Stay connected

AMS: What are the most common types of threat to manufacturers IT operating systems?

Nick Boughton: While there are certainly people around the world whose intention it is to hack and disrupt company IT networks, it’s quite often that problems occur from incidents within a company’s network, and that are not intentional. Disruption can be due inadvertent physical damage to cabling or IT equipment and also members of staff unwittingly introducing viruses into the IT network through accessing information via USB sticks, etc. There have been some examples of this where manufacturing operations have been shut down as a result of an employee downloading insecure content.

The challenge now is that these manufacturing networks are increasingly connected so the potential for disruption is far greater. The different areas of operation are no longer isolated so if a virus is introduced into one section then you can have a domino effect across an entire factory or even multiple sites. However, companies are now more aware of these risks and these incidents are becoming less common.

How can manufacturers manage data through their supply chain?

At a recent conference I attended, a concept called Digital Continuity was discussed and this looked at how the digital cycle can and should be managed across any number of linked users and suppliers. This would seem to be a formalisation of what has been an ongoing process of ensuring strong links throughout a supply chain. But this is certainly a challenge especially when you consider trading globally with many different companies that will use different standards and protocols.

In the context of vehicle manufacturers, over the years many car companies have gone through a number of different owners as they have been bought and sold, and this often sees different systems and protocols being introduced and overlaid on existing systems. This creates issues because individually they may still be valid in relation to a specific area of operation, but they are not the same and may not work together in a network structure. So, managing this type of scenario, trying the create a more joined up, secure production operating system from different IT systems and platforms, without any disruption to ongoing production, is challenging. Also, these systems are often in the background, one step removed from the actual manufacturing operations, but still essential to the process.

In recent years the areas of operational technology (OT) and information technology (IT) have become much more connected. As a result, operational systems are subject to much closer monitoring regarding any unexpected changes or problems.

What is the biggest challenge in securing a global manufacturing network?

Manufacturers need to raise the level of vigilance, ensuring their staff are made aware of security protocols and any potential threats, as the causes of problems in relation to system security and integrity can come from the small, seemingly insignificant issues not just major attacks on a network. Also, its increasingly important to ensure there is a joined-up policy across the supply chain, as in the case of global manufacturing networks there may be different working cultures that need to be understood and taken into account; it’s not ideal to have say seven different factories in seven different countries all working in entirely different ways. The external security threats are ever changing, becoming more sophisticated, so manufacturers will have to continuously adapt their systems and protocols in order maintain a high enough level of security for their networks. Rapidly changing technology also adds potential risk, for example the huge increase in the number of connected devices being used in controlling and monitoring production operations.