Cybersecurity: Much Work Remains

Jan. 17, 2017
Though awareness of cybersecurity among manufacturers has increased dramatically over the past five years, a great deal of work remains to be done to ensure the safety of automation systems from internal and external cyber threats.

First, the good news: An increasing number of manufacturers are awakening to the threat of cybersecurity. This is a pretty big deal considering that, just a few years ago, most manufacturers outside of critical industries did not perceive themselves to be a potential target for cybersecurity attacks. According to a recent study conducted by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI), two-thirds of manufacturers have conducted a cyber risk assessment of their industrial control systems (ICS).

Now, the bad news: Nearly one-third of manufacturers have not performed any cyber risk assessments of their ICS. Potentially more concerning is the fact that nearly two-thirds of the manufacturers responding to the Deloitte/MAPI survey indicating that they had performed ICS cyber risk assessments, did so by using internal resources. This leaves their assessments open to an array of internal biases.

The results of the Deloitte/MAPI survey are worthy of notice considering that the results are based on responses from 225 cyber risk executives at manufacturing firms ranging from industrial equipment, computer hardware and electronics manufacturers to suppliers of automation technology and consumer appliances. In addition, 39 percent of respondents had experienced a cyber incident in the last 12 months—meaning that cybersecurity issues are not an abstract threat for many of them.

Other results from the survey that indicate the high level of cybersecurity protection work that remains for most manufacturers include:

* 43 percent of manufacturing executives said they rely on air gapping to isolate their facilities from outside networks. The Deloitte/MAPI survey report notes, “Although air-gapping is a common approach to ICS security, when companies actually take the next step to test that strategy, they often find it is a fallacy. Since many manufacturers have not tested or monitored this control or conducted a thorough inventory of connected assets, live network access points, especially easy-to-install wireless access points, can remain hidden from view.”
* Half of the respondents perform targeted vulnerability or penetration tests on their ICS less than once a month.
* More than one-quarter of respondents note that their incident response programs do not include operational technology (OT) in those plans. In other words, their cybersecurity response programs only address front office IT systems and not the plant floor.
* 25 percent of responding companies do not develop, implement or document ICS-specific policies and procedures.

The takeaway for readers is to realize that, although a lot of positive work has been done to address industrial cybersecurity issues, much work remains—especially when it comes to plant floor automation and control systems. See the Automation World articles below for more information about how your peers are addressing their cybersecurity concerns.

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...

How to Improve Production Accountability in Manufacturing

David Greenfield, Automation World's Editor-in-Chief, and Shalli Kumar, founder of EZAutomation, discuss the idea of production monitors: a preprogrammed PLC/LED display that ...

HALT/HASS: The Ultimate Test for Reliability

Discover how companies like EZAutomation push the limits of reliability with HALT/HASS testing, originally designed to mimic the extreme conditions of space shuttle launches. ...

Your Next Production Monitor Is Only a Few Clicks Away

Shop for your very own EZ Production Monitor. It's designed for non-technical staff, so there's no programming required! It combines pre-coded firmware, real-time data, and WiFi...