Trillion dollar downtime. Smart factories. Sophisticated threats. Welcome to the world of data security in manufacturing.
Worldwide, manufacturers produce immense value every year. In the United States alone, manufacturing contributed $2.3 trillion to the national GDP in 2021.
But the sector is also plagued by a rising number of unique challenges, threats, and cyberattacks. Take, for instance, the 2021 REvil ransomware attack that shut down the servers at JBS meatpacking plants and cost $11 million in ransom payments alone. Or consider the 2022 LockBit ransomware attack on Bridgestone tires, the 2022 Conti ransomware attack on wind turbine producer Nordex, and many more.
With the average cost of one of these manufacturing cyberattacks hitting nearly $4.5 million, we’re taking a closer look at the data security landscape in manufacturing. What are the top challenges? What are the most prevalent threats? We’ll explore them all below.
Manufacturing: a top target for cyberattacks
First, it’s important to note that the manufacturing industry is being hit particularly hard by cyberthreats. Manufacturers were the top target for cyberattacks among all industries worldwide in 2022, with nearly 25% of total attacks.
Although ransomware is the most common attack type, manufacturers face a wide range of different data security risks, from IP theft and operational sabotage to supply chain attacks on vendors. A combination of older equipment, increasing interconnectivity, long supply chains, and high revenue make manufacturers an ideal target for malicious actors.
The staggering cost of factory downtime
It used to be that only power outages or physical damage at a facility could cause downtime. Now, though, online threats can take factory machines offline — and the consequences are immense.
One report notes that the average cost of downtime in manufacturing is $532,000 per hour. The highest losses can be seen in the automotive sector, where downtime costs an average of $1.3 million per hour.
But other types of facilities can also experience major setbacks. From mines and oil refineries to plants for consumer packaged goods (CPG), factories are losing 3.3 million hours a year to unexpected shutdowns. And those hours add up. Cumulatively, the manufacturing sector is estimated to lose $864 billion a year to unplanned downtime.
Despite the magnitude of this lost revenue, studies show that many manufacturing facilities still underestimate their downtime by up to 300% — while also overestimating their safety from common cyberthreats.
New malware for industrial control systems
Although malware is a perennial problem for manufacturers, its new variants are increasingly dangerous. In 2022, the cybersecurity company Dragos announced the discovery of a modular malware tool designed to cause serious destruction against utilities companies and critical infrastructure in the US and Europe.
Developed by the suspected nation-state hacking group Chernovite, the malware is called Pipedream and has the ability to attack industrial control system (ICS) environments across various sectors.
“You could put it in a data center. You could put it in a wind farm, you could put it in an oil and gas refinery, on an offshore rig,” said Dragos CEO Robert M. Lee. “You could put it targeting drones and the control system aerial packages and servo motors and similar on aerial vehicles.”
Pipedream was serious enough to warrant a joint alert by the FBI, NSA, CISA, and US Department of Energy, who warned that the ICS-specific malware offers customized tools for scanning, compromising, and controlling devices. It heralds the rise of increasingly sophisticated and adaptable malware tools, a growing threat for the manufacturing industry.
Old malware for legacy systems
Unfortunately, new malware techniques are not the only challenge facing operational technologies. While novel variants receive most of the attention, old variants can still pose a significant threat.
That’s partly because older malware has largely dropped off the radar of IT teams. Variants like Conficker and WannaCry have been around for long enough that most systems and networks have been patched and effectively immunized against them. But that’s not the case for many OT environments, which may be running obsolete software and legacy technologies.
For instance, research shows that the Conficker worm, which first emerged in 2008, is particularly effective against the kinds of unpatched Windows XP machines that are common in OT environments.
Even when security teams are aware of these older malware threats, remediation poses a unique challenge. Implementing a patch may be next to impossible on a legacy system that lacks the memory and process power for even a simple antivirus solution. If it is possible, it will still require hours or even days of costly downtime to implement.
OEM vulnerabilities in the automotive industry
According to Deloitte, the Cybersecurity and Infrastructure Security Agency (CISA) has cataloged over 1,200 operational technology security issues and vulnerabilities from a survey of just 300 OEMs. That’s cause for concern because cyberattacks on OEMs present a triple threat.
First, there’s the issue of supply chain attacks. OEMs can be targeted specifically for their access to larger, higher-revenue companies, with adversaries using them to gain entry to a whole network of victims.
Second, there’s the issue of consumer safety, which is of particular concern in the automotive industry. More and more vehicles are being equipped with IoT-enabled devices that control everything from temperature control to navigation systems. If these devices are compromised by malware during the manufacturing process, the results can be catastrophic: sudden accelerations, remote brake activation, unexpected airbag deployment, and more.
Finally, there’s the issue of compliance. Because of their importance in the global economy, automotive OEMs must adhere to cybersecurity regulations like WP29 from the United Nations Economic Commission for Europe (UNECE) and ISO/SAE 21434 from the International Standard of Organization (ISO) and the Society of Automotive Engineers (SAE). Under these regulations, OEMs are obligated to ensure strong cybersecurity practices at all times.
Growth of DDoS attacks
Although manufacturers might not seem like a top target for distributed denial-of-service (DDoS) attacks, they can still be affected indirectly by outages. For example, when DDoS attacks hit the hosting providers and cloud services that the sector increasingly relies on, companies can lose availability for vital data and systems. These attacks are on the rise, threatening the loss of internet connectivity, critical manufacturing data, and more.
DDoS attacks can also be directed at industrial control systems (ICS). Just a small amount of malicious traffic can be devastating to the equipment in a factory — and it can be difficult to detect until it’s too late. Ensuring high availability for critical data and for backups is key to mitigating this threat.
Rising data security risks for “smart factories”
The factories of the future are going to look much different than today’s facilities. According to a Deloitte report, manufacturing is evolving from a linear, sequential supply chain to an “interconnected, open system of supply operations” that functions as an adaptable digital network.
The sector is already adopting some smart technologies piecemeal. Eventually, we will see fully connected, flexible systems that can adapt to manufacturing obstacles and consumer demands in real-time. According to Deloitte, these “smart factories” will be able to digitize many systems that are currently manual for a more agile operation with less downtime and more efficiency. They are expected to help companies achieve 20% improved efficiency with assets, 30% improved product quality, and 10% improvement in safety and sustainability.
Despite the many advantages of the smart factory, though, its additional technologies and interconnectivities will present major data security challenges. Real-time data analysis and monitoring systems will be vulnerable to tampering and ransomware, and a broader supply network will open companies up to more supply chain attacks.
So, while the technological advances in the manufacturing sector are likely to bring increased productivity and profits, they will need to be matched with advancements in data security and resilience.
Stronger data security with ShardSecure
The data security landscape in the manufacturing sector is multifaceted and challenging, and no single solution will protect every facility against every threat. However, the ShardSecure platform offers an innovative way to mitigate against many of the top threats facing manufacturers today.
With an agentless approach to file-level encryption, ShardSecure’s technology is able to neutralize unauthorized third-party access to sensitive data. It offers a way for companies to keep their manufacturing data secure — be it from a cloud provider, a supplier, or a cybercrime group.
The ShardSecure platform also offers robust data resilience, multiple data integrity checks, and a self-healing data feature to keep mission-critical data accurate and available during outages, malware attacks, and other disruptions. It is easy to implement, even with legacy technologies, and it allows manufacturers to remain in control of their own data in the on-premises, cloud, or hybrid- and multi-cloud configurations of their choosing.