FUTURE OF ALUMINIUM 41 5
www.aluminiumtoday.com
The cyber security challenge for advanced manufacturing By Dr Alexeis Garcia-Perez*
From transport to communication, energy, security and finance, recent developments in technology have had a significant positive impact on most drivers of competitiveness within public and private sectors. Vast amounts of data and information are continuously created and shared as a result of a growing connectivity and the emergence of new devices and applications. These, combined with digital computation and off-site data storage, have changed the manufacturing landscape and provide a potential for dramatic improvements in productivity, quality and costs. Operations and business strategies within the sector increasingly rely on the sharing of growing volumes of data, information and knowledge within the manufacturing ecosystem. Manufacturing firms, their suppliers and customers, the educational and training systems that enable their workforce to perform, the systems that support their entrepreneurship and innovation strategies, and the export and logistics systems that deliver their products to market form an ecosystem where product design, process and business plans, customer, supply chain, financial and even employee’s personal information often flows without major restrictions. Paradoxically, in doing so those intangible resources also become potentially accessible to competitors and adversaries within and outside the sector, thus increasing the risk of confidential and/or proprietary data and information resources being exfiltrated, altered or even destroyed. Risk is not new to the manufacturing sector. Manufacturing staff (e.g. engineers, project managers) are accustomed to dealing with operational risks, while most executives envisage strategy-related risks such as those inherent to innovation, business models or to talent and succession planning strategies. However, different
Consumer
Training and education providers Suppliers Who owns the...
Other manufacturers
Retailers
Data? Cyber Risks? Intellectual Property?
Distributors Exports systems
from most of those, cyber security risks are highly dynamic and not always confined to the boundaries of the organisation or even its environment. From compliance with the changing nature of national and international cyber security legislation to the security of devices and systems, and the integrity of sensitive data, each stakeholder within the sector must be prepared to minimise the impact of any loss confidentiality, integrity or availability of any of their data and information resources. Technology-based cyber security risks are related to three key areas: Vulnerabilities associated to the maintenance/viability of complex, disparate and/or antiquated industrial, manufacturing and operational systems; vulnerabilities and threats associated to information technologies; and vulnerabilities and threats that either reside or exploit at the intersection of both operational and information technologies. For example, concepts such as Bring Your Own Device (BYOD) are a convenient and cost-effective way to a more productive workforce. However, their unstructured and uncontrolled ramifications may lead
Logistics
to the emergence of a shadow IT infrastructure that, by accessing both the IT and operational technology infrastructures, could have a multiplying effect on the vulnerabilities, threats and risks for the sector. In some circumstances manufacturing organisations could struggle to demonstrate compliance of their shadow IT infrastructure with the dynamics of government and industry regulation, particularly in relation to personal data protection and dissemination rules. Although different mechanisms are being put in place across the manufacturing sector to deal with cybercrime, it is widely acknowledged that the cyber security problem and its solution are still perceived purely as a technology instead of a business issue. There are essential business-related factors to be considered in this area, from making cyber security a business priority to engaging the workforce in the management of the cyber challenges of the firm and the sector. Executive and board-level engagement and the cyber awareness levels of employees, third and fourth parties across the industrial ecosystem become an imperative.
*Reader in Cyber Security Management, Centre for Business in Society, Coventry University Aluminium International Today
Future of alu alexeis.indd 1
July/August 2018
16/07/2018 11:44:41