In recent years, cyberattacks in the manufacturing industry have significantly impacted the Indian economy. The nation remembers October 12, 2020, not very fondly. The country’s financial capital, Mumbai, often touted as the ‘maximum city,’ was without power for up to 12 hours in parts. The city’s lifeline- the local train service was cancelled, offices were shutdown, and essential services had to support power backup to keep running. After a period of investigations looking into such an unprecedented situation, the Power Minister of Mumbai came across as confirming the suspicion that this power outage, at a scale never seen before, was the result of a cyberattack. This happened due to the Maharashtra State Electricity Transmission Company’s servers becoming infected with malware, particularly Trojan horses. OIL is the second-largest national oil and gas company in India. In 2022, cyberattack on OIL disabled IT systems impacting some servers and computers at Duliajan (HQ) in Assam.
Even though the source or intent behind this cyberattack remains a topic of debate, it is clear that cybercrimes against critical infrastructure- notably the manufacturing sector- are on the rise. Reports across industries note that manufacturing industries will be the most targeted sector for Ransomware-related data breaches. In addition, the number of cyber security incidents in this space has risen at an astounding rate of 50% from 2020 to 2021. Manufacturing quickly became the most attacked industry in 2021 after beating the finance and insurance industries earlier at the top spot. It goes without saying that technological advancements have positively impacted the growth graphs. Still, the above numbers suggest that this sort of advancement increases the industry’s openness to cyberattacks.
The Reasons for the Increase in CyberAttacks
While internet connectivity has the advantage of faster identification and automated remediation of any glitches, it can also become a cause for exposing multiple vulnerabilities in a manufacturing facility. Let us look at a few reasons we are coming across an increase in the number and intensity of cyberattacks on control systems in the manufacturing sector.
-
Seeking profit through Ransomware attacks: Ransomware has gradually become a strategy and an effective mechanism of earning big rewards at comparatively lower risk. It goes without saying that the rapid pace at which organisations are expanding in the technological realm has also led to the growing sophistication of threats and breaches, as criminals have become thorough and proficient in the process. It is, therefore, often difficult to identify an attack until there is a visible effect on operations, making it essential for managers to stay abreast of potential dangers.
-
Interconnectedness: The manufacturing chain has become more connected than ever before. Automation systems in factories now remotely control processes in real-time, execute planning and diagnose and minimise production errors. Control systems in manufacturing units include:
● Programmable controllers ● Embedded systems ● Facility management controls ● IoT devices ● Quality management controls
Since control systems are becoming more complex, including an increase in offsite controls, this has led to the industry becoming more ‘connected’ than any other IT system. At the same time, integrating new products and services into the manufacturing process as part of the attempt to automate has exposed the system’s vulnerabilities more easily for hackers to infiltrate defence mechanisms.
-
Lack of focus: Despite the growing challenges, there is a lack of focus on protecting the control systems from the malicious attacks of cyber criminals. System security is not covered under service-level agreements and contracts with equipment vendors and facilitators. At times, automation systems are handled by operations or engineering teams and not by dedicated IT professionals.
Solutions for combating cyberattacks effectively.
Here are a few solutions that are likely to become relevant regarding system security in the manufacturing sector in light of the high severity of breaches and threats.-
Risk analysis: Understanding the manufacturing environment is the crucial first step. Understanding the degree of threat that the assets are under will directly impact the intensity of the protective controls brought into effect.
-
Using AI for security: Organisations must move with the times, including adapting to Artificial Intelligence as a major function of technological infrastructure. AI helps bypass the possibility of human errors, which may cause severe damage to many units of a firm. Flexibility in approaching AI as an effective control mechanism is the need of the hour.
-
Industry best practices: Organisations should not allow staff or management to grow lax regarding protection controls. Reviewing the efficacy of systems, periodically carrying out threat analysis, and creating strategies in line with the learning’s is the most basic step that needs to be taken urgently.
Organisations can employ multiple security strategies. However, what is required, the most is documenting response plans and performing assessments to know the actual picture so that measures can be taken effectively and timely.
ABOUT SNS
Secure Network Solutions (SNS) provides a quantifiable, risk-based approach to building a global structure of cyber security infrastructure based on internationally recognized frameworks and practices. We have been providing services and catering to clients across industries for the last 22 years. Write to us at [email protected] or visit www.snsin.com.