Great OEMs are focussed on great product, market competitiveness, agility and resilience: cybersecurity is inherent in contributing to these. The recent Crowdstrike incident that affected critical IT infrastructure around the world highlights how essential it is to mitigate against the threats, failures, bugs and glitches that can happen with the increased digitisation of our manufacturing and supply chains.
While the Crowdstrike incident highlights the imperative for good IT health and hygiene — as it was a misguided software update that caused an infamous infinite reboot loop glitch to the BSOD Blue Screen of Death on Microsoft PCs — cyber-criminality and malicious attacks are also on the rise. Your organisation along with its supply chain partners need to be defended and able to mitigate against the detrimental incidents and malicious breaches that can affect production and organisational integrity (intellectual property, assembly and production data, et cetera). Supply chain and production defences are only as good as the weakest link.
Manufacturing is the third most targeted sector (behind only health and financial services) for security incidents and cyber crimes."
— Unit 42, Palo Alto Networks
Increased Digitisation, Increasing Threats
Ransomware risks are growing. The double-edged sword of digital transformation means the immense benefits from these technologies and increased reliance also expose manufacturers to a new range of vulnerabilities that must be attended to. Smart factories, realtime data and interconnected supply chains, IoT tracking and monitoring — these have revolutionised the production supply chain upstream and downstream. They've allowed resource and inventory optimisation, and an agility to be applied to customer demand and product innovation, like never before.
Yet they've also created digital entryways, multiple touch points and opportunities for invasion into company IT systems by malicious actors. According to Sophos, 65% of manufacturers were hit by ransomware in 2023, a 41% increase since 2020. Ransomware can cripple manufacturing production lines, leading to major downtime.
Ransomware case study: Clorox
In 2023, Clorox, a US manufacturer of of consumer and professional cleaning products, was hit by a cyberattack highlighting the stark vulnerabilities of ill-protected digitised manufacturing. Based on 2022 revenue of $1.7B, the suspected ransomware breach (the company never confirmed, but it has the classic hallmarks) cost the company a significant $356 million, crippling automated systems and disrupting operations with major retailers. It contributed to a 20% sales decline and forced an emergency $25 million investment in security upgrades. The incident highlights the critical need for robust digital defences and the cascading effects that operate through interconnected supply networks for OEMs and their supply chain partners.
While third overall in sectors targeted by these malicious attacks, manufacturing is also the most unprepared. It can leave a bitter taste that 6 out of 10 victims in the sector pay the ransom, because these downtime costs are just so high. With figures like this and the potentially lucrative paydays it is understandable that manufacturing is seen by cyber-criminals as a prime target. Everyone in the supply chain needs to up their game to withstand these threats. Multi-layered cyber-security is a necessity, and auditing and collaboration between manufacturing and supply chain partners is necessary to address the issue, and lock perpetrators out.
Smart Manufacturing needs Smarter Defence
IoT and increased automation opens pathways for malicious code and access. By 2030 an estimated 29 billion devices will be connected. When these devices have automated updates, incidents like the Crowdstrike outage can take effect. The Crowdstrike update failure created the biggest IT outage in history, with insurance estimates claiming it cost industry in the Fortune 500 alone more than $5 billion in direct losses.
Nevertheless, platforms like Crowdstrike that protect against malware and malicious attacks are essential to protect and inoculate manufacturing, inventory and supply chain IT systems. The lesson is that cybersecurity isn't just plug-and-play, and needs to be actively managed and coordinated as company's change and grow.
OEMs must contend with an array of cyber threats. Besides ransomware that can paralyse operations and hold information hostage, industrial espionage can threaten manufacturing secrets, or interfere and disrupt production lines. Supply chain attacks exploit and disrupt the delivery of materials and products, along with the cohesion and trust that is carefully fostered and cultivated between manufacturing/supply chain partners.
Industrial control systems, robotics, and inventory control systems often rely on legacy protocols and firmware that are not frequently updated. This needs to be addressed so breaches don't occur through these backdoors and aren't the low hanging fruit picked off by hackers.
Network segmentation, isolation of critical systems, and frequent and diligent updating and upgrading of firmware needs to occur. Robust control and access, including multi-factor authentication and the management of USB and external plug-in devices are hygiene factors which significantly impact and reduce unauthorised access. Security audits, network vulnerability checks and penetration testing are essential to identify and proactively address weaknesses.
Malicious actors are starting to use AI to test and attack systems, so robust security protocols and the use of AI cyber tools as counter-measures for smarter defence are vital, not an optional nice-to-have.
