With the slow but steady growth of the US economy, and similar growth in many other countries, the global manufacturing sector is starting to see growth for the first time in many years. As with any industry, increased growth means increased dollars, which means increased attempts at security breaches. Unlike retail and healthcare, manufacturing has some unique issues that aren’t tied to the theft of personal data. For manufacturing, the concerns break down into three main areas:
Each of these areas represents unique concerns that can have a lasting impact not only on the targeted company, but on the economy and security of the nation and the world as a whole.
Intellectual Property Theft
For many manufacturers, the patents and products they develop are the lifeblood of the company. Creating new products and maintaining the intellectual property rights to those products already developed ensure continued revenue streams that fund the ongoing development of newer ideas into fully realized products for sale. Additionally, companies may develop new algorithms and trade secrets that give them a competitive edge. Protecting this information then is essential to these companies ensuring their continued livelihood.
For an attacker, the technical data behind a product can be a lucrative target for a variety of reasons. Rival companies potentially might pay exorbitant amounts to be able to gain access to confidential plans and possibly submit patents ahead of their competitors. Companies that develop manufactured good for the military may find this type of information on their products targeted, as could provide rival nations or groups with valuable intelligence on the newest tools used by their enemies. Rival companies may seek to learn the manufacturing techniques other companies use to give themselves an advantage in product development. Due to this, protecting intellectual property is a unique challenge faced by the manufacturing sector.
Once a product is developed, the plans can move to a variety of locations. New patents can need to be filed. Testing needs to be done before a product is ready to manufacture. For any number of reasons, this kind of data can be used and moved around to a variety of locations, and if at any point in this process, the plans are altered, the results can be costly if not disastrous. These types of changes can happen at any point in the life of data, from when it originates until when it is used, and organizations need to protect the data at all times from this kind of manipulation, or risk significant losses.
If a plan is successfully altered and the alteration isn’t detected, the product could go into production with this alteration potentially causing faulty products to be made. Since the actual process of designing and building a production facility can be costly and time-consuming, no manufacturer wants to need to modify a production line after it is put into place. The faulty product could even potentially endanger consumers who unknowingly use the altered product.
With this potential cost, it is not too difficult to imagine why an attacker may choose this method of attacking a manufacturer. A rival company could seek to destroy the reputation of the target company, or nation states may take action against their enemies’ defense manufacturers. The effects of a data alteration can be catastrophic, but also hard to detect, making it an ideal attack method.
Outside Interference in the Manufacturing Process
Though many people picture manufacturing as a dated industry using older machines to build products, modern manufacturing involves many of the same technologies used in any other sector of the economy. Modern machine shops use various machines that are often all networked together to the same networks that office computers operate on, allowing for the easy transmission of plans and programs to the machines as they manufacture products. With the increased convenience of this new technology comes an increased vulnerability to tampering with the manufacturing process.
With each new manufacturing device added to a network, new vulnerabilities may be presented that could be used by an attacker to either gain access to a company’s network or to directly interfere with the manufacture of a product. Depending on the type of machine, an attacker may be able to damage the machine and cost the target company thousands of dollars, if not millions.
Protecting Manufacturing Companies
With the unique challenges faced by manufacturers, solutions need to be developed and implemented to protect important data and processes from outside attack and interference. Though manufacturing is often said to be vital to the health of the economy, very little regulation exists concerning information security in the manufacturing sector, and so it is often up to companies themselves to figure out the best ways to begin protecting themselves.
Some basic steps that any company should undertake include performing a risk assessment to gain an understanding of the specific risks in their environment and controls that they already may have in place to protect their assets. Based on this knowledge, a company may need to segment their network to properly separate various sections with added security. Manufacturing companies may also wish to perform a full scale data discovery, locating where their most vital data is kept and how securely it is held, followed by a data classification to identify the levels of protection needed for each piece of data.
As with any security concern, the problem is never going to just go away. As more money and resources are tied up in developing and manufacturing new technology, the targets only become more valuable to attackers, and companies need to take a proactive approach to the matter and protect themselves before the breach, not after.