Security Experts:

Assessing Cyber and Physical Risks to Manufacturers

Manufacturers serve as critical building blocks of modern society. They are integral to the existence of the products we consume, the essential services we need, and the infrastructure on which we rely. Our reliance on them also means that, according to the U.S. Department of Homeland Security (DHS), “a direct attack on or disruption of certain elements of the manufacturing industry could disrupt essential functions at the national level and across multiple critical infrastructure sectors.” 

Although security incidents that occur in consumer-facing industries like retail and financial services tend to attract the most attention, those suffered by manufacturers can be far more damaging. The challenge is that the manufacturing industry tends to be particularly susceptible to various cyber and physical security risks. Here’s why:

Antiquated Operational Technology (OT) Environments

The machinery and networks comprising an OT environment are what operate the physical processes required to manufacture goods. Many factories run 24-hours per day, 365 days per year. So any security procedure requiring OT downtime—such as patch and vulnerability management, software updates, and other types of network maintenance that might regularly occur in IT environments—can rapidly hinder production, lower outputs, and reduce revenue for manufacturers. For this reason, OT machinery and networks often operate for years at a time without receiving any sort of security maintenance or assessment. 

Cyber Risks to Manufacturers and Industrial FirmsAnother challenge with outdated OT environments stems from the rapid digitization of the manufacturing industry. As many manufacturers continue to integrate automation, IoT devices, and other Internet-connected technologies with their OT networks, they are inadvertently expanding the surface area upon which vulnerabilities could occur, threats manifest, and attacks transpire. Indeed, this scenario is similar to the uptick in security incidents that occurred following the healthcare industry’s rushed adoption of EMR systems, as well as the oil & gas industry’s increasing reliance on Internet-connected industrial control systems.

Increasingly Complex Supply Chains

Rising competition amid intense market pressure has caused many manufacturers to outsource and diversify their supply chains. While outsourcing can increase efficiency while reducing costs, it often creates a massive flow of materials, people, and data to and from ever-changing sources and third-parties. And as supply chains continues to become larger and more decentralized, many manufacturers are losing both visibility and control of the materials, quality controls, and any potential security vulnerabilities in the goods they produce.

An Abundance of Intellectual Property

Manufacturers also face substantial risks from the abundance of intellectual property (IP) they store. From proprietary source code and product formulations to market insights and trade secrets, IP is integral to the productivity, stability, and competitive advantages of most manufacturers. Unfortunately, IP is also a highly sought-after commodity among adversaries ranging from malicious insiders and competitors to profit-minded cybercriminals and state-sponsored actors. And given the manufacturing industry’s tendency to fall short in terms of security, many manufacturers may be especially vulnerable to IP theft.  

When it comes to accurately evaluating and mitigating security risks facing manufacturers, the above characteristics should serve purely a starting point. It’s crucial to remember that regardless of industry or function, safeguarding critical assets, proactively addressing cyber and physical threats, and assessing and mitigating risk accurately and effectively requires a comprehensive understanding of all factors contributing to an organization’s risk. 

view counter
Josh Lefkowitz is the CEO of Flashpoint, which delivers Business Risk Intelligence (BRI) to empower organizations worldwide with meaningful intelligence and information that combats threats and adversaries. Lefkowitz has worked extensively with authorities to track and analyze terrorist groups. He has also served as a consultant to the FBI's senior management team and worked for a top tier, global investment bank. Lefkowitz holds an MBA from Harvard University and a BA from Williams College.