Supply Chain Management / IIoT / Industrial Cybersecurity / Digitalization / Smart Manufacturing

Cyber strategies to keep your facility and fleet safe

If you don't know where you're vulnerable, someone else will find out.

By John Rosenberger, The Raymond Corp.

We live in a digital era – one in which data collection and sharing happens instantaneously across channels, creating enhanced efficiencies and providing faster results. The internet of things (IoT) is changing the workplace, and that includes how the manufacturing industry conducts business. IoT is the interconnectivity of how the digital world integrates and interacts with the physical world, and manufacturing is one of the sectors being affected the most. Intel predicts that by 2025, IoT technology’s global worth could be as much as $6.2 trillion USD, including a potential of $2.3 trillion USD from manufacturing.

With the increasing demands of e-commerce businesses, processing data and delivering output faster has become an imperative for manufacturers to stay competitive. The integration of IoT within plant facilities and their warehouses has helped plant professionals increase production, automate processes, and manage fleet maintenance more efficiently. However, as the impact of the IoT has grown, so, too, has the frequency of data breaches and cyberattacks. These issues are crippling to a business’s bottom line.

Issues with insecure networks and unauthorized information-sharing are serious problems for plant facilities, and the industry must adapt to address these business concerns.

Problem: Maintaining security in an ever-changing digital world

Just as our smartphones and wearable technology devices need timely software updates to ensure secure operation, so, too, do most smart manufacturing machines and telematics hardware. From recent real-world experiences, we know that not periodically updating software and firmware can threaten the security of machines and their data.

Technology has led us to desire immediate gratification. We want things better and faster – now. Because of this drive for new and improved features, the need to stay up to date on the latest software programs has increased. After new software is released, the old software quickly becomes outdated, inefficient, and more susceptible to malware.

For criminal hackers, plant services and manufacturing facilities are second-tier targets when it comes to profit. But when it comes to susceptibility, they are Tier 1. Sections of the manufacturing industry have been slower to adapt to the higher frequency of software and technology updates that facilitate more-robust software security, and this can be a major issue.

Being slow to update to newer technology makes plants more susceptible to cyberattacks that could jeopardize sensitive corporate information or employee identification details.

If you have a piece of powered industrial equipment that does not have the latest software or firmware update, hackers can crack the code and use corporate information stored in the equipment as a pipeline to reach bigger data. Not encrypting your data puts your – and your vendors’ – information in jeopardy.

Solution: Understanding and combating IOT vulnerabilities

Fortunately, many companies are starting to recognize these inherent IoT vulnerabilities and are working to combat possible security threats. Here are steps you can take to ensure that your facility is more secure and less susceptible to cyberattacks.

Avoid hybrid data entry. If your plant still relies on both manual and automated data entry, work to eliminate the need for manual input. Hybrid data entry opens more doors for inconsistent documentation, making the data easier for hackers to obtain. Although technology has increased opportunities for data breaches, the advancement of IoT applications can still offer a more-secure tracking and reporting method versus a hybrid approach.

Invest in badge technology. Badge technology is becoming more sophisticated. Most new badges have code embedded within them that is much more difficult to hack. Embedded code and unique ID requirements help ensure that only authorized personnel can access all data points in your warehouse management system.

Scan for viruses regularly. If your employees use USBs to gather plant data, be sure to scan for viruses regularly. Although USBs can be effective tools for housing information, they also can be a great way to catch malware. Often, employees will not know when their equipment has caught a virus, so you must be proactive in checking devices across the facilities. Just one virus could disable your entire warehouse system.

Consider leasing your equipment. To help ensure that your plant operations are running with the most updated software applications, evaluate whether leasing might be a viable alternative to buying equipment. Leasing allows you to trade in your equipment every few years for new models equipped with the latest software applications – without having to incur the complete cost of purchasing new equipment.

Collaborate with vendors that offer modular or upgradable applications and network interfacing hardware. When looking for vendors with which to collaborate, make sure their products are contemporary enough to match your and your customers’ technology needs. Progressive manufacturers are creating software and networking equipment to be more modular to meet the changing needs of customers and the evolving demands of the IoT. Modular or upgradable applications and network interfacing hardware can help you address your software issues without necessitating the purchase of a new device or an entirely new machine.

Leverage your vendors’ resources. To help address IoT security threats, manufacturing companies are creating teams that can visit a plant and review the facility’s vulnerabilities to cyberattacks. Based on the assessment, the team can offer recommendations on how to make a plant more secure and discuss best practices for maintaining a level of protection in today’s connected plant.

Conduct an annual review. After you have enlisted the help of an external vendor to perform a comprehensive review of your plant, it’s important to get in the practice of conducting an annual review. To help you focus on key areas that pose a cyber threat, the Open Web Application Security Project (OWASP) releases a top 10 list each year of application security risks. On the 2017 list, a key area of opportunity for hackers was injection flaws. Injection flaws can occur when untrusted data is sent to an interpreter as a part of a command and the hacker is able to trick the interpreter into executing unauthorized commands.

“Just one virus could disable your entire warehouse system.”

Another data risk for plants is broken authentication, which was No. 2 on the 2017 OWASP list. This can happen when application functions related to authentication and session management are implemented incorrectly. If there is a broken authentication in your software, hackers can compromise passwords, keys, or session tokens or exploit other implementation flaws to gain more access to other users’ and companies’ data – temporarily or permanently.

Understanding leading and evolving cybersecurity threats is essential as you devise and revisit your strategies for mitigating cyber threats.

Educate your team. Now you know how important maintaining a secure plant warehouse is – but your leadership and operators might not. Educate your team about the severity of cyberattacks and best practices to help keep your plant protected.

As data propagation continues to grow thanks to the IoT, the need for contemporary and robust cybersecurity becomes ever more pressing. IoT applications continue to revolutionize the manufacturing industry. We must prepare for the benefits and risks of instant connectivity.