Facebook Twitter Instagram
    Today’s Machining WorldToday’s Machining World
    • Swarfblog
    • Podcast
    • Industry News
    • Videos
    • About
    • Advertise
    • Back Issues
      • Editor’s Notes
      • Featured Stories
      • Forum
      • How it Works
      • Lloyd Graff’s Afterthought
      • Reviews
      • Shop Doc
      • Interviews
      • Magazine Back Issues
    • Subscribe
    • Contact
    Today’s Machining WorldToday’s Machining World
    Home»Podcast»Defending Your Manufacturing Company From Cyber Attacks, with Drew Phillips–EP 162
    Podcast

    Defending Your Manufacturing Company From Cyber Attacks, with Drew Phillips–EP 162

    Noah GraffBy Noah GraffAugust 26, 2022Updated:September 1, 20226 Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Are you vaccinated against the Virus? 

    Is your computer system prepared for the inevitable attack?

    Today’s podcast discusses the scary reality that manufacturers are the number one target of cyber attacks around the globe. Manufacturing companies are at risk for ransomware and intellectual property theft. It’s even possible for hackers to take control of a factory’s machine tools remotely.

    I interviewed Drew Phillips, senior systems integration engineer at MxD (Manufacturing x Digital), a company that helps US manufacturers secure their facilities from cyber attacks.

    Scroll down to read more and listen to the podcast. Or listen on your phone with Google Podcasts, Apple Podcasts, Spotify, or your favorite app.
    Listen on Apple Podcasts   Listen on Google Podcasts   Listen Spotify
    Follow us on Social and never miss an update!

    Facebook: https://lnkd.in/dB_nzFzt
    Instagram: https://lnkd.in/dcxjzVyw
    Twitter: https://lnkd.in/dDyT-c9h

    Main Points

    Hacking Methods

    In 2019, manufacturing was the 10th largest industry targeted by hackers worldwide, but in just three years it has become the number one target. Today it is easier to steal intellectual property than ever before because all of our sensitive information is located on central computers. 

    Often hackers use ransomware, with which they hold intellectual property hostage in exchange for money. 

    Even if a manufacturer is not hacked, it can still be harmed if another company in its supply chain is hacked. This makes manufacturing companies vulnerable and attractive targets for hackers.

    One of the most famous ransomware hacks was the WannaCry hack in 2017, originating in North Korea. It spread to 150 countries around the world, infecting more than 200,000 computers and stopping production at Nissan in England for several days.

    Hackers can control a shop’s machine tools remotely

    The most notorious example of a of hack taking control of a machine tool is known as Stuxnet. In 2010, a malicious computer worm, allegedly created by the United States and Israel, attacked Iranian nuclear centrifuges, causing them to tear themselves apart. Many people say this was the first known example of a hack specifically designed to take control of machine tool PLCs. 

    Drew says that the code for the worm still remains on the dark web. Cyber criminals could employ it or some other hack to take control of CNC machines anywhere in the world.

    Methods Hackers Employ

    Often Hackers use phishing attacks, such as getting people to open malicious links in emails, which then trick them into entering passwords. There are a myriad of other ways that hackers employ to steal passwords or entice computer users to accidentally download malicious files that can infect an entire network.

    Hackers even leave thumb drives containing viruses in parking lots, hoping people will pick them up and plug them into their computers. 

    Cybersecurity Best Practices

    Official best practices in cybersecurity is known as NIST, National Institute of Standards and Technology. NIST has a cybersecurity framework with five tenants; identify, protect, detect, respond, and recover. 

    Identifying is essential because you can’t protect what is on a system if you don’t know what is there in the first place. 

    It’s very difficult to detect a cyber attack, which magnifies its danger. The World Economic Forum’s 2020 global risk report said that the rate of detection of an attack was .05% in the US—only 5 of 10,000 cyber attack cases detected.

