When most people think of cybersecurity, they think of IT departments protecting corporate networks, or individuals at home on their personal computers. But cybersecurity is differentiating rapidly as more people realize its actual goal is to improve the reliability of some other business process or product, and not an end in itself. Since these business processes vary widely from one industry to another it makes sense to talk about the unique issues and approaches faced by individual market verticals. Today: Advanced Manufacturing.
Manufacturing jobs are increasingly high-tech jobs, and amazingly enough (in spite of our images of automobile assembly plants) the vast majority of these jobs are to be found in very small organizations. Something like 70% of manufacturing jobs are in fact found in companies with fewer than 100 employees, and 98% in companies with fewer than 500. Furthermore, the advanced manufacturing industry is on the verge of content and structural changes perhaps unlike anything since the advent of the assembly line itself.
The factory of the future consists of fully interconnected machinery operating semi-autonomously, with the role of humans relegated more to monitoring the operations for signs of trouble than operating the equipment directly. GE for example now monitors 10 million sensors a day from more than $1 trillion of equipment, meaning they have transformed from a manufacturer/lender to a manufacturer/big data company. Designs are electronic, and product designers more intimately connected to the manufacturing processes themselves. In some places in China, small design-build-sell groups can run small batches of sample products, sell them immediately on the street, and receive direct customer feedback in real-time, allowing almost unimaginably rapid product development through iteration.
Additive manufacturing (including 3D printing) is leading a more radical structural change, as manufacturing capacity is increasingly distributed and responsive to local needs of customers, larger assembly plants or other imperatives. For larger-scale products such as automobiles this is leading to renewed local clustering of supply chains, while at the same time allowing for much more decentralized production of smaller-scale products, with implications that ripple through the logistics and shipping industries as well as impacting job location and migration. One result, for example, has been the “re-shoring” of manufacturing to the United States as changes in cost structures make transportation costs and close collaboration more dominant priorities than finding the least expensive labor markets.
Cybersecurity is an emerging concern in this new world of manufacturing, for several reasons. The most obvious is that putting expensive capital machinery online exposes a manufacturer to attacks in ways that they are not accustomed to dealing with. Security professionals in these organizations may come from a more traditional physical security background or have more generalized IT expertise than, say, the Government or financial industries.
But there’s more. Much of the intellectual property of manufacturers, often contained more in processes than in the products per se, are now exposed and are a high priority of economic attacks. The threat of tampering with product design files, resulting in defective products, is suddenly real. Attacks against less sophisticated component manufacturers further down long, integrated supply chains as a way of reaching the larger top-level manufacturers is now a well-known tactic. And with an increasing number of products (Internet of Things; see Oct 20 post) containing connected sensors and computing elements, attackers also have the ability to target these components. For the Federal Government there are activities afoot that would require manufacturers to certify their products as free from known vulnerabilities or else be considered defective.
This rapid industry change and adoption of 21st century technology is already a revolution in progress. As an information security community we are actively looking for ways to adapt the lessons learned and the leading edge techniques developed in other places to help ensure that our critical manufacturing infrastructure remains a vibrant source of growth and opportunity for decades to come.