Home » Manufacturing » Why Industry 5.0 is both a boon — and a cyber security challenge
Sponsored

Charlotte Davis

Director OT Security, NCC Group

The rise of the Internet of Things and Industrial Internet of Things has security implications for manufacturers. It’s why they need to make cyber security an integral part of their business resilience programmes.


The advance of Industry 5.0 and the Industrial Internet of Things (IIoT) has undoubtedly revolutionised the way many manufacturers and their supply chains operate. But it has also created a complex challenge for them.

Connectivity framework vulnerabilities

To make the most of digital innovation and keep up with the competition, manufacturers must now ensure that their operational technology (OT) systems interact with their information technology (IT) systems. For instance, a vaccine manufacturer might connect a fridge to its IT network to ensure that optimum storage temperature is maintained at all times. The trouble is this could open a new attack surface and create a new challenge from a cyber security control perspective.

“OT network components such as automated robotics, food processing lines and even industrial control systems are generally not classified as ‘secure-by-design’ because they were not designed to be enterprise network connected,” explains Charlotte Davis, Director of OT Security at NCC Group, a global cyber and software resilience business.

“Yet, with connectivity to the Enterprise IT network and/or cloud storage, many OT components such as sensors, actuators and manufacturing operations management (MOM) systems expose the OT and IT networks and must be considered as connected devices to assess in terms of vulnerability to attack.”

Manufacturers need to take a holistic approach and make cyber security an integral part of their
business resilience programme.

Top five cyber security threats to a business

Indeed, this lack of IT and OT security alignment makes manufacturing more vulnerable to cyber threats than other industries. Davis notes that the top five cyber security threats come from:

  • Equipment sabotage (including nation-state attacks)
  • Phishing
  • IP theft
  • Ransomware
  • Supply chain attacks.

On top of this, the risk landscape has changed irrevocably for manufacturing firms in recent years — and for a number of reasons.

Take the proliferation of low-code development platforms, for example, which Davis identifies as one of 2023’s biggest security threats. “Low-code is used by the manufacturing industry as a way of creating a repeatable coding platform, rather than commonly writing code for every process and procedure,” she says. “This trend prevents economies of scale and efficiencies where such skillsets may not exist internally. It is important, however, to ask the question: is the code itself secure by design?

Then there is the complex nature of the typical supply chain profile for a manufacturing entity — and the fact that the industry regularly outsources, offshores and has a greater dependency on sub-suppliers. “A complex supply chain with many interconnected providers, suppliers and dependencies creates a matrix profile of security considerations,” says Davis.

Cyber security as part of your resilience planning

Most importantly of all, manufacturers need to take a holistic approach and make cyber security an integral part of their business resilience programme. “A cyber attack is just one of many potential impacts on a business’s operating profile,” says Davis. “To ensure business resilience, risk management and cyber security must be weaved into all aspects, from sourcing products and components to maintaining RPO and RTO or risk failure.”

Using back-to-basics cyber hygiene methodology, it’s possible to effectively align OT security with IT security as well as embed and maintain compliance with safety principles, says Davis. But the fact is that this is a new, ever-evolving territory where all players are learning as they go.

This is why manufacturers should partner with a cyber security expert who understands the best approaches to use within an OT environment. “The right adviser can ensure that a manufacturer’s IT and OT security are holistically configured, their end-to-end network security status is always visible and monitored, and importantly, it is centrally managed on an ongoing basis,” says Davis. “It’s the most effective and efficient approach to maintaining a consistent security posture and facilitating a robust business resilience programme.”

Next article