    MxD’s Assistance for Companies 

    MxD shares best practices that its own facility has implemented. It provides manufacturing companies with a questionnaire so companies can evaluate their cybersecurity standards.

    It also has a cybersecurity marketplace, in which it advises companies where to get cybersecurity solutions.

    Drew Phillips says MxD’s mission is to help  manufacturing companies improve and innovate in their operations. 

    The organization is dedicated to educating manufacturers about their return on investment in cybersecurity because being hacked is not a matter of if, but a matter of when—when cyber criminals find one moment of weakness

    Check out MxD’s booth at IMTS 2022, or go to their website to learn more.

    Question: How have you taken steps to defend your company against cyber attacks?

    Podcast: Play in new window | Download

    Subscribe: RSS | More

    business cnc machines cyberterrorism digital drew phillips intellectual property iot machine shop machine tools machining manufacturer manufacturing mxd precision machining productivity ransomware
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Noah Graff

    Related Posts

    Can AI Replace Your Shop’s Smartest Machinist?, with Riley Hutchinson-EP 242

    May 6, 2025

    The College Myth

    May 1, 2025

    Should I Buy the Expensive or Cheaper CNC Machine? With Justin Tauber–Ep. 159

    April 29, 2025

    How to Sell a Commodity with Soul, with Mike Pelham–EP 241

    April 22, 2025

    6 Comments

    1. Mike Mendenhall on August 29, 2022 3:15 pm

      Looks like keeping our machines and computers that we use for programming off of the internet is the safest way to protect our shops. Is all of this industry 4.0 stuff making business less safe?

      • Federico Sciammarella on August 30, 2022 8:55 am

        Mike,

        That certainly has been the approach of the past but will no longer work as attacks can also happen with thumb drives. Industry 4.0 enables manufacturers to put the “continuous” back into continuous improvement. Certainly it increases the threat surface but the benefits far outweigh the risks. You can learn more about what we do at https://www.mxdusa.org/ we are at your service!

        • Noah Graff on August 30, 2022 1:31 pm

          Thanks for commenting Federico! I hope I got most of this right!

      • Noah Graff on August 30, 2022 1:30 pm

        Yes. If you listen to the interview, Drew says that back in the day the only way to steal part drawings was by actually breaking into a building and cracking a safe. A much more interesting time for espionage I think!

    2. Gordon Erickson on August 30, 2022 12:29 pm

      You cant do enough for sure, and I will definitely check out your website for sure.

      Emails need to go through a spam filter, we use AppRiver
      You need a sonic wall to bounce the predators at the door that try to get in by IP address
      You need something like Symantec to constantly scan for viruses
      Windows defender should be running
      A daily scan with either malware bytes or super anti spyware will keep you from getting bogged down by all the cookies you get that you don’t even realize
      Multiple backups both onsite (quick retrieval) and offsite (safer, but if you need to restore something, more cumbersome) are critical. And since no one can afford a full backup every day forever, making a monthly one with critical stuff is important in case someone’s virus fires off in say, 3 weeks and you can only store 2 weeks of complete backups.

      Finally, and possibly most important, you have to train every person to recognize not to click on every attachment that gets through. Some will slip through, even if you have multiple tiers trying to stop them, so this is by far the most important. There is a company called Knowbe4.com that can help with this if you don’t have a training program in place.

      All this, and you are still vulnerable. The interesting part is no one who would set up this program for you will take any responsibility for the costs associated with whatever happens when something slips through, so be careful who you work with; Its not their problem even if you pay for it. Be sure you ask this question every time someone offers managed services, helps weed out future problems.

      • Noah Graff on August 30, 2022 1:27 pm

        Thanks for the comprehensive analysis, Gordon!

        You always are so engaged with what we are talking about.

        Sounds like you are a lot more prepared than we are!

    Graff Pinkert

    Join Email List

    Subscribe to the Swarfblog

    Lists*

    Facebook Twitter Instagram
    © 2025 Today's Machining World

    Type above and press Enter to search. Press Esc to cancel.