- By Claudia Jarrett
- January 05, 2022
- EU Automation
Claudia Jarrett, US country manager at automation parts supplier EU Automation, explains why automation will be crucial if manufacturers are to defend themselves against 2022’s biggest cybersecurity threats.
According to findings by the United States’ Identity Theft Resource Center (ITRC) reported by Forbes, by October 2021 the number of data breaches publicly had already exceeded the total for 2020. This made it a record year for cyberattacks. Here, Claudia Jarrett, US country manager at automation parts supplier EU Automation, explains why automation will be crucial if manufacturers are to defend themselves against 2022’s biggest cybersecurity threats.
Businesses around the world, including manufacturers, are under growing pressure to implement effective cybersecurity with fewer resources. To be successful, automation and the Internet of Things (IoT) will play a crucial role. Let’s look at some of the biggest anticipated cybersecurity threats of 2022 and the steps manufacturers can take to mitigate them.
Artificial intelligence (AI)
Does more automation and artificial intelligence (AI) mean better security for manufacturers? Yes, according to data published by Statista, as 47.3% of companies in 2020 got onboard with embracing automation from a security perspective, compared with 39% in 2019. This figure is expected to rise in 2022.
One reason is that IoT technologies are becoming more affordable for manufacturers. IoT sensors are playing an increasingly crucial role in collecting machine performance and processing data and interpreting this information for greater accuracy and less chance of human error.
While AI is in its relative infancy, manufacturers’ cybersecurity strategies in 2022 are expected to lean more heavily on machine learning―a form of AI that allows software applications to predict outcomes more accurately without being explicitly programmed to do so. Machine learning trends in 2022 will include the use of deep-learning networks, which are programmed to discern massive amounts of data and then tested for known kinds of scenarios such as cyberattacks.
Secure supply chains
Supply chains are designed for the fast delivery of products and services, rather than for optimal security. They are also becoming more complex year-on-year, as systems that are stand-alone and unconnected to public networks go out of fashion in favour of the IoT, faster 5G connectivity and cloud technologies. All of these technologies rely on integrity of their real-time data. Cyberattacks to these networks are especially hard-to-spot because they are designed to blend-in with the legitimate activities of companies, workers and customers.
Take, for instance, the aluminium manufacturer Norsk Hydro, based in Oslo, Norway, which became the victim of a global cyberattack that cost the company $52m. The company had to shut down around 22,000 PCs across 40 countries when it became the victim of the LockerGoga ransomware virus. Once installed, LockerGoga modifies the user accounts in the infected system by changing their passwords. It was so bad that many of the company’s plants had to resort to using pen and paper.
In case of such attacks, manufacturers are incorporating Know Your Business and Know Your Customer (KYB and KYC) measures in their working culture, which use digitalized and automated functions like databases to verify the identities of customers, partners, third-party vendors and suppliers. The most extreme measure is a zero-trust approach, where the company assumes the network is hostile and grants only the least privileged access and permissions needed to fulfil the desired function.
Proof of identity
Validating users’ identities will be more vital in 2022 as remote working―or a hybrid of remote and on-premises working—becoming increasingly normal in the COVID-19 era. The number of employees working remotely has increased from 30 to 48% during the pandemic according to Gartner, while another Gartner report found that 74% of the surveyed employer will allow their employees to continue to work remotely.
Standards and regulations will evolve with these requirements. Europe, for instance, is updating its eIDAS regulations—short for electronic identification and trust services—to demand higher-quality validation of remote users’ identities. Manufacturers must optimise how they monitor network traffic process flows and requests, and determine who and where these are coming from.
To this end, research by DigiCert has found that 91% of business are at least discussing automating their Public Key Infrastructure (PKI) digital certificates used to authenticate users, servers or devices online. Manufacturers must employ butter physical and digital identity-proofing tools, yet many are hindered by ageing IT systems or budget constraints. Some companies are reluctant to invest in new cybersecurity systems if that entails capital expenditure (CapEx).
That’s why we can expect to see an increased reliance on software as a service (SaaS) tools in 2022, including identity proofing technologies. SaaS applications are cloud-based and can be accessed through any device with an internet connection, while a hardware or software product must be entirely installed on a device or network.
Entrust’s 2021 report, Securing the New Hybrid Workplace, a study of 1,500 business leaders including some based in the United States, found that 40% are utilizing biometric authentication technologies, while 36% are using mobile identity verification systems. In the same report, 65% of employers in Japan said they have offered data security training specifically to support hybrid working arrangements.
The IEC 62443 standard should be on manufacturers lips going into 2022, as it has been developed to address and mitigate current and future security vulnerabilities in Industrial Automation and Control Systems (IACS). After all, many IT standards are not compatible for operational technology environments with their unique ramifications for worker safety, environmental sustainability and the bottom line.
IEC 62443 doesn’t only address industrial technologies but also the control systems, work processes, countermeasures and employees in ways that are designed to bolster security throughout the lifecycle and reduce costs. The standard is split into four parts covering terminology, concepts and models; methods and process that are relevant to IACS security; requirements at the system level for IACS; and detailed requirements for IACS products.
Research by DigiCert recommends that organizations work harder to strengthen cyber security culture among their staff through employee education, online training and more, and IEC 6224 could be greatly beneficial in helping manufacturers improve their leadership and communication strategies for better cybersecurity.
Sooner or later, banks, financial institutions, and businesses will need robust identity verification solutions to eliminate the root cause of cyberattacks. Onboarding of legitimate individuals can only be ensured when the company knows who they are every time they try to access the system. Based on the trends, data breaches and ransomware are not going to be eliminated any time soon.
It’s clear that manufacturers must embrace automation and the IoT to remain cybersecure in 2022. To do so, they must have a strong cybersecurity plan in place. This should begin with a full audit of weaknesses and risks. This is especially important for IoT security as some devices will be the “set and forget” kind―sensors to monitor temperature or humidity, for example. Replacing legacy infrastructure with new technology can also be cost-prohibitive.
That’s why retrofitting assets with smart sensors could prove crucial to manufacturers’ cybersecurity defenses in 2022, used in conjunction with SaaS security tools like identity proofing technologies. This is where an automation spare parts supplier can lend a crucial hand in helping manufacturers implement effective cybersecurity with fewer resources.
For more information on how to prevent cyberattack, take a look at EU Automation’s other cybersecurity resources. To learn more about safely retrofitting smart sensors in your plant, click here.
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe