For manufacturers adopting Industry 4.0 technology into their operations, experts warn: With automation comes risk.
“You always add risk the minute you network a piece of equipment,” said Jeff Farr, CEO of Prescott, a startup that works with manufacturers and their managed service providers (MSP) to provide assistance in navigating government cybersecurity compliance issues.
“The minute you start getting into multiple communication methods, your protection has to get dramatically bigger because there are a lot more doors and windows to keep closed. So, absolutely you increase risk by adding automation-type equipment,” he said.
Farr’s Florida-based firm works with manufacturers that supply the U.S. Department of Defense and must therefore achieve Cybersecurity Maturity Model Certification (CMMC). These are cybersecurity requirements put in place by the federal government to protect classified and confidential information.
Prescott, which services clients nationwide, was spun out of Kalamazoo-based I.T. firm NuWave Technology Partners LLC, which also has offices in Grand Rapids and Lansing. NuWave co-founders Chad and Kyle Paalman serve on Prescott’s board.
Spooked by threats
It’s fair for smaller manufacturers to agonize over cybersecurity, especially after recent high-profile ransomware attacks that struck the Colonial Pipeline and one of the world’s largest beef processors, JBS S.A. That worry could become a deterrent to embracing the full breadth of Industry 4.0, experts say.
“I do think it spooks them,” Farr said of the potential cybersecurity risks that come with adding automation and connectivity to an operation. “But I think of: What’s the alternative? Yes, they’re intimidated, but the biggest thing is they need to trust (MSPs and cybersecurity experts). And, they have to trust because they’re really kind of betting their business.”
Kyle Reissner, senior director of customer success and solutions for Walker-based electrical services and industrial technology firm Feyen Zylstra LLC, said that many forms of Industry 4.0 aren’t an enhanced liability because they don’t rely on a cloud connection.
However, he has encountered clients who are concerned — and in some cases, panicked — over cybersecurity.
“It is slowing down Industry 4.0 adoption because of fear and uncertainty and doubt,” Reissner said. “I had a water utility tell me that they’re disconnecting everything from the internet because they’re paranoid even though they’ve been connecting their systems and enabling their remote workers in their trucks for over a decade. Why don’t you look into securing it with better technology rather than throwing out the baby with the bath water?”
The solution lies in a system that is built on a strong foundation of cybersecurity.
“Most ways to connect machines to the cloud in order to facilitate the fancy stuff, like AI, machine learning and predictive maintenance, if designed right — and I do emphasize if it’s designed right — it doesn’t really introduce additional attack vectors,” Reissner said.
Behind the curve
The manufacturing industry is notorious for avoiding large investments in cybersecurity. Experts say that, by most assessments, manufacturing lags behind most industries, including sectors that face government regulation like health care and finance.
“The regulated space (of manufacturing) is being forced to do it and what we’re finding in the unregulated space, we’re pulling them along,” said Chad Paalman, NuWave’s co-founder and CEO.
Paalman recalled a recent incident involving a West Michigan-based manufacturer that ignored a warning to implement two-factor authentication, which is one of the more basic forms of cyber hygiene.
The manufacturer was ultimately compromised when a cyber criminal was able to trick one of the company’s suppliers into changing banking information in order to reroute payments.
“There is a real dichotomy between the regulated and unregulated spaces,” Paalman said. “I hate to say this, but the unregulated companies, a lot of them are making changes because they’re finding the hard way. They touched the stove and it was hot.”
Automation Alley, a Troy-based Industry 4.0 knowledge center, dove into the topic of cybersecurity in its 2021 Technology in Industry Report.
The report highlights how crucial connectivity is to the scope of Industry 4.0. It has been even more crucial over the last year as the pandemic forced most professionals to work from home.
The report highlighted both technical and organizational steps for businesses to maintain a strong cybersecurity posture.
Technical measures ranged from multi-factor authentication and endpoint device protection to secure communications. Organizationally, businesses should look to define a vision, strategy and goals when it comes to deploying resources, in addition to communicating regularly about cybersecurity and coordinating a unified response to breaches, according to the report.