Manufacturing Cyber Security

The fourth industrial revolution (also known as Industry 4.0) is taking the emphasis on digital technology to a whole new level with the help of interconnectivity through the Internet of Things (IoT), access to real-time data, and the introduction of cyber-physical systems.

Whilst industry 4.0 offers a comprehensive, interlinked and holistic approach to manufacturing, securing modern manufacturing equipment is one of the most difficult information security challenges for IT professionals and engineers.

Manufacturing Equipment Security Risks

Manufacturing equipment is often produced in low volumes. The low volume and often bespoke nature of the equipment means that little (if any) active security research is performed on the equipment’s computer systems with the result that updates to the equipment’s software are at best infrequent.

The lack of software development for manufacturing equipment, makes it difficult to apply security patches to the equipment’s computer systems.

This is often to due to incompatibilities between the bespoke software and the new updated libraries or operating systems, with the result that cyber security vulnerabilities accumulate in the manufacturing equipment over time.

Very often the mechanical lifetime of a machine far exceeds the lifetime of its associated computer systems. It can be very difficult for a company to justify the replacement of well maintained equipment that is operating with a high operational efficiency simply because it’s control systems are outdated.

It is not uncommon to encounter business critical production equipment in modern, high tech manufacturing facilities that are running on unsupported, insecure operating systems such as Windows XP or even Windows NT.

The Manufacturer's Dilema

IT professionals are often faced with the difficult situation where critical equipment cannot be patched, upgraded or retired and must be kept operational despite containing security vulnerabilities that make them an easy target for potential attackers.

Many IT professionals make the decision to remove manufacturing equipment form the business network. This prevents attackers from gaining a foothold on the business network if the manufacturing system is compromised.

Whilst segregating vulnerable manufacturing systems protects the business network, it often makes the manufacturing system more vulnerable to attack as it often removes the associated security governance (ownership, oversight and accountability) and protective technologies that are deployed across the business network.

Moreover, the burden of responsibility shifts from the experienced IT professionals managing the business network to engineers or operations personnel who are inexperienced in IT security management.

Key Sigma Manufacturing Security

A one size fits all approach is not the best strategy for manufacturing equipment as each asset has its own:

Risks and vulnerabilities
Data confidentiality, integrity and confidentiality requirements
Connectivity requirements
Uptime requirements

The security controls should be tailored to each piece of equipment based on the equipment’s risks and requirements.

Key sigma are a unique blend of lean six sigma black belts, chartered process engineers and security professionals who have secured the production lines of some of the world’s largest manufacturers.

We have an unrivalled combined knowledge of maunfacturing and information security and intimatley understand the challenges that manufacturing equipment poses and how to keep your production line secure and operational.

Please don’t hesitate to contact us to discuss your manufacturing security requirements with our team!