Smart factories unprepared for cyberattacks

Organizations operating smart factories largely agree that cybersecurity is a critical component to their operations. Many, however, are unprepared to deal with the growing number of cyberthreats against them, according to a report released last week by Capgemini, a provider of technology and digital transformation consulting services.

The report, based on a survey of 950 organizations globally, finds that 80% agreed that cybersecurity is a critical component of a smart factory’s operations and while more than half (51%) acknowledge the number of cyberattacks will likely increase over the next 12 months, their current levels of preparedness are low.

Many of the executives contacted for the survey say they will be unable to respond effectively to cyberattacks in their smart factories and manufacturing locations. What’s more, many organizations say their cybersecurity analysts are overwhelmed by the vast array of operational technology (OT) and industrial internet of things (IIoT) devices they must track to detect and prevent attempted intrusions. Given the recent exponential increase in the number of connected devices within smart factories, the report notes, this is a problem that will only grow, especially since the number of IIoT connections is expected to reach 37 billion by 2025.

Heavy industry most exposed to risk

Capgemini reports that cyberattacks on smart factories appear to be both pandemic- and recession-proof, with 73% of the organizations that had suffered a cyberattack did so in the last 12 months. Organizations in heavy industries were the most impacted by cyberattacks on their smart factories (58%), followed by pharmaceuticals and life science companies (44%).

“Because the assembly line in heavy industries is so robust—you have more complex operating systems, more complex software, more patches applied on a regular basis—the risk profile is much more exposed in heavy industry,” explains Capgemini Americas Vice President of Cybersecurity Strategy Dave Cronin.

For pharmaceuticals, Cronin continues: “They’re aware of the issues but are much more reluctant to spend because they’re not forced to spend. There are no laws or compliance requirements.”

At the low end of the attack table were plants in the automotive (36%) and aerospace and defense industries (33%). One reason smart factory security in the auto industry is better than other verticals is that it’s been at it longer. “They got a head start on this five or 10 years ago,” Cronin says. What’s more, “With all the research and development that’s gone into automated and driverless driving, the safety impact of that is understood so they’ve been more proactive with their cybersecurity strategy. They realize the reputational damage that could be done if they messed something like that up.”

Skills shortage, shadow IT present security challenges to smart factory operators

More than a quarter of the organizations impacted by cyberattacks (27%) say they’ve seen the infiltration of unsecured IIoT devices for use in DDoS campaigns increase by 20% since 2019. In a similar vein, nearly three in ten organizations (28%) saw a 20% increase in employees or vendors using infected devices to install or patch smart factory machinery.

The report also identifies some key challenges to getting cybersecurity initiatives off the floor in smart factories. For example, skilled manpower is a problem. More than half of the outfits surveyed (57%) say the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent.

Shadow IT is another challenge raised by smart factory operators. Capgemini reports that more than three-quarters of the organizations surveyed are concerned about the regular use of non-standard smart factory-specific processes to repair or update OT and IIoT systems. In addition, more than half the organizations (51%) say that smart-factory cyberthreats primarily originate from partner and vendor networks.

Despite the high level of unpreparedness, there is a reason for some optimism, Cronin maintains. “It’s not all doom and gloom,” he says. “There are some companies taking appropriate steps. However, as these factories get overhauled and redesigned, for those that don’t take a proactive approach and assume everything is going to be fine, there will be additional problems.”