~ Minimising hacking opportunities in digitalised production lines ~

According to Check Point Research, the manufacturing industry was the most common sector hit by cyberattacks in Southeast Asia in 2021. Singapore alone saw a 145 per cent increase in cyberattacks between 2020 and 2021. As the manufacturing industry continues to digitalise, protecting facilities from cyber-threats by upgrading technology and educating employees is key to business continuity. Here Jon Young, APAC sales director at global automation parts supplier EU Automation, discusses some of the main cybersecurity threats and how manufacturing businesses can protect their systems.

A Marsh McLennan review found that APAC organisations are 80 per cent more likely than the global average to be the target of a cyber-attack. Many manufacturing businesses are open to cyber-attacks but are unsure what their main system weaknesses are, making it hard to address vulnerabilities. Cyber security does not have a simple one size fits all solution, so understanding the specific requirements of each technology is key to protecting important business data and information.

Protecting legacy equipment

Despite rapid industrialisation and digitalisation, much of APAC manufacturing is still dependent on legacy equipment ─ not every digitalisation project involves shiny new machines. However, legacy equipment can be a target for cyber-criminals, so businesses need to assess their technologies to ensure there are no weaknesses.

One of the reasons legacy equipment is targeted is that the internet is has reached places in the manufacturing process that wouldn’t have traditionally been exposed, such as programmable logic controllers (PLCs) and industrial control systems. However, legacy PLCs may not check the integrity of commands being sent to them, creating a vulnerability that means hackers could manipulate them with remote commands.

One widely known example is Stuxnet, which was a malicious computer worm specifically created to target PLCs. It is believed that Stuxnet caused substantial damage to the Iran nuclear program by changing the rotor speed of gas centrifuges, causing them to explode. The worm also physically damaged over 1,000 machines and infected 2,000 computers. This code is currently publicly available, so hackers have the opportunity to replicate this attack in the future. 

From automatically monitoring development cycles to managing warehouse inventories, IoT devices have a multitude of useful applications in manufacturing. Research by Research and Markets found that the Asia Pacific Industrial Internet of Things (IIoT) market is projected to reach USD 46,188.10 Million by the year 2030. As more manufacturing devices are connected to the internet, the number of access points that can be exploited by cybercriminals grows. Retrofitting connected legacy technologies with layers of cybersecurity and updated software will allow businesses to get the best out of legacy equipment, while staying cyber secure.

Remote working and access

According to Check Point Research the number of cyber-attacks in the APAC region increased by 168 per cent in 2021, compared with 2020. During the pandemic, many businesses had to quickly adapt their IT infrastructure to remote or hybrid working, but according to a Sophos study, 53 percent of APAC companies said they were unprepared for the security requirements needed for remote working.

Introducing new technology without scrutinising the security implications can create weaknesses. During rushes to streamline processes, businesses may overlook the broader security issues that can occur by unknowingly connecting a machine to the internet. When introducing remote maintenance systems, connecting a machine to the wider IT system or trialling an IoT system, pay close attention to the possible cyber weaknesses.

Training the workforce

Employees wouldn’t leave a building unlocked at night ─ the same mentality can be adopted to avoid cybercrime. One way to avoid simple hacking techniques is by training staff across the business how to avoid falling into phishing or hacking traps by not clicking on links or opening attachments from unknown sources. Research commissioned by OpenText found that 47 per cent of APAC respondents are more likely to indicate employees are only “somewhat prepared to combat phishing” compared with other regional counterparts.

IT security is the responsibility of the whole workforce, not just the IT team or cybersecurity experts in the business. Employees can learn to take on the mentality of someone trying to attack the system to help them consider the possible weaknesses they are creating. When setting up new technologies, employees can also think about introducing further internal security defence layers to reduce the freedom that hackers have to access the entire system from one weakened point.

As the need for IoT manufacturing devices and remote access increases, cyber security becomes increasingly important to protect businesses from cyber-attacks. The more manufacturing businesses and their employees understand about their systems’ weaknesses, the better they can protect them.

To find out more on cyber security, visit EU Automation’s Knowledge Hub here.