Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
    • Protect the environment. Think before you print.

Internet-connected devices can increase manufacturers’ cyber risks

September 25, 2019

Connected devices can increase productivity on the manufacturing floor, but Internet of Things security concerns can’t be ignored.

Michelle Chia

Head of Professional Liability and Cyber

Michelle Chia is the Head of Professional Liability and Cyber for Zurich North America, a position... About this expert

cyber manufacturing

The Internet of Things (IoT), the wave of internet-connected products entering the marketplace every day, is expanding at an astonishing pace and increasing the risk of IoT cyber security attacks. A recent prediction by an independent internet research organization suggests that by 2025, there will be 41.6 billion connected devices generating 79.4 zettabytes of data per year. To put it another way, one zettabyte is one trillion gigabytes.

Clearly, the IoT offers tremendous benefits, but connected devices can also present significant IoT cyber security and privacy risks. For manufacturers, the Industrial Internet of Things (IIoT), a subset of the IoT revolution, further magnifies the attack surfaces that can be exploited by bad actors as more network-connected devices are integrated into industrial operations.

While similar in principle to consumer IoT devices, such as virtual assistants, smartwatches and other wearable technologies, IIoT devices in manufacturing perform very different roles. Examples include everything from sophisticated robots on a factory floor to smart sensors performing real-time digital intelligence and production control functions. What IIoT-connected machines share with consumer IoT devices are potential vulnerabilities to cyber attacks.

The key cyber risk challenge of the IIoT environment is that formerly stand-alone equipment is now network-connected to increase efficiency, control and productivity. With that connectivity comes the potential that cyber criminals might find and use a software vulnerability in production hardware as a point of entry into a company’s network. In some cases, newly acquired IIoT devices have even been compromised by malware during manufacture and initial programming, allowing them to unleash dangerous code into a network as soon as they go online.

The stakes are high. By one estimate, in 2018 there were more than 10.5 billion documented malware attacks worldwide. An increasing number of those attacks are being directed at midsized manufacturers that historically were lesser targets since they were not perceived as data-rich as corporations with large quantities of user personal information. Not so anymore. That attack could come from an unanticipated direction, such as a robotic welder on your production line. Odds are that if your company has not already been hit by a cyber attack, it is only a matter of time until it is.

The first step in developing an effective IIoT risk reduction strategy should be to bring together IT and operational personnel to help them better understand each other’s issues and identify measures that will protect the business from cyber attacks. Key to this process is identifying equipment most vulnerable to attacks, such as industrial control systems, open platform communication systems, wireless sensors and cameras, internet-connected HVAC systems and systems controlling the utilities serving a facility. Keep in mind that cyber criminals can leverage even wireless office equipment, such as printers, triggering a costly production line shutdown or delivering a ransomware demand.

Manufacturers also need to develop protocols to ensure firmware installed in new production and control equipment is free of malware that can infect a network after the new equipment is integrated into the production process. Malicious software hidden in the operating system of new production equipment can be programmed to remain dormant and may be difficult to detect until it is triggered when sensing the presence of other devices and an available network.

Finally, a production facility needs intrusion prevention software customized to the needs of a manufacturing environment. Cyber defenses in an industrial setting need to respond not only to software anomalies that may indicate an active intrusion, but also to the abnormal behavior of operational equipment, such as robots and other connected hardware, that might signal a cyber event is in progress.

Effective risk management in any sphere always begins with a clear understanding of the nature and scope of the risks you face. Understanding the threats that may be associated with IIoT devices can help manufacturers reap the benefits of exciting, new technologies while protecting their productivity, property and people against cyber attacks.

Read more insights and information regarding the cyber risks companies face:

Related Articles