When It Comes to Cybersecurity, Be Scared, but Be Prepared

Originally titled 'Be Scared, but Be Prepared'

Warnings about threats to internet-enabled networks in manufacturing plants should be taken seriously without giving in to alarmist overreactions. The risks are real, but manageable, while the benefits are too compelling to forego.



Machine spindles can go bad. Cutting tools can suffer catastrophic breakage. A chip conveyor can jam. System failures such as these are ordinary and expected risks that every machine shop faces. Steps to minimize these failures are worthwhile, because they can cause downtime that might hurt profits and potentially harm customer relations.

Now we face the risk of system failures due to hackers. Manufacturers are increasingly susceptible to becoming targets of cyber attacks. Although I don’t doubt this fact, it is a broad generalization that makes me as uncomfortable as saying “Every home in America could be damaged by a tornado.” (Certainly true, but not every home faces the same level of risk. Consider a mobile home in Kansas compared to a stone farmhouse in Vermont.)

Yet I think the statement about cyber threats to manufacturers must stand. It should scare us a little, and may be a lot. More importantly, it should make us think about tactics to deal with the threat in a calm, reasonable yet urgent manner. This is the main point I want to make here. What’s needed most is a balanced approach. The fear of potential loss must be offset by the promise of gains from networking machine tools and becoming part of the Industrial Internet of Things.

Right now, I think the fear of loss is the side of the equation that needs the most attention. The problem is that the cost of downtime due to a cyber attack is hard to comprehend. There have been few detailed accounts of such incidents at small to medium-sized machining facilities, although reports have recently surfaced about suppliers to the metalworking field being exposed to ransomware that encrypts a company’s critical data until hackers are paid off. This is pretty close to home.

At the least, shops should consider these steps:

Build awareness. Cyber security is not a concern just for the IT folks. Everyone in an organization must be prepared to follow safe networking procedures. Constant vigilance and continual training are necessary.

Take precautions. More and more machine tool providers are building in or making available provisions to promote the safety of connecting machines to an internet-enabled network. These options or standard features should be studied as closely as any other on the spec sheet. The Mazak SmartBox is one example.

Expect to be certified. It’s probably only a matter of time before companies in a supply chain will be required to have certification that some sort of network security is in place. Compliance will likely require that an ongoing security protocol is in place and being followed. Developers of control systems, for examle, have toptions for cyber security certification.

Consider insurance. Like any risk, threats to the security of a company’s network and data can be covered by insurers that specialize in this field. Coverage can at least partially protect a company from loss due to cyber attacks.

Stay focused. The benefits of connecting machines to a network for production monitoring, predictive maintenance and integration with enterprise resource planning are too promising to forego because fear has not been confronted. This article, "Keeping a Shop Network Safe," makes the case for striking the right balance.