This rapid expansion of the number of connected devices ushers in a new front of risk as it gives cybercriminals new entry points into manufacturers’ vast operations. IoT-embedded operational technology including manufacturing machinery, surveillance systems (webcams, smart security systems), routers, USB drives, HVAC and lighting systems, and even printers all lie outside of the information technology (IT) backbone of organizations. That means these devices could be unprotected by traditional security tools. The vulnerabilities extend well outside the factory walls, throughout the supply chain and in the back-office systems that manage inventory, order fulfilment, accounting and supply chain logistics.
Now more than ever, manufacturers need a clear vision of the expanding cyberattack surface and a unified response to the intensifying threat of attacks from cybercriminals. The best way to do that is by understanding your risks and controls and aligning cybersecurity tools and culture that strengthen human connections – even as you shift to large-scale industrial automation.
Here are some ways to do that:
- Close the IT-OT gap inside your organization: In most manufacturing companies operational technology (OT) specialists are the ones deploying digital technology such as sensors, cameras and other digitized data-gathering devices to monitor and control industrial production processes and conditions. But information technology (IT) teams are the ones that understand the security standards of such deployments. So it’s not always clear precisely who – OT or IT – should be charged with oversight of digital devices and information systems. The answer? Both teams should be working in tandem.
As IT and OT systems converge in industrial manufacturing, the teams, too, should merge – and be at the forefront of changing the cybersecurity culture of organizations. It’s important that manufacturers take a particularly close look at the emerging risks surrounding the OT realm of the organization, which are often less well-understood and governed than the IT side of the business. And, actively enlisting those overseeing OT adoption and management will help manufacturers increase risk management and security controls of that technology. Cross-functional collaboration should, in fact, extend to include other experts such as supply chain logistics specialists as more assets are tracked digitally, or product development teams that uphold “security by design” principles.
- Use IoT to increase trust among people: Supply chain disruptions caused by COVID-19 and trade policies have led manufacturers to deploy multi-sourcing strategies and adopt a more flexible global manufacturing footprint. As they do so, companies are looking to build stronger partnerships throughout the value chain. In this time of change, technologies such as IoT tags, distributed records via blockchain, automated workflows and insights from AI algorithms can coalesce to increase visibility, accountability and trust among business partners and vendors. With greater trust, it’s easier to implement uniform privacy and cybersecurity controls and standards to help everyone balance security considerations with growth opportunities.
Consider all the ways in which IoT can grow trust among your stakeholders; the stronger your relationships, the less difficult it will be to recover from an incident like a data breach. Improved facilities management – for example, more efficient energy use and waste management – can help to advance sustainability goals and enhance reputation. Predictive maintenance, through IoT’s tracking of machines and systems, can improve customer experience. And better data from tracking products and services across state and national borders can help to engender trust with regulators and tax authorities.
- Make cyberdefense perimeterless: Most manufacturers’ cybersecurity strategies are good at protecting a perimeter, but their networks now go far beyond the enterprise firewall and into environments they don’t directly control. For example, IoT, blockchain, and embedded analytics are transforming manufacturing supply chains from traditional, linear structures into connected ecosystems in which contractors, partners and customers can share and access information across devices and cloud-based applications. A corporate network can now, for instance, extend to employees’ personal routers in their homes.
What you need today is a “zero trust” model, in which no one has the right to admission without proper authentication. Consider a solution like Borderless Data Access Controls (BDAC) that relentlessly asks “who, what, where, why and how” each time anyone tries to gain access to data and infrastructure – from anywhere. With BDAC, everyone across your entire network will have to pass the same virtual “sniff test” in order to earn trust.
A recent PwC Pulse Survey shows that even at this time of cost cutting, business leaders are, rightly, refusing to cut corners with cybersecurity. As companies ramp up cybersecurity, it’s important to invest in new technologies and skill sets that strengthen connections and grow trust across your networks. Together, new technologies and a strong cybersecurity culture can strengthen the human-to-human connections you need to cyber-protect your business.