Digital innovation is transforming and modernising all industries, with organisations leveraging new technologies to improve processes, reduce costs, increase efficiencies and gain competitive advantage. The manufacturing sector in particular has embraced digital transformation and Operational Technology (OT), however this comes with the increased risk of cyber attacks.
Manufacturing ecosystems are accelerating digital transformation with early adopters achieving twice the revenue growth, digital maturity and new product/service delivery as their peers. Operational Technology is now widely used across manufacturing production lines and supply chains. From advanced robotics, digital twins, AI and Machine learning, to connected devices and digital control systems, innovative digital solutions increase agility, flexibility and scale, and optimise manufacturing operations, making production more successful.
However, digital transformation and OT in manufacturing also brings more opportunities for cyber attackers. Increased connectivity opens up the attack surface, giving cyber attackers more ways to breach an organisation to gain access to systems, processes and assets.
It comes as no surprise that the manufacturing sector experiences the highest share of cyber attacks worldwide. In 2021 attacks on manufacturing companies accounted for over 23 percent of the total cyber attacks (source: IBM X-Force Threat Intelligence Index).
Here in the UK it is reported that 47% of manufacturers have faced a cyber attack in the previous year, and as a result cyber security has become a bigger priority for many manufacturers.
Whilst cyber attacks on manufacturing OT – the hardware and software that monitors or controls equipment, assets and processes – have become more common, the disruption is severe.
Cyber attacks can force the stoppage of production and force the closure of plants and factories, such as in 2017 when Renault-Nissan stopped production at five plants located in England, France, Slovenia, Romania, and India due to falling victim to the WannaCry ransomware attack. More recently in February 2023 semiconductor equipment maker MKS Instruments suffered a ransomware attack that impacted its production-related systems, with the company temporarily suspending operations at its facilities.
From loss of revenue due to forced closures of plants and factories, to reputational damage because of authorised access to sensitive data, the impact is huge. According to IBM, the average cost of a data breach in 2022 for the industrial sector was $4.47 million. In February 2023 Multibillion-dollar American company Applied Materials, which develops technology for the semiconductor sector, revealed that a ransomware attack on one of its suppliers (possibly MKS instruments but not publicly confirmed) would cost $250 million in the upcoming quarter.
According to Gartner, a technological research and consulting firm, by 2025 attacks will evolve from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with intent to create physical harm. Think this sounds far fetched? Not all. In 2021 an attempt was made to poison a Florida city by hijacking its water treatment plant. The attacker gained access through remote-control software TeamViewer that was running on a PC at the plant, and used that machine to ultimately attempt to jack up the levels of sodium hydroxide to more than 100 times the normal amount. Thankfully the system’s operator noticed the intrusion and immediately reduced the level back. But this just shows how easy it can be for attackers to breach systems.
As digital transformation speeds up, and the use of OT becomes more widespread, the tactics used by cyber attackers become ever more sophisticated and severe, those in the manufacturing sector may struggle to keep up with the pace of change.
We advise a proactive approach to protecting systems, devices, processes and assets. A culture of being prepared is necessary, because a reactive stance alone is too late, the damage will have been already done.
With cost often seen as a barrier for those in the manufacturing sector to become more cyber secure, we recommend that manufacturers get in touch with the cyber experts here at Infosec Partners. From consultancy, to awareness training programmes, to Cyber Essentials Certification, through to fully managed security services, we work with organisations of all sizes, across all sectors, to strengthen their cyber security.
To speak with our team of OT cyber experts please get in touch.