Why cybersecurity is manufacturers’ responsibility in the 4IR era

17 September, 2020

Aaron Schamp
Principal, Cybersecurity and Privacy, PwC US
Bobby Bono
Industrial Manufacturing Leader, PwC US

Governments and citizens are turning to industrial manufacturers to help reimagine and remake how we live, work and care for one another. And the industry is responding. Consider how, at the height of the COVID-19 pandemic, companies quickly shifted to additive manufacturing and 3D printing to produce ventilator parts and personal protective equipment in large volumes. Or how manufacturers are helping to accelerate the transition to smart cities to deliver better and more efficient services to citizens via connected devices over digital platforms.

Alongside all these new opportunities, manufacturers also have new responsibilities – and cybersecurity is at the front and center of it all. With their expanding scale and role in performing critical functions, industrial IoT devices are exposed to an ever-increasing attack surface. Manufacturers are effectively juggling cyber risks on two fronts: IoT-connected machines and systems within their operations, and the portfolio of their IoT-enabled products. As the risk gaps for both widen, they are taking the lead on cybersecurity issues.

Increasingly, manufacturers are carrying a heavier onus to protect the data collected and transmitted by their operational IoT-connected systems – from shop-floor equipment and sensors to digitally tethered materials handling and supply chain technologies. To do so requires taking a thorough cybersecurity audit of all IoT-enabled operational technologies, which include myriad devices – anything from robotics systems to autonomous materials handling equipment, as well as back office equipment including PCs and even printers. Getting this right will require the IT teams (traditionally charged with cybersecurity protocols and policies) to work much more closely with their OT (operational technology) teams to ensure that any existing and future IoT devices are accounted for and made cyber-proofed.

And, as manufacturers increasingly embed digital intelligence into their products (including sensors and cameras that collect and transmit data), it is becoming paramount to assure buyers of those products that the products are as secure as possible. That starts with building cybersecurity into the life cycle of products from the get-go, early in the R&D process – in what is known as a “security-by-design” approach. It also means meeting the market’s expectations by making ongoing cyber security upgrades, such as patches, through the life of the product.

The COVID-19 pandemic appears to have accelerated efforts to cyber-protect. Companies are already moving in this direction. A PwC Pulse Survey of security and information leaders found clear lessons learned from the pandemic: 95% of respondents are integrating cyber risks more with the overall enterprise risk management and all of them are investing in improving information governance for better data-driven decision-making.

As many manufacturers morph into tech companies with data at the core, customers are demanding the same transparency and communication they expect from other data-driven sectors such as financial services. So, manufacturers will increasingly need to demonstrate that technology responsibly and transparently and in ways that benefit customers. In the event of a data breach, for instance, manufacturers will need to be able to communicate in detail about what happened and how they are implementing real change to prevent future breaches.

Unfortunately, any Internet-connected product is vulnerable – but some much more so than others. As manufacturers procure and produce such products, it will increasingly become incumbent upon them to demonstrate to the market that they are carrying out strict cyber audits within their operations, as well as assuring the security of their IoT products. Consider how you can provide privacy assurance by using the standardized controls reporting framework (SOC) to assess and report on controls over your products, services and enterprise.

There were more than 100 million cyber attacks on smart devices in the first half of 2019 – a seven-fold leap within a year. That was before the pandemic. Now cybercriminals are seeking to exploit the sudden changes in ways of working and mount even more frequent attacks. But their attempts can be foiled. With strong accountability and leadership in cybersecurity, the manufacturing industry can safely deploy billions of smart products toward recovery and rebuilding of economies, solving long-standing societal problems while unlocking new commercial opportunities.