Engineer News Network The ultimate online news and information resource for today’s engineer
Fifty-one percent of industrial organisations believe that the number of cyberattacks on smart factories1 is likely to increase over the next 12 months, according to a new report from the Capgemini Research Institute.
Yet nearly half (47%) of manufacturers say cybersecurity in their smart factories is not a C-level concern. According to the Capgemini report, Smart & Secure: Why smart factories need to prioritise cybersecurity, few manufacturers have mature practices across the critical pillars of cybersecurity. The connected nature of smart factories is exponentially increasing the risks of attacks in the Intelligent Industry era.
Around 53% of organisations – including 60% of heavy industry and 56% of pharma and life sciences firms – agree that most future cyberthreats will feature smart factories as their primary targets. However, a high level of awareness doesn’t automatically translate to business preparedness. A lack of C-suite focus, limited budget, and human factors are noted as the top cybersecurity challenges for manufacturers to overcome.
Geert van der Linden, Cybersecurity Business Lead at Capgemini said: “The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset. The increased attack surface area and number of operational technology (OT) and Industrial Internet of Things (IIOT) devices make smart factories a prominent target for cyber criminals. Unless this is made a board-level priority, it will be difficult for organisations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite.”
Organisations face multiple challenges in bolstering cybersecurity at smart factories
The research found that, for many organisations, cybersecurity is not a major design factor; only 51% build cybersecurity practices in their smart factories by default. Unlike IT platforms, organizations cannot scan machines at a smart factory during operational uptime.
System-level visibility of IIOT and OT devices is essential to detect when they have been compromised; 77% are concerned about the regular use of non-standard smart factory processes to repair or update OT/IIOT systems. This challenge partly originates from the low availability of the correct tools and processes, however, a significant share of organisations (51%), said that smart factory cyberthreats primarily originate from their partner and vendor networks. Of firms impacted by cyberattacks in the past 12 months, 28% noted an increase of 20% in employees or vendors bringing in infected devices, such as laptops and handheld devices, to install/patch smart-factory machinery.
People, not technology, remain the top threat to cybersecurity
When it comes to incidents, only a few of the organisations surveyed claimed that their cybersecurity teams have the required knowledge and skills to carry out urgent security patching without external support. One common cause for this widespread inadequacy is the lack of a cybersecurity leader to spearhead the required upskilling programme.
When coupled with the scarcity of cybersecurity talent for smart factories this becomes a significant challenge; 57% of organisations say that the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent. Many organisations said that their cybersecurity analysts are overwhelmed by the vast array of OT and IIOT devices they must track to detect and prevent attempted intrusions. Moreover, cybersecurity executives said they will be unable to respond effectively to attacks in their smart factories and manufacturing locations.
A lack of collaboration between smart factory leaders and the Chief Security Officer is also an area of concern for over half (53%) of respondents. This inability to communicate hinders an organisations’ ability to detect cyber-attacks early leading to a higher level of damage.
Cybersecurity leaders take the market advantage
The report found that ‘cybersecurity leaders’ who deploy mature practices across the critical pillars of cybersecurity: awareness, preparedness, and implementation of cybersecurity in smart factories, outperform their peers in multiple aspects. These include recognising attack patterns at their early stage of deployment (74%) and reducing the impact of these attacks (72%), compared to just 46% and 41% of other organisations respectively.
Based on the analysis and insights from the ‘Cybersecurity Leaders’ identified, Capgemini proposes a six-step approach to develop a robust cybersecurity strategy for smart factories:
· Perform an initial cybersecurity assessment
· Build awareness of smart factory cyberthreats across the organisation
· Identify risk ownership for cyberattacks in smart factories
· Establish frameworks for smart factory cybersecurity
· Create cybersecurity practices tailored to smart factories
· Establish governance structure and communication framework with enterprise IT
To read the full report, click HERE.
1. Smart Factories leverage digital platforms and technologies to gain significant improvements in productivity, quality, flexibility and service. They are powered by three key digital technologies: connectivity (utilizing the Industrial Internet of Things to collect data from sensor technology); intelligent automation (e.g., advanced robotics, machine vision, distributed control, drones, etc.) and cloud-based data management and analytics
Methodology
The Capgemini Research Institute, a leader in partnering with companies to transform and manage their business by harnessing the power of technology, surveyed 950 organisations and conducted in-depth interviews with leaders from different organisations. The global survey took place in October and November 2021. The sectors surveyed include heavy industry, pharma and life sciences, chemicals, hi-tech, consumer products, automotive, and aerospace and defence.
