Industrial and manufacturing companies do not consider themselves a lucrative target for cyber criminals and thus, not surprisingly, have taken fairly minor measures to secure their systems. After all, they don’t handle large volumes of online transactions, nor do they have databases filled with the details of millions of customers. It also doesn’t seem like this sector should be greatly threatened by nation-state hackers; sabotaging a factory or power plant could hardly impact a tense diplomatic conflict.
Well, the hackers don’t seem to agree anymore.
A Kaspersky Labs report published in early October states that in the first half of 2017, manufacturing companies were the most susceptible to cyber threats: their computers accounted for about one third of all attacks. But why are threat actors targeting this sector, and why now?
As demonstrated time and again during 2017, sophisticated attackers such as cybercrime groups, nation states, etc. are no longer interested in the immediate gain of stealing or extorting money, nor in stealing volumes of low-profit PID like user details and credit card numbers. Instead, they are now after intellectual property (IP).
Having targeted academia, the defense industry and the financial sector, they are now focusing on more traditional industries such as manufacturing. These corporates are less advanced in terms of cybersecurity and usually only concerned with securing their OT environment (ICS security). Hence, they mostly neglect IT security, and unknowingly allow themselves to be easy targets.
Stolen IP can be used for either purely commercial means (ex. copying a successful product) or to gain an advantage in negotiations and trading.
Here are some recent examples:
In October, the U.S. government issued a rare public warning that sophisticated hackers were targeting energy and industrial firms, a clear signal that cyberattacks present an increasing threat to the power industry and other public infrastructure. A similar warning was issued in the UK regarding the petrochemical sector.
One example of these targeted attacks comes from Japan, where a Chinese hacking group called “Bronze Butler” has been targeting Japanese heavy industry since 2012. The group has focused on exfiltrating IP and other confidential data from Japanese companies involved in critical infrastructure, heavy industry, and manufacturing. Korean electronic manufacturing companies have suffered similar attacks aiming to steal IP and blueprints.
Such attacks are not exclusive to Asia. In a similar attack, technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in Germany, allegedly also by Chinese hackers.
And finally, when hackers aim to disrupt or sabotage, the damage they can inflict on manufacturing facilities can be staggering. This was demonstrated by a cyberattack on a German steel mill that resulted in the company’s inability to shut down the furnace and prevent a meltdown, which luckily did not claim any casualties.
What Can and Should Be Done?
First and foremost, companies in the manufacturing sector must realize that they can no longer ignore this very concrete threat. As a business that lives or dies on continuous operation, being knocked offline and shutting down production lines due to cyberattacks is an unacceptable risk. You also simply cannot risk giving away your precious blueprints, secret formulas and unique assembly processes to threat actors. This type of IP theft makes it simple for an industrial thief to design a product comparable to your own. Furthermore, because the criminals do not have to incur the massive costs that you invested in R&D, they can sell their ripoff product at a much lower price, cutting both your competitive advantage and margins.
Secondly, manufacturing facilities must invest in both OT (also known as ICS or SCADA security) and IT security. Failing to secure the former could result in disruption to production, and failing the latter can both cripple the organization due to logistics downtime (imagine having to ship finished goods when your ERP system is offline) and result in the theft of your precious IP.
I would recommend consulting and implementing the U.S. NIST cybersecurity framework for manufacturing, as it is very comprehensive and methodical.
Finally, the manufacturing sector is not known for having great IT resources (it certainly can’t compete with the financial sector or government for cybersecurity talent), so companies are not likely to have sufficient manpower to address these threats. Therefore, they should invest in modern technologies that emphasize automation and artificial intelligence to allow them to cope with the scope and complexity of advanced threats. These cybersecurity solutions must obviously not obstruct operational processes, so should rely on data processing instead of deploying physical appliances in a real production environment.
Given the imminent risk, it is crucial that manufacturers plan ahead and allocate sufficient budgets and resources to close this gap in 2018.
Gilad Peleg is CEO of SecBI.