CYBERSECURITY IN U.S. CRITICAL INFRASTRUCTURE: CRITICAL MANUFACTURING

The critical manufacturing sector is foundational to a thriving economy. The population relies on manufactured goods from across the world to run companies, care for family, eat, drive, and for daily life in general.

While financial institutions, healthcare organizations, and other industries have been forced to confront cyber threats, companies in critical manufacturing spent most of the last decade unconcerned about potential Internet-based attacks. During that period, the general lack of connectivity between manufacturing companies and the Internet-facing world created a cushion between them and cyberattacks. Manufacturing companies also believed – incorrectly – that they didn’t have much to offer digital thieves.

But the technology these companies use has evolved, with much more of it facing the Internet. Manufacturers increasingly rely on Internet connectivity to function. Their endpoints are proliferating at a steady clip.

Manufacturers are now paying the price for their lack of preparation. As they become more networked, myriad security vulnerabilities through various endpoints have made critical manufacturing companies ideal for ransomware gangs. In a recent paper, Dr. Carnell Council, CISSP, and Zachary Curley, CIPP/US, CISM, AT&T cybersecurity consulting, explored ransomware’s impact on the manufacturing industry. They wrote that developments in operational technology (OT) have seen many systems “become digital across business operations and production floors to manage processes and equipment.” These systems are also automated and managed by sensors that relay information to both machinery and computers on the system and facilitate the transfer of data.

“Yet, with manufacturers incorporating these highly connected systems, there is an avenue for hackers to modernize their ransomware tactics and launch attacks directly to these systems if risks are not properly addressed,” they wrote. “If successful, a ransomware attack may have the capability to disrupt the manufacturer to the point where operations are brought to a halt. “

Critical manufacturing companies have witnessed their fair share of attacks in recent months, and the authors concluded that these should act as a wake-up call for decision-makers to act and implement security best practices.