9 Tips For Improving Cybersecurity
In Factories

Industry 4.0 is the 21st century buzzword, representing both its greatest technological advances and its greatest threats. The nightmare scenario depicted in such films as The Terminator and Marvel's Age of Ultron is a familiar and ongoing theme: machines become self-aware and eliminate humanity, using the world wide web as their highway to hell. However fantastic it seems (and it certainly seemed a lot more fantastic in 1984 than it does now), it is as well to admit that the first step on this unimaginable path has already been taken. Machines are all becoming interconnected and thinking for themselves.

This is a great step forward for global production, as it has huge advantages in terms of source and supply chains, productivity and quality control. A recent analysis suggests that as much as 17-20% in productivity gains has been achieved in the last couple of years by investment in smart manufacturing, alongside 15-20% gains in quality. Hundreds of millions have been invested in smart manufacturing, with at least 67% of industrial manufacturers having installed smart initiatives in their factory processes. Across the UK, however, investment is lagging, with only 1% of manufacturers embracing full digitisation, as compared with a global average of 10%. On the positive side, this gives UK industries a greater opportunity to get in on the ground floor, with a closer focus on improving cybersecurity in their factories.

The potential threat from cyber attacks has increased exponentially as the world becomes ever more digitised. Cybersecurity in the Internet of Things (IoT) and particularly the Industrial IoT (IIoT) is now one of the world's greatest concerns. The more technology is interconnected, the more capable it is of advanced behaviour, but the more vulnerable it becomes to invasive and criminal activity by hackers. In the case of industry, vulnerabilities are often due to the adaptation of legacy manufacturing equipment for IIoT practices, but even brand-new systems are open to attack. On the factory floor, it is crucial to ensure systems safety, because not only machinery but also human lives may be at stake.

1. Be Proactive

Don't wait for a cyber attack to happen and cause havoc in your systems, but be proactive and make the necessary changes right away. Find out about what threats are most common, what history of attack there may be on your particular type of installation, and what you should do to prevent it. When installing any new system, be sure that you check its security protocols thoroughly, and carry out all necessary tests before going live. Be especially careful when integrating new IIoT devices into legacy systems, as this is where security is most vulnerable. Above all, don't assume that because you have been safe so far, it's not going to happen to you. A recent survey suggests that 90% of security professionals have already suffered attacks, across the UK, Germany, Australia and other countries.

2. Lock Down Everything

Locking down all your IIoT systems allows you to open them up only where or when necessary, allowing you better control of the network. Secure password management and two-factor authentication should be instituted wherever possible, and everything that can be encrypted, should be. Also, don't rely on the cloud for sensitive storage, as these systems are not foolproof, and always, always keep a hard disk backup. It's all too easy to think that you have covered every base, but hackers are some of the most ingenious computer programmers on the planet, and they're bound to have thought of a loophole in every conceivable scenario.

3. Set The Correct Permissions

Set the permissions in your system correctly for each individual who uses it, to ensure that the only staff who can get access to the system are those who need it. If you don't know how to manage permissions, consult the equipment manufacturers, or the guidance manuals supplied with the machinery, to ensure that only authorised personnel have access. Again, two-factor authentication should be applied to all permissions where possible.

4. Budget

Allocating a budget to cybersecurity will save your business a lot of money in the long run. Setting aside funds for cybersecurity attack prevention will allow you to prepare for a potential threat as part of your budgeted finances, as opposed to incurring large and unplanned costs repairing damage after the event. You also should budget for the time required to install and review cybersecurity procedures, and factor in the time required for staff training as a mandatory part of job contracts.

5. Planning

Planning is the key to ensuring that everything in your system is secure. Budgeting is part of this, but also all users, processes and particularly connections in a system must be carefully documented. Plan out the lifespan of the machinery and its future activity, together with upgrades to hardware or software, and the equipment's expected obsolescence. Furthermore, you should also have a contingency plan in place to mitigate the impact of any successful cybersecurity attack. Plan on improving the cybersecurity of your factories and workplaces immediately, and see how your future procedures will adapt and become stronger.

6. Updates

Updates can be critical, so it is important to keep all software and firmware up to date wherever possible. It is especially important to ensure that systems have the most up-to-date security patches released by manufacturers, as they identify and address potential risks. Sometimes manufacturers are reluctant to take (or unable to afford) the downtime required for updates, and in these circumstances you should have plans in place to protect and monitor the system against cybersecurity threats.

7. Testing

Once your systems have been installed, updated and permissions granted, it's important to test everything, to ensure that your security measures function as you have planned. Pen (penetration) testing is a good way to find out if, and how, hackers can gain access to your manufacturing systems. This involves running a simulated, controlled and authorised hack, either manually or via automated software, to identify potential vulnerabilities which could be exploited by cyber criminals. This is a very useful learning tool, and helps users to understand how cybersecurity is approached from the other side of the criminal divide. This is a sophisticated technological exercise, and you may need a trusted third party expert to help carry out a pen test.

8. Regular Reviews

Regularly reviewing your cybersecurity measures is vital to maintaining a safe and secure factory. You can use reviews to fine tune your processes, assess any potential vulnerabilities and fix any issues that may appear over time as the system is put into full operation. The Stuxnet worm, for example, was designed to operate on a long-term plan of destruction, which only became apparent many months after the original malware had been installed. By reprogramming certain controllers, the worm was able to cause hardware deterioration that eventually led to the destruction of more than 1,000 machines. Not only did this cause huge financial losses, but the credibility of the system was severely compromised and a nation put under threat. The more recent global attack known as WannaCry used NSA backdoor access tools to install ransomware on millions of computers in order to extort money, and this threat is still ongoing.

9. Training

In this complex technological environment, we cannot emphasise enough that training is vital. You must ensure that your staff are fully trained for the systems they use, that they understand clearly what cybersecurity is, and that they know how important it is to the proper functioning of your business. They must be trained to know how to prevent a cyber attack, how to identify a potential threat and what to do if a cyber attack does occur. This will not only benefit them with a better knowledge of the factory and its systems, but will also result in a better overall understanding of how cyber crime can impact a business.