Manufacturers must tighten their cyber security measures as the sector moves towards Industry 4.0

The manufacturing sector is rapidly moving towards a fourth industrial revolution (Industry 4.0) centering on Big Data and the Internet of Things (IoT). Industry 4.0 will put manufacturers on the next step towards fully digitised, intelligent manufacturing facilities with developments ranging from driverless forklifts to collaborating robots[1]. The IoT will see networks of physical objects, systems, platforms and applications that contain embedded technology to communicate and share intelligence with each other, people and the external environment[2]. West Coghlan from the Economist Intelligence Unit hales the IoT as potentially the greatest technology disruption to hit the sector, with the opportunities being so great that manufacturing firms will have no choice but to participate[3].

Smart connected products and processes make for vast amounts of data. Manufacturers can capture and use this data to increase efficiency throughout the supply chain and to meet customers' individual needs like never before through mass customisation. However just as the IoT and Big Data bring unprecedented opportunities, they also bring unprecedented risks. Industry experts are advising that with 80% of the data available in the UK today having been created in the last two years, the need for big data management with manufacturing companies has never been greater[4].

Unfortunately the reality is that although many manufacturers are investing in the IoT, data protection and cyber security is seen as a low priority[5]. As a result, cyber security is not keeping pace with cyber criminals[6]. For instance, only 8% of manufacturers report that they are very confident in their current cyber security protections to prevent an IT breach[7]. This complacency leaves manufacturers open to malicious cyber attacks that could have devastating legal and regulatory consequences.

The sheer size of the IoT is increasing global vulnerability to cyber attacks. The number of IoT sensors is expected to approach 30 billion within 5 years and each unit is a potential entry point for cyber criminals to jeopardise manufacturers' intellectual property, data and products[8]. Inadequate security measures can be fatal to a business. Once a hacker gains access they can easily manipulate machines or manufacturing processes remotely or obtain sensitive corporate data. This can lead to complete loss of production, health and safety risks, data breaches and theft of intellectual property[9]. Some recent breaches include;

• The (self-named) Cutting Sword of Justice hacked into 30,000 workstations at Saudi oil company 'Saudi Aramco' in 2012. It took the company months to fully recover from the attack[10]
• In 2014 a German steel mill was attacked by hackers who gained control of a smelting furnace and caused it to overheat, resulting in substantial damage to the furnace and interruption of the mill's business[11]
• The automotive industry recently faced class actions alleging that cars equipped with Bluetooth and Wi-Fi were vulnerable to hacking whilst being driven[12].

In order to avoid cyber attacks, manufacturers must adequately protect their data, customers, products, employees and factory floors. Manufacturers must treat the risks of cyber related crime, data loss and intellectual property theft and the need for controls to be in place to ensure regulatory compliance in the same way as protecting the health, safety and welfare of its employees. They must design security concepts that focus on the security of their factories, software and processes as well as having a joined-up approach between those responsible for compliance, procurement and HR within each business so that employees, contractors, customers and suppliers know what protocols and procedures they must follow to preserve the effectiveness of their employer's IT systems and maintain electronic integrity throughout their entire supply chain. In doing so manufacturers should;

• Adopt a proactive and comprehensive framework and strategy for digital security that spans the whole firm
• Conduct a full security audit of current and likely risks with IoT initiatives including IoT devices, network infrastructure and all mobile, web and cloud touchpoints. This should include the identification of risk by regulatory, legal and brand exposure
• Ingrain security into devices and processes early. It is difficult to retrofit security on factory infrastructure, electronic networks and thousands of installed and deployed devices
• Educate and train the workforce around IoT security. The IoT will span deep into project design, the supply chain, production and all other parts of the organisation. Employees will need to be part of the security strategy to keep data and infrastructure secure
• Bring customers, suppliers and other partners up to your own rigorous security standards. In an IoT environment, security will only be as good as its weakest connection
• Revisit the role of IT. The IoT will cause the IT Department to become an integral partner in virtually every part of the business. This will demand new organisation, resources, skills and lines of authority to manage attacks and risks[13]
• Strengthen single applications and systems. Security measures should be embedded directly into applications and programs, but in a manner that does not inhibit efficiency
• Develop flexible products and factories. Developers must ensure their products can be patched to fix any security holes that arise after deployment[14]
• Keep legal and regulatory considerations at the forefront of security strategy. As cyber risk increases, an organisation's legal commitments to its customers, suppliers and employees privacy will still stand. A cyber attack could lead to legal liability, regulatory action, hefty litigation costs and catastrophic harm to reputation[15]

In demonstrating the scale of the threat of cybercrime, the ONS estimates that there were 5.8 million cybercrime, fraud and computer misuse offences experienced by businesses and individuals in the 12 months leading up to March 2016[16].

The National Crime Agency warns that cyber criminals are a major growing threat to UK businesses due to criminals becoming more aggressive and technically proficient. To see their most recent report on the threat of cyber crime to UK business click here.

Bond Dickinson can work with you to ensure your organisation is best protected against cyber risks and to guide you through identifying and dealing with potential cyber attacks to ensure they do not result in long term damage. We have specialist solicitors in the areas of IP, Technology, Data Protection, Regulatory Compliance & Enforcement, Finance Crime, Privacy and FOI who also have extensive experience in the manufacturing sector.