Are you vaccinated against the Virus?
Is your computer system prepared for the inevitable attack?
Today’s podcast discusses the scary reality that manufacturers are the number one target of cyber attacks around the globe. Manufacturing companies are at risk for ransomware and intellectual property theft. It’s even possible for hackers to take control of a factory’s machine tools remotely.
I interviewed Drew Phillips, senior systems integration engineer at MxD (Manufacturing x Digital), a company that helps US manufacturers secure their facilities from cyber attacks.
In 2019, manufacturing was the 10th largest industry targeted by hackers worldwide, but in just three years it has become the number one target. Today it is easier to steal intellectual property than ever before because all of our sensitive information is located on central computers.
Often hackers use ransomware, with which they hold intellectual property hostage in exchange for money.
Even if a manufacturer is not hacked, it can still be harmed if another company in its supply chain is hacked. This makes manufacturing companies vulnerable and attractive targets for hackers.
One of the most famous ransomware hacks was the WannaCry hack in 2017, originating in North Korea. It spread to 150 countries around the world, infecting more than 200,000 computers and stopping production at Nissan in England for several days.
Hackers can control a shop’s machine tools remotely
The most notorious example of a of hack taking control of a machine tool is known as Stuxnet. In 2010, a malicious computer worm, allegedly created by the United States and Israel, attacked Iranian nuclear centrifuges, causing them to tear themselves apart. Many people say this was the first known example of a hack specifically designed to take control of machine tool PLCs.
Drew says that the code for the worm still remains on the dark web. Cyber criminals could employ it or some other hack to take control of CNC machines anywhere in the world.
Methods Hackers Employ
Often Hackers use phishing attacks, such as getting people to open malicious links in emails, which then trick them into entering passwords. There are a myriad of other ways that hackers employ to steal passwords or entice computer users to accidentally download malicious files that can infect an entire network.
Hackers even leave thumb drives containing viruses in parking lots, hoping people will pick them up and plug them into their computers.
Cybersecurity Best Practices
Official best practices in cybersecurity is known as NIST, National Institute of Standards and Technology. NIST has a cybersecurity framework with five tenants; identify, protect, detect, respond, and recover.
Identifying is essential because you can’t protect what is on a system if you don’t know what is there in the first place.
It’s very difficult to detect a cyber attack, which magnifies its danger. The World Economic Forum’s 2020 global risk report said that the rate of detection of an attack was .05% in the US—only 5 of 10,000 cyber attack cases detected.
MxD’s Assistance for Companies
MxD shares best practices that its own facility has implemented. It provides manufacturing companies with a questionnaire so companies can evaluate their cybersecurity standards.
It also has a cybersecurity marketplace, in which it advises companies where to get cybersecurity solutions.
Drew Phillips says MxD’s mission is to help manufacturing companies improve and innovate in their operations.
The organization is dedicated to educating manufacturers about their return on investment in cybersecurity because being hacked is not a matter of if, but a matter of when—when cyber criminals find one moment of weakness
Check out MxD’s booth at IMTS 2022, or go to their website to learn more.
Question: How have you taken steps to defend your company against cyber attacks?
Podcast: Play in new window | Download
Looks like keeping our machines and computers that we use for programming off of the internet is the safest way to protect our shops. Is all of this industry 4.0 stuff making business less safe?
That certainly has been the approach of the past but will no longer work as attacks can also happen with thumb drives. Industry 4.0 enables manufacturers to put the “continuous” back into continuous improvement. Certainly it increases the threat surface but the benefits far outweigh the risks. You can learn more about what we do at https://www.mxdusa.org/ we are at your service!
Thanks for commenting Federico! I hope I got most of this right!
Yes. If you listen to the interview, Drew says that back in the day the only way to steal part drawings was by actually breaking into a building and cracking a safe. A much more interesting time for espionage I think!
You cant do enough for sure, and I will definitely check out your website for sure.
Emails need to go through a spam filter, we use AppRiver
You need a sonic wall to bounce the predators at the door that try to get in by IP address
You need something like Symantec to constantly scan for viruses
Windows defender should be running
A daily scan with either malware bytes or super anti spyware will keep you from getting bogged down by all the cookies you get that you don’t even realize
Multiple backups both onsite (quick retrieval) and offsite (safer, but if you need to restore something, more cumbersome) are critical. And since no one can afford a full backup every day forever, making a monthly one with critical stuff is important in case someone’s virus fires off in say, 3 weeks and you can only store 2 weeks of complete backups.
Finally, and possibly most important, you have to train every person to recognize not to click on every attachment that gets through. Some will slip through, even if you have multiple tiers trying to stop them, so this is by far the most important. There is a company called Knowbe4.com that can help with this if you don’t have a training program in place.
All this, and you are still vulnerable. The interesting part is no one who would set up this program for you will take any responsibility for the costs associated with whatever happens when something slips through, so be careful who you work with; Its not their problem even if you pay for it. Be sure you ask this question every time someone offers managed services, helps weed out future problems.
Thanks for the comprehensive analysis, Gordon!
You always are so engaged with what we are talking about.
Sounds like you are a lot more prepared than we are!