Arthur Bloch once said, every solution breeds new problems. We have come a long way since the late 18th century after the first industrial revolution. Mechanical tools were introduced to the masses which replaced conventional manual labour and working animals. Since then, it had spurred people throughout the ages to improve our manufacturing processes and led to the subsequent industrial revolutions. Now, the boom of technology in the 21st century heralded the fourth industrial revolution aka smart manufacturing. By utilizing technologies such as internet of things (IOT) and artificial intelligence in manufacturing practices, it allowed machines to share information and perform calculated actions based on its own analysis. However, this introduced a new set of challenges to tackle. Plant security had evolved to include not just physical but cyber security risks. Cyber security measures are never good enough as cyber threats are constantly evolving with time. In addition, cyber security is an uncharted territory for the manufacturing sector prior the 21st century. That said, we should not dismiss current efforts and initiatives to minimize successful cyber-attacks.
Cyber security threats are getting increasingly sophisticated in the ever-changing technological world and we can never fully protect our systems. The reason being is that cyber perpetrators are constantly upgrading their techniques, approach and resourcefulness. In 2015, an astonishing figure of 230,000 new malware samples were documented daily. In addition, as shown in Figure 1, US Department of Homeland Security (DHS) listed the manufacturing sector to be a key target for attacks. Note that the figures accounted only for the incidents reported, the number of attacks including cases that were not reported would certainly be much larger. Even sectors such as healthcare which is regarded with an advanced cybersecurity system experiences constant breaches, what else in manufacturing.
Figure 1. US Reported Cyber Incidents in 2015 by DHS
Furthermore, adding on to the ever-changing cyber threats were frequent occurrences of cyber-crimes committed in the manufacturing industry. It had proved that current measures were insufficient. This was because Operation Technology (OT), one of the key enablers of smart manufacturing had only recently been treated seriously in the industry. OT is a computer system and the hardware which could sense or manage physical devices and events. The Stuxnet incident in 2010 that occurred in Irans nuclear plant highlighted the importance of security in industrial OT. The worm (Stuxnet) took control of the system and instructed hundreds of centrifuges to spin at abnormally high speeds, damaging them. Just imagine, one worm that slipped through the defence line managed to singlehandedly decommissioned 1,000 machines in the plant. Therefore, there will always be room for improvement for our cyber security measures.
Moreover, many manufacturers are not upgrading to the latest cyber protection plan due to complacency or lack resources to do so. According to a comprehensive study by Deloitte in 2016, one-third of manufacturers did not review their control system for cyber risks. This is especially true for small manufacturers who neglected their cybersecurity aspect due to the shortage of time and lack of resource. As a result, smaller manufactures who depend greatly on technology for production will be more susceptible as targets for cybercrimes. While others, despite the very real risk chose to have a less than adequate cybersecurity system. In a recent study, 67% of IT heads in manufacturing sectors were confident to defend against a cyber-attack. Unfortunately, expectations might differ from reality and manufacturers should not take their foot off the pedal with regards to security.
Nevertheless, current efforts in transiting to smart factories and safeguarding our cybersecurity are progressing, albeit slowly. Kaspersky Lab, a cybersecurity company detected and blocked over 18,000 malware on industrial automation system in the first half of 2017. It would be unfair to dismiss the efforts made to block cyber attacks and instead focus on only the breaches of cybersecurity incidents. In 2017, the Triton malware attempted to disrupt a plants safety critical system but fortunately, was unsuccessful. The detrimental impact to the environment and workers would had been catastrophic if our cybersecurity measures did not perform up to expectations. Furthermore, the cybersecurity industry is forecasted to grow 15% by 2023. Even the government had acknowledged the severity of cybersecurity as we transit to smart manufacturing. All these highlighted the efforts and improvement that is taking place for cybersecurity in the fourth industrial revolution.
In conclusion, our current cybersecurity measures are not ready for the challenges faced in smart manufacturing. Although current initiatives and efforts are headed in the right direction, it is still insufficient against the ever-changing cyber threats. Ultimately, I believe that it is the responsibility of all individuals in the industry to remain vigilant at work and not be over reliant on any cybersecurity measures.