Click here for a printable version of this article.

June: Cyber Attacks on Industrial Control Systems

Since the influence of technology has been greatly increasing, machines have been implemented into industrial processes to aid the manufacturing of a product. This is due to the rise in demand for many different products each day so machines are needed to help the manufacturing companies meet this demand. In order to control these machines the companies have industrial control systems which allow them to modify and monitor the actions of the machines. But these control systems are prone to hackers who can take control of these machines and alter the production process, which can result in many problems for the manufacturing company. In recent years, there has been an increase in both the frequency and intensity of cyber-attacks on manufacturing companies. These cyber-attacks are carried out by organized hacker gangs who can be hired to hinder the production process of a competing company in attempt to steal their business. These cyber-attacks are a growing problem in the world but there are proper steps to take when dealing with a cyber-attack.

There are many different forms of cyber-attacks that happen throughout the world. One example of a cyber-attack is when the hackers override control of the industrial control systems and lock the owners out for ransom. This would result in a complete stop in production, which would cause the company to be unable to fulfill its production commitments and lose revenue and customer trust. Another form of cyber-attack is when the hackers would target a control system that can influence the physical properties of the production area. For example, hackers can target a thermostat and alter the temperature in the production area, which could impact products that require a specific environment. This would cause the products created under these conditions to be defective and unusable resulting in a loss in money, time, and material for the manufacturing company. The cyber-attacks can also be carried out by a disgruntled employee who has access to the control system and can cause a partial shutdown in the manufacturing plant. If the plant is shutdown it would be unable to produce the products and meet their deadlines, which would result in a loss in reputation. There are many different scenarios for cyber-attacks that can happen and negatively impact a manufacturing company.

There are many different steps to take when dealing with a cyber-attack. These steps can be broken down into two sections; prevention and response. Prevention involves preventing the cyber-attacks from happening by enhancing security and being prepared for attacks. When an employee is fired the company should terminate the employee's accounts and change the passwords to critical security and control systems. This would help prevent cyber-attacks committed by the disgruntled ex-employee. Some companies hire hackers on a regular basis in order to see where their security can be penetrated so the IT team can focus on strengthening these areas. Companies should enhance their detection of cyber-attacks by monitoring the industrial control systems and looking for suspicious changes. Furthermore, companies should refrain employees from using flash drives and opening emails that are not work related to avoid security breaches and viruses. Response involves the steps to take after a cyber-attack has already happened. After an attack happens the company has to recover from this attack. One way to do this is by having cyber insurance coverage, which could help the company recover from the financial loss. After an attack happens the company should prepare for the next attack.

As time goes on technology's role in society will only increase, which means cyber-attacks will continue to happen and become more influential. These cyber-attacks can greatly hinder product production and can result in many problems to occur, which can even include a loss in production. Preventing and responding to cyber-attacks is very important for manufacturing companies so they could avoid any unnecessary obstacles in their business.

Risk Logic can assist you preparing for a cyber-attack by reviewing some basic employee, security and network issues.