Manufacturing
IP is financially rewarding. It’s thought that companies which own at least one patent, registered design or trademark generate on average 20% higher revenues per employee.1
According to ABI Research, the theft of IP via cyberattacks costs the US economy alone between $225 billion and $600 billion annually.2 The analyst house predicts that cyberattacks on IP-rich data in servers and staff computers will double in the years leading up to 2026.3 Exacerbating this trend is the rise of ‘smart’ factories, which will proliferate IoT devices and expand the attack surface.
This proliferation is doubly concerning given the trend towards IT/OT (information technology/operational technology) convergence. By combining these two systems, manufacturers can send information gathered from OT processes to their IT networks to enhance systems monitoring and control. The challenge is that OT systems have traditionally been air gapped from the internet and enterprise IT networks, and so are inherently less secure (as they were at reduced risk of compromise). Connecting OT to IT opens a new attack route that could compromise availability.
Maintaining availability is critical for manufacturers. It’s estimated that unplanned downtime costs industrial manufacturers as much as $50 billion a year.4 Protecting against ransomware or other cyberattacks that lead to downtime is therefore crucial to maintaining a strong bottom line.
However, in recent years this has become increasingly challenging. Events including Covid-19 and the obstruction of the Suez Canal in 2021 have brought home just how fragile international supply chains are. As the hubs of global supply chain networks, disrupting manufacturing output can have a huge impact on global productivity. The effect is clear. In 2022, ransomware attacks on industrial infrastructure doubled, bringing with them what the World Economic Forum refers to as “a potential systemic impact to supply deliveries.”5
Breaking down the barriers between IT and OT data means refreshing the associated approach to security – especially now as the enterprise IT perimeter is increasingly distributed.
CIOs in the manufacturing sector have their work cut out for them. Their organisations are digitising at pace, even as the security landscape becomes more challenging. Here are some HP recommendations for meeting some of their challenges:
Balance security with availability. As an overarching principle, CIOs should aim to strike a balance between the needs of the business (i.e., availability and maximum performance) with those of security. In some cases, the risk of breaking production lines is such that manufacturers forego even basic vulnerability scanning. CIOs should look to engage with line of business leads to educate them on the threats they face so that they better understand the people, process and technology implications. From there, a more measured approach that balances protection with business requirements can be reached. Technology has a role to play too. Solutions such as HP Sure Recover help businesses improve availability by helping them quickly recover from attacks.
Third-party risk monitoring. To protect their supply chains and manage third-party risk, manufacturers need to take a proactive approach to understanding the security profile of their supply chain partners. This approach must also include an evaluation of endpoints and the security credentials of the associated vendors and managed service providers. CIOs should look for embedded security controls on endpoints that mitigate the threat of devices being compromised while en route from manufacturer to user. Examples include tamper-proof mechanisms, such as enabled by HP TamperLock, a solution that leverages sensors on devices to detect and lock down a system that is disassembled and provide fully manageable policy controls to configure what action to take in the event a cover removal is detected. Moreover, HP Sure Start controls any anomality at BIOS start-up. With HP Wolf Connect it is also possible to lock devices during transport and unlock when the device is with the owner. In case devices are lost, HP Wolf Protect and Trace can locate and lock the devices, unlock when found and, in cases where the device is stolen, wipe them remotely.
Secure remote access. As mentioned, with engineers increasingly working from home, malware on a worker’s device could easily spread from their laptop to the OT environment, causing significant downtime. Zero-trust network access therefore needs to be augmented with zero-trust device access that leverages hardware-based security controls. Virtualisation can also be used to isolate user devices from the OT data/systems they are accessing, ensuring against cross-pollination of malware. HP Sure Access Enterprise, which is based on over ten years of innovation and collaboration with leading CPU manufacturers, is a case in point: a solution that enables a PC with standard hardware to be used for both privileged and non-privileged user activity.
1 European Patent Office, “Study highlights economic benefits of owning intellectual property rights – especially for small businesses,” February 2021 https://www.epo.org/news-events/news/2021/20210208.html2 RCR Wireless News, “Cyber risk doubles in smart manufacturing as IoT jumps 53 percent per year,” December 2022 https://www.rcrwireless.com/20221215/5g/cyber-risk-doubles-in-smart-manufacturing-as-iot-jumps-53-percent-per-year3 Ibid4 Forbes, “Unplanned Downtime Costs More Than You Think,” February 2022 https://www.forbes.com/sites/forbestechcouncil/2022/02/22/unplanned-downtime-costs-more-than-you-think/?sh=119e9eac36f75 WEF, “Manufacturing is the most targeted sector by cyberattacks. Here's why increased security matters,” March 2023 https://www.weforum.org/agenda/2023/03/why-cybersecurity-in-manufacturing-matters-to-us-all/
