Factory cybersecurity has never been so important. However, in recent years, the attack on this “hole” has become prominent, and its importance has rapidly increased. What are the connections between the two that have not been thought about in the past, such as manufacturing sites and cybersecurity? Learn why factory cybersecurity has become so important and what to do.
Why did factory cybersecurity become so important?
Why is factory cybersecurity so important now? There is a reason why the world’s flow is making a big difference even in the manufacturing industry.
The changing state of a “factory”
Many factories have made “making good things” a top priority for their manufacturing site. The main purpose of the PCs used on the factory floor was to use parts lists and in-house software, and in many cases, the company used a personal computer in the office for external interactions. In this way, factories have been in a closed environment in a network.
However, IoT has changed this dramatically. The global trend of IoT introduction is also pouring into manufacturing sites, and information obtained from all devices and sensors is becoming involved in environments connected to the internet. For example, visualisation using IoT and smart factories that convert the entire facility into a digital twin are representative examples of factories using IoT. Nowadays, many factories are aware of IoT, and it is natural to connect with the outside world.
Awareness of cybersecurity
Even before the factory was connected to the outside world, it was natural that the office had an external connection. That’s why awareness of cybersecurity was ingrained early in the office. However, unlike an office environment, factories that have operated on the assumption that they are not connected tend to have a weak perception cybersecurity.
A PLC (programmable logic controller), also known as sequencer, has been a central part of factory automation. It can be said that the idea that a PLC is a control-only machine that only sends instructions to the equipment is deep-rooted, and the idea that security is necessary for PLC is not pervasive.
Additionally, in the field where there is no mechanism to capture and record the overall configuration due to frequent line changes, there are cases where security awareness has not reached. To prioritise continued operation, the strong sense of refusal to stop is also considered to be a weakness.
What happens when cybersecurity is targeted?
As it is, IoT has spread and cybersecurity issues have surfaced as it permeates various parts of the factory.
In-time investigation by Trend Micro
How many cybersecurity measures do you actually need in today’s world?
To find out the answer, Trend Micro, a leading security product company, investigated factory cyberattacks. The investigation is to create a “decoy factory” that appears to exist, and to investigate how often and what kind of attacks are being carried out there.
Actual equipment was used such as Siemens, Rockwell Automation, and Omoron for the “Ottori Factory”, and prepared a website as a company and a list of employees. It also reproduces the condition that the PLC remains in its default settings and allows external connections for remote support, as is common in real factories.
When the factory was put into operation, there were 30 attacks in 240 days, six of which were affecting the productivity of the factory. The study found that factories can also be cyberattacked, and their production activities could be damaged.
Many companies do not have cybersecurity departments
In 2019, a US-Japan consulting firm and IT company jointly researched the cybersecurity departments of control systems. According to this report, 26% of listed companies in Japan and unlisted companies with sales of 40 billion yen or more do not have a dedicated cybersecurity department.
How to increase cybersecurity?
Cyberattacks on factories are actually occurring, and cybersecurity measures are urgently needed. Factories must respond to the realities of IoT connection and look to implement a plan of action.
Recognise the difference between IT and OT cybersecurity
Keeping an idea of the status quo is a very important step to addressing security issues. Operators should be aware that factory and office cybersecurity measures are different processes but can learn from best practices.
Factories don’t have the luxury to stop operations, it is very difficult to immediately disconnect terminals that are likely to be problematic, which is very different from the measures taken in the office. By understanding which parts detachable, what OS are is introduced in which parts, and what kind of network is built, it is possible to achieve this on the factory floor.
Understand and manage external connection points
Banning personal computers and USB memory sticks from connecting to the network is commonplace for IT departments, but this basic measure must be implemented for the factory floor.
It is important to manage these external connection points and to have a firm understanding of the environment in which you can connect to the internet.
From a business continuity perspective, it is easy to think that limiting connectivity reduces the chance of cyberattack, but it opens a new risk. Without secure local storage and connections to the network, a business can’t realise the benefits of digital transformation. By implementing Edge Computing, factories can solve the issue of local secure storage while being alerted in real-time to any cybersecurity issue.
It has never been more important for factories to consider cybersecurity, it isn’t possible to reduce the external connectivity brought on by digital transformation, and the businesses that try will soon fall behind the competition when it comes to productivity. Factory cybersecurity needs to be brought up to date with IT best practices to achieve the desired continuous operation.