Hackers Are Dreaming About Manufacturers and Distributors

May 20, 2020

By Gregory Puc' and Patrick Merli

As the great Bob Dylan said, “The Times They Are a-Changin.’” The world as we know it has entered a paradigm shift in the workplace. COVID-19 has opened a floodgate of “what-if” questions business executives must respond to. One industry, in particular, that will have to focus their time, attention, and money on these “what-ifs” is manufacturing and distribution.

 The pandemic has created new challenges to risk mitigation, while exasperating pre-existing ones. With states beginning to reopen, many manufacturers are forced to make major adjustments quickly to overcome these challenges. For example, moving to staggered workforces and using smaller teams, but adding more shifts throughout the day, are popular methods to reduce the risk of infections in the workplace. While this does help shrink the risk of infection spreading, it also increases security risks to the organization, whether physical security, cybersecurity or otherwise.

Physical security is affected the most from a staggered schedule. Expanding the number of hours that people can freely enter and exit an environment makes the tracking of access to the environment difficult. This has led some organizations to investigate new building access control methods that help mitigate both security risks and health risks. Some plants and factories have added thermal imaging cameras to their video systems for fever detection and quicker response. Other manufacturers have installed contactless doors, which are controlled through the use of key fobs or mobile device management (MDM) applications to provide up-to-date monitoring and tracking of who is in the environment.

Cybersecurity experts for some time have raised concerns over the security of IT devices used in the manufacturing industry, specifically devices used in regards to integrated computer solutions (ICS), internet of things (IoT) or supervisory control and data acquisition (SCADA). One concern with these systems is that most organizations rely on third-party software to provide remote access and controls to their internal systems. Due to the use of third-party software and the ability to remotely access the system, this access can be manipulated and heavily targeted by external threats. By shifting work hours due to COVID-19, the ICS/IoT/SCADA systems have to be up and running during the new work hours; hours which have been previously used for applying updates and patches. Manufacturers need to allot a block of time with this new schedule every week to check for new updates and perform all necessary patching to their systems. Having a patch management process in place is highly recommended as it greatly reduces the risk of a successful cyber attack.

As most manufacturers and distributors can only have limited downtime, COVID-19 has highlighted the necessity of having a business continuity plan (BCP) and disaster recovery plan (DRP) in place in order to survive any such future crises. BCPs and DRPs should include some aspect of vendor management and supply chain management backup plans in place. However, just having a plan will not be enough for manufacturers to be prepared for another crisis. Plans need to be updated annually and practice scenarios should be run throughout the year to test the systems and policies that were put in place.

The lasting effects of the COVID-19 global pandemic have shaped a new world. Manufacturers, along with other businesses, will need to develop creative ways to manage the reality of this new world. With proper planning of procedures and investment into new systems, a company can enhance the security of their systems and help protect the health of their employees through the “what-if” questions.

 

About Gregory Puc'

Gregory Puc’ is Staff Network and Support Engineer within Process, Risk, and Technology Solutions (PRTS).