Tighter Security for Data Intelligence
Locking your digital assets and systems tighter for IP and data intelligence security is essential against cyber-criminality and malicious actors including state-sponsored sabotage. Initiatives like the EU's Cyber Security Solidarity Act and ECSO to promote better standards and best practices to build more secure manufacturing environments and supply chain systems help manufacturers with a pathway to good cybersecurity. But organisations also need their own in-house strategies. The UK Government itself in recent policy documents has emphasised that cyber-security and resilience is the responsibility of organisations themselves. The European CRA Cyber Resilience Act is expected to be finally adopted in November 2024, and should be on manufacturer's roadmap for policy implementation.
Enhancing Cybersecurity in Manufacturing: A Strategic Approach
Manufacturing-Specific Cyber Risk Assessments
Implementation of bespoke evaluations relevant to your production and assembly environment that identify vulnerabilities unique to your manufacturing process. Measures may well include penetration testing, application security reviews, and customised scenario-testing, simulating industry-specific threats.
Supply Chain Cybersecurity Integration
Regularly conducting comprehensive audits of third-party IT dependencies and data flows. Focus on how your organisation protects and secures intellectual property, shields industrial control systems from malicious access, and safeguards connected products across the supply network.
Robust Incident Response Planning
Developing and testing of a bespoke cyber incident response plan relevant to your organisation. With regular simulations to ensure team readiness, and fully validate the effectiveness of policy implementation and planned response to real-world scenarios.
Rapid Incident Response Capabilities
Establishing on-going best behaviour and protocols for network security among personnel, and planned access to cybersecurity experts for swift investigation and recovery from from cyber attacks to minimise production downtime and operational disruptions.
Fostering a Security-Conscious Culture
Application of targeted training programs and streamlined multi-layered security procedures. Foster awareness among employees to recognise and report potential cyber threats, particularly related to phishing and data protection.
Stronger Partnerships require Strengthened Connections
Addressing risk across the supply chain presents its own unique set of challenges that require careful consideration and informed strategy. As manufacturers and supply chain partners become more digitised and share more data for increased effectiveness, they need to coordinate cyber-security initiatives and prepare for increased compliance measures so they can do business securely and effectively.
According to Gartner, by 2025, 45% of organisations worldwide will experience supply chain software attacks.
What are the most common supply chain attacks that need addressing?
The potential attack vectors and weaknesses between supply chain partners, suppliers and OEMs is considerable. Legacy systems may contain vulnerabilities, implementation of patches and upgrades provide a more secure software environment. Zero-day exploits — those as-yet undiscovered or unexploited vulnerabilities in software and cloud platforms — can be mitigated against through robust data back-up and storage, so systems can get back on-stream faster and with more integrity.
Open source software has source code updated on universally available software repositories like Github. These code repositories (where only 11% of open source projects are actively maintained) can be breached by hackers and malicious code added, or their code can be examined for vulnerabilities for malware to take advantage of. Sonatype reported 96% of known-vulnerable open source downloads are avoidable, with teams receiving a 2x efficiency boost when better upgrade and data security recommendations are implemented.
SSO (single sign-on) is frequently used by organisations to streamline systems access and implement across the board frontline security. But SSO attacks are increasing. High profile companies such as Rolls Royce, BMW and Mercedes have experienced breaches due to improperly configured SSO protocols or through exploitation of malicious link-clicking. Making sure SSO is implemented correctly and employees are aware of phishing is crucial.
Especially in connected environments where IoT is implemented for efficient inventory management or assembly, management of physical access and the use of clean, 'vetted' plug-in devices free of malware is imperative. Personnel cyber security awareness is essential to minimise this vector of attack.
The flooding of systems with massive amounts of data and traffic can create DDOS (distributed denial of service) attacks to organisational digital infrastructure. They can prevent normal uses accessing systems, or the breakdown of normal system running so hackers can bypass normal security restrictions. Security software which denies botnet or traffic flooding from a variety of IPs, or that can be configured to only allow access from restricted, vetted IP traffic and 'trusted zones' can help systems survive these waves of attack and keep digital infrastructure running.
The implementation of zero-trust architecture that allows only authorised remote access, or fully configured authentication, along with extensive continuous network monitoring methods can help OEMs best prepare and defend themselves and their supply chain from cyber threats.
Working with supply chain partners who realise, implement measures and defend themselves against these threats helps create a locked down network environment and protected digital supply chain environment for all actors within it. At Acorn, it is something we are crucially aware of and take measures to be the best secure supply chain partner for our clients.
Learn about our sustainability and ethics
Acorn work with OEMs to provide a secure, trusted and resilient supply chain. We work to the highest ISO standards and compliance environments. Learn more about our ethos and values.
