Smart factories are neglecting cybersecurity

It’s not enough to be smart; you have to look out for cybersecurity. This maxim seems to be overlooked by plant directors, according to a study by Capgemini. By their very nature, factories that have become smarter with the wave of digital transformations are now also more connected to the Internet and the cloud in general. With that, they have expanded their vulnerable surfaces to attacks by cybercriminals, yet top management is not preparing their factories to the full extent to prevent or react to intrusions by malicious actors.

The survey covered 950 plants in different parts of the world in the heavy industry, pharmaceutical and life sciences, chemicals, high-tech, consumer products, automotive, aerospace, and defence sectors. Some 73% who said they had experienced an attack mentioned that it had occurred within the 12 months prior to the interview, 13% between 12 and 24 months, and 14% more than 24 months ago. Overall, 40% reported an increase in cyber incidents since 2019.

It was cited that their cybersecurity teams are overwhelmed with the sheer volume of Industrial Internet of Things (IIoT) and Operational Technologies (OT) device operations that they need to track to identify and disengage intrusion attempts. And the trend is for the administrative intensity and complexity to increase as, by 2025, the number of IIoT connections is expected to reach 37 billion. In addition, most smart factories do not have sufficient visibility into the OT/IIoT devices in their facilities.

What we have seen is that awareness is not the same as preparedness. While 80% of organizations surveyed agree that cybersecurity is critical to smart factory operations, 79% feel that the level of threat exposure is higher in a smart factory than in a traditional unconnected one, and 51% recognize that the volume of cyberattacks is likely to grow in the next 12 months, levels of preparedness remain low.

Overall, factories are poorly prepared in terms of awareness, governance, protection, detection, and resilience. Capgemini’s analysis indicates that governance is a particular area of concern, showing the lowest level of preparedness across a number of parameters. In terms of awareness, there is a need to ensure access to real-time information on current threats and historical data to be able to prepare using key use cases from the smart factory industry.

On the protection front, Capgemini recommends securing a comprehensive scheme across all five levels of a smart factory, from level 0 (production process control) to level 5 (business planning and logistics control). Detection and resiliency capabilities should include advanced monitoring systems to track the security of critical resources and accelerate incident identification, as well as resiliency mechanisms to effectively counter and respond to cyber-attacks. To raise the bar on governance, it is necessary to make smart factory cybersecurity a top management concern and have senior leaders define priorities and accountability for IIoT and OT.

The main challenges to improving smart factory cybersecurity are lack of collaboration between factory leaders and the chief security officer; insufficient budget allocated to cybersecurity; and inability to detect cyber attacks early, which ultimately leads to further damage to operations.

The survey showed that there are also barriers to overcome in order to properly train employees on how to deal with the various aspects of cyber threats. As the first line of defence, they should employees should be aware of early warning signs of possible attacks and how to ensure quick responses. A common cause for this scenario is the lack of leadership for the necessary reskilling program. This, combined with the shortage of cybersecurity talent for smart factories, becomes a major challenge. For 57% of the organizations surveyed, the shortage of professionals in this field is much more acute than the cybersecurity talent crisis for IT.

Based on analysis and insights from industry leaders, Capgemini recommends some actions to implement robust cybersecurity schemes in smart factories:

1. Perform a risk assessment that considers specific attack scenarios to identify which ones need to be mitigated. Create an inventory and monitoring mechanism for all connected devices.  It is also imperative to understand the interconnection pattern of the network. This will enable a more effective response in the event of an attack because you can immediately identify which functions may be impacted and tailor the corrective action accordingly. This comprehensive analysis can be used to develop a customized scheme and reveal the maturity of the overall business preparedness.

2. Promote threat awareness. It is essential to inform about the possible seriousness of the lack of preparedness to act in case of cyber attacks in order to prioritize the cybersecurity of smart factories.

3. Defining responsibilities for smart factory cybersecurity is important because the business impact of attacks is often high. Senior management should be aware of budget distribution commensurate with the risks. It is also recommended to develop a detailed roadmap that defines the various risk structures. Steps incorporating various business units, profiles, and priorities can be helpful to create cybersecurity solutions without affecting production lines.

4. Establish cybersecurity infrastructures that are adherent to global protocols for smart factories and aligned with a broad ecosystem of vendors. Among other things, these schemes can facilitate the installation of patches and updates against threats.

5. Create cybersecurity practices tailored to the smart factory environment. Adopting an integrated vision for cybersecurity across the enterprise is of course beneficial, but according to Capgemini, it can be seriously problematic if it is not done correctly. Inadequate measures and controls aimed at the convergence between IT and OT will only exacerbate the problem and increase the attack surface.

6. Determining a governance and communication structure with corporate IT is also relevant. A matrix structure should be used that grants decision-making autonomy to the smart factory cybersecurity team, which will report to the CISO. This will also facilitate collaboration with plant managers and provide visibility into the organizational cybersecurity strategy.

The key to having effective cybersecurity in smart factories is to have teams that know and understand the operation of the production chain, equipment and industrial networks, and are able to analyze events in detail and, above all, create a remediation plan that minimizes impacts on production. In addition, it is necessary to have a cybersecurity representative embedded in the plant environment with good knowledge of the facilities, in order to be able to analyze alerts and, above all, contribute to the construction of this remediation plan.