The goal is to redefine manufacturing technology and architecture to use analytics to be more proactive, reduce costs and improve both IT and operational technology (OT),” says Rodillas.
Technology Isn’t Enough
No company in manufacturing—or, for that matter, any industry—should attempt digital transformation without focusing on cybersecurity as a vital component of every single process and decision. A few years ago, it was popular to state that every company was a software company. Today, it is no exaggeration to state that every company is a cybersecurity company.
In the manufacturing sector, that means being acutely aware of vulnerabilities as you modernize. With a more open factory environment and with distributed partners and operations, the biggest risk is an incident that will cause a disruption in operations. Rodillas of Palo Alto Networks notes that many organizations feel safe if they have the right controls at the perimeter. This, unfortunately, can be a false assumption.
“Technology alone is not the answer,” Rodillas says. “Manufacturers have to embrace new architectural models that bring together technology, people, policies and processes. Today they may have multiple physical plants spanning multiple geographies. These have to connect and operate in a trusted environment.”
For that reason, adopting a Zero Trust architectural model is essential. Today, you have more open factory floors and supply chains. You must have granular visibility and controls, eliminating risks of unauthorized users, applications and data on the network. You also have to accept that nothing is perfect despite these controls, that threats can still get in.
You need provisions to quickly detect and prevent against attacks. For example, tools to automate threat detection and response, leveraging machine learning for IoT and Industry 4.0. The technologies that increase the attack surface are the same technologies that can automate cybersecurity detection and prevention. However, automation must be used strategically.
“There may be times when automation detects a threat, but the threat is not so grave as to stop a production line,” Rodillas says. “The processes have to be in place to decide that you can address the threat without having to bring down production.”
Have Open Discussions
There are also corporate culture aspects of cybersecurity that must be considered. IT security and OT security teams have often had separate requirements, based on their responsibilities: IT has focused on threats from the “virtual” world and OT has focused on ensuring physical security and safety on the factory floor. In today’s environment, however, threats can come from anywhere and everywhere, encompassing both physical security and cyber security.
“Your security leaders must be able to facilitate discussions between IT, cybersecurity and the leaders running the plant,” Rodillas says. “In this new world, a leader must unify infrastructure, machine learning, telemetry and analytics so that everyone is working from the same data set.”
Traditional models of buying products to fix specific problems won’t work anymore in this type of environment. For business leaders in the manufacturing sector, this means ensuring that your teams are:
- Using a platform model for cybersecurity, whereby security teams can easily integrate different technologies and have faster access to innovation.
- Moving towards a Zero Trust architecture in which only authorized users using authorized applications on authorized devices are allowed onto the network—whether employees, partners or anyone else in the supply chain.
- Leveraging automation, artificial intelligence and machine learning to ensure that intelligence is infused at every level of the manufacturing process.
- Making cybersecurity the highest priority of the organization and ensuring that cybersecurity is considered whenever new technologies, processes or procedures are deployed or even discussed.
The path to Industry 4.0 is right before us. Are you ready?