6 minute read
The new cybersecurity imperative in manufacturing
from AMT OCT/NOV 2021
by AMTIL
As an industry that contributes about 6% of Australia’s GDP, the manufacturing industry is still not safe from the ambitions of increasingly smart, organised and industrialised hacking groups. By Joel Camissar.
Globally, the volume of cyber attacks targeting the manufacturing sector increased 300% last year, and in Australia, 13% of all known cyber attacks are targeting manufacturers. What kind of threats is the industry facing? Why have manufacturers become key targets for cyber criminals? And most importantly, what can they do about this growing threat? The era of ransomware
Ransomware is a type of threat that has grown dramatically in the past couple of years. The concept is to hold a company to ransom by threatening them to take down their systems or publish information, data or intellectual property (IP) they have managed to steal if the victims don’t pay. The prospect of a downtime, and the associated financial cost and reputational damage are usually enough to convince many organisations to pay up. Some sources report US$350m in revenue was made from ransomwares in 2020. But with many attacks never reported, other estimates mention figures above US$1bn. Malicious actors usually manage to implant their ransomware or malware leveraging company vulnerabilities, or taking it a step further by carrying out a Distributed Denial of Service (DDoS) attack against victims. There are also human-based attacks including spearphishing, stealing credentials, or paying disgruntled employees to implant the malware. And as manufacturers increasingly digitalise and modernise their operations, it also increases the opportunity for criminals. Increased attack surface
Many industries are reliant on new technologies and digital solutions to generate efficiencies, and the pandemic has only accelerated this trend, due to a stronger need for agility. Manufacturing is no exception. Supply chains have often been dramatically disrupted to adjust to new and evolving industry and consumer needs. Other factors include the democratisation of connected devices and edge computing in recent years to monitor factory environments, security or machineries, which have led to a multiplication of new systems, and an acceleration of data exchange between them. With new systems come new attack surfaces and vectors. There are more systems and devices, and more people who may not have received proper training on cybersecurity practices. Especially if these systems were implemented in recent months to ensure business continuity or to quickly adjust to lockdowns and outbreaks. That is not to say that manufacturers should pause their digital transformation efforts, but they should do it including new risk management and cybersecurity considerations, because manufacturing will only become a larger target for malicious actors in the future. Breaking the first link in the chain
It would be a mistake to think cybercriminals are randomly and blindly targeting organisations. Hacking groups are becoming much smarter, strategic, and industrialised. Their increased focus on manufacturers is the result of strategic thinking. Manufacturers are usually one of the first links in a supply chain, and disrupting their operations usually means disrupting the whole ecosystem. The potential damages are more significant than when attacking an organisation at the end of the chain, and is usually an additional incentive for victims to pay the ransoms. In recent months, criminal organisations have publicly voiced their intentions to strike businesses that operate at the source.
Joel Camissar.
Unfortunately, that means manufacturing will also be a key focus. In this context, is it essential that industry players look at improving their resilience to cyber threats. Designing for security
When designing new operational systems and infrastructure, manufacturers have to make sure they design with security in mind. This starts with using a cyber risk framework to guide the security architecture development for production systems and measure maturity improvement over time. The Australian Cyber Security Centre has published its Essential Eight, acting as baseline cybersecurity recommendations to mitigate the risk of cyberattacks. Other major economies have published cybersecurity standards, and it is worth looking at the NIST in the US, or the Cyber Essentials in the UK as well. Adopting a Zero Trust approach is also part of designing with security. The idea with Zero Trust is to implement access rules across the organisation that grant company users, data applications and external partners or stakeholders, access to only the resources they need to operate, for only the time they need access to it. If any of them is compromised, hackers have very limited freedom to navigate an organisation’s network and systems. Zero Trust is particularly relevant in a flexible and remote workforce set-up, allowing organisations to properly protect remote employees and their devices. Thirdly, take a ‘one enterprise’ approach to security and risk management. Many organisations still operate in silo. For instance, a chief information security officer (CISO) may be responsible for information technology (IT) only, yet not charged with securing operational technology (OT) environments. This needs to change. Finally, manufacturers should explore the shared responsibility model. The idea behind this model is that the responsibility for security doesn’t fall solely on one party. All stakeholders across the supply chain, from cloud service providers to end-users, have a role to play. The multiplication of headlines on major data breaches and cyberattacks, even on the largest organisations on the planet is a sign that malicious actors are undeniably making headways. As an essential industry for our society, manufacturers have a responsibility to make cybersecurity a priority in the years to come, and reduce the risk of potential major disruptions and associated losses.
Joel Camissar is Senior Director, Channels, Alliances and Cloud, APAC at McAfee Enterprise. www.mcafee.com/enterprise
Global engineering group Sandvik has signed an agreement to acquire US-based CNC Software Inc., a leading provider of CAD/CAM software solutions for manufacturing industries and the company behind the Mastercam software suite. Gcode Engineering Solutions (Mastercam Australia) will continue to service the Mastercam brand in Australia.
By acquiring CNC Software, Sandvik gains Mastercam, the most widely used Computer Aided Manufacturing (CAM) brand in the industry with an installed base of around 270,000 licenses/users, as well as a strong market reseller network and well-established partnerships with leading machine makers and tooling companies. The Mastercam brand and its reseller channel will remain intact. Gcode has been supporting the Australian region as Mastercam’s reseller for nearly six years. Greg Williams, Director of Gcode, stressed that for Mastercam users in Australia, the customer experience will remain completely unchanged, with the same level of customer service and support that they have come to expect. “Mastercam Software Australia is committed to support and training of all users,” said Williams. “I am very passionate about manufacturing in Australia and pride myself in partnering with progressive manufacturing companies to achieve better outcomes. It’s an exciting time for manufacturing, and we look forward to moving the industry forward together.” For Stefan Widing, President and CEO of Sandvik, the acquisition is in line with the company’s strategic focus to grow in the digital manufacturing space. “An acquisition of CNC Software and the Mastercam portfolio, in combination with our existing offerings and extensive manufacturing capabilities, will make Sandvik a leader in the overall CAM market measured in installed base. CAM plays a vital role in the digital manufacturing process, enabling new and innovative solutions in automated design for manufacturing.” CNC Software has a strong market position in CAM, particularly for manufacturing SMEs, which supports Sandvik’s ambitions to develop solutions to automate the manufacturing value chain for SMEs – and deliver competitive point solutions for large OEMs. Combining the strengths of Mastercam with Sandvik’s offering and know-how within machining is expected to be an important enabler in automating the customers’ end-to-end manufacturing processes. “Mastercam will be the cornerstone in Sandvik’s CAM portfolio, further improving machining productivity by combining our machining know-how with their CAM expertise to improve quality and reduce waste for our customers,” says Mathias Johansson, President of the Design & Planning Automation Division in Sandvik Manufacturing Solutions. “Specifically, we will leverage data capture and use to secure efficient tool selection and tool path optimisation for our customers.”
www.home.sandvik www.mastercam.com.au
