Cybersecurity spotlight falls on machine builders

Business leaders have a huge responsibility to meet industrial cybersecurity standards – not only to be compliant in the digital era, but to protect the safety and security of staff and the wider public.

Tim Harrison, customer success manager, SolutionsPT, looks at how this might be achieved.

As reliance on digital systems grows in all aspects of life, the potential consequences of cyber-attacks are magnified. Moreover, as more and more legacy equipment and devices are connected to digital systems, there are more and more potential points of attack.

With cybersecurity regularly cited as industrial business managers’ number one concern, it has become a central factor in any buying decision. For Original Equipment Manufacturers (OEMs), there is a competitive advantage to offering products that allow for simple and secure integration into existing end-user systems.

Complex system of machines undermining security

The nature of modern industry is such that OEMs cannot sell machines as if they operate in isolation. Nearly all new products are now joining a complex system of machines and each new addition to a network is a new point of potential weakness in its enterprise-wide cyber-security posture. In the highly competitive world of machine building, bringing the cost of a component to its absolute functional minimum must now include cyber-security provision.

Similarly, OEMs must continuously review their own cybersecurity to ensure their product doesn’t have vulnerabilities that could leak into a wider system. OEM products have successfully been exploited by nefarious hackers as a pathway to other targets within the end user’s organisation, so OEMs must consider each of their products as links in a security chain that bears a huge weight of responsibility in the modern world.

To mitigate risk and differentiate themselves in the market, OEMs must show potential customers how seriously they take cyber security, not just at the point of sale, but for the lifecycle of the asset, and they can do this in a number of ways.

Bringing in the right expertise

We always recommend that OEMs engage with experts in cybersecurity when taking a product to market, especially in the changing landscape of the digital transformation era. It is only by having access to cyber security expertise that OEMs can offer and maintain resilient architecture.

With the combined knowledge of the OEM and dedicated cybersecurity expertise, companies have the tools to understand risk and how critical products are to a strong cyber security posture for the end user. This means thinking beyond the product itself, to consider how it integrates with the wider system. Having security partners close by adds an extra safety net to an OEMs offering since, if a breach occurs, there is a system in place to rectify it as quickly as possible. This sense of security is added-value that an OEM can package and pass on to their customers when engaging with the right experts.

Best practices/training

It isn’t always obvious where a cyber threat will come from and, in some cases, the biggest threat to security is not an ingenious digital attacker getting through a system, but an opportunist slipping through a weakness caused by a human error. For this reason, the human operator will always be the most important security element of any manufacturing facility. A properly trained workforce is less likely to leave opportunities for hackers: they are aware of the latest techniques relating to phishing emails and follow all best practices when it comes to physical access of assets.

This approach is applicable to both the end user and the OEM themselves. In fact, OEMs have an extra responsibility, as their products could potentially act as a bridge into a customer’s network. Again, this level of training can be achieved by working with a third-party to ensure the right level of expertise.

Agnostic protection

OEMs work in diverse spaces with their products going into diverse networks. Just because an OEM is supplying one asset doesn’t mean the network isn’t comprised of machines from other suppliers with a host of software services. Machine builders should seek software that doesn’t limit their asset, but can easily integrate whether the facility uses legacy equipment or is a brand-new greenfield site, and whatever other vendor technologies they employ.

Report and regulate/Servitisation

Machine builders are in a unique position; with the right software included in their product, OEMs can have an extensive history of their products in a variety of real-life deployments. This information goes beyond just expected usage patterns or cybersecurity concerns that were discussed in the design phase. This shows the actual working of a machine in situ. From here, an OEM can assess different risks and see how each component works as part of a network. What may have worked and been secure in a test environment could show vulnerabilities when connected to a customer’s network.

This is increasingly important, as remote operating is becoming more commonplace. OEMs should always keep an eye on products in the field and strictly regulate the components. There is also a level of servitisation that can be offered, creating even more value from the OEM, where the products are monitored after deployment. This essentially includes the OEM as an active partner in the ecosystem of the end user for the lifecycle of the asset, regularly being updated with the latest in cybersecurity protection and directly responding to new threats as they happen.

Advantages for machine builders

OEMs are at the forefront of technology; they can be a driving force for the advancement of digital transformation by including the latest digital capabilities within their products and striving to make the most advanced piece of equipment. What is needed in this process is a cybersecurity expert, a third-party company or bringing in specific expertise to the workforce.

With this expertise onboard, machine builders can demonstrate to customers how they are working to protect their data and, in the event of a cyber-attack, they have the knowledge to deploy counter measures quickly to reduce the damage done.

The final responsibility for cybersecurity will always rest on the shoulders of the end user, but there is an opportunity here for OEMs. The opportunity to differentiate themselves in the competitive space by taking cyber security seriously and ensuring all products are deployed in a secure way. Cyber attacks are always changing and evolving, finding new ways to break into secure networks, steal data or, worse, put people in danger.

With real-time data analysis, the OEM can stay one step ahead of these attacks, with an up to-the-minute record of how attacks are approaching networks, the components they are targeting and most importantly how to stop them from happening in the future.

An OEM with a robust cyber security strategy understands that their products are on the metaphorical frontline; while operators and end users are ultimately responsible, the machine builder can help protect data and people through a variety of measures.