3 minute read
Opinion: Cybermen and women needed
In the Global Threat Intelligence Report 2018, manufacturing was singled out as the biggest target for cybercriminals in the UK: because of its outdated IT systems, long supply chains and a massive potential for inflicting damage. Dr Mary He, Lecturer in AI and Cybersecurity for Manufacturing, Cranfield University explores the risks and what manufacturers can do to protect their businesses.
A 2018 survey from EEF suggested around half of all UK manufacturers had experienced some forms of cyber-attacks in the last year (and half of these suffered significant disruption or financial costs as a result). There are many fundamental threats to systems that are inherent across the sector, due to original design of conventional systems. A National Cyber Security Centre report in 2017 suggested that industrial control systems software used by UK power stations and other operations had already been “compromised” with the potential for major disruption of kinds that are yet to be fully understood.
In this high stakes environment, manufacturers are making a serious misjudgment in leaving cybersecurity to IT specialists. No matter what level of expertise an IT professional may have in cybersecurity technologies, they also need to be able to understand the entire operational picture, how security issues are entangled with processes and management decision-making. Experienced manufacturing managers need to be taking a lead on cybersecurity in an industry environment, and clearly know what all the risks are, and what the next attack is going to target.
Industry 4.0 is promoting the development of advanced manufacturing. For example, the Chinese government put its weight behind automated manufacturing in 2015 with its Made in China 2025 initiative. In the UK, the manufacturing sector accounts for more than half of the UK’s exports (53%) and around three-quarters of business research and development (72%), although the UK has been relatively slow to invest in new capital for Industry 4.0 automation compared with manufacturers in the rest of Europe. Research by McKinsey in 2017 suggested that 64% of staff working hours in manufacturing worldwide could be automated just by using the technology already available. Artificial Intelligence and co-bots will enable the step change, but security issues are limiting the progress of manufacturing digitalization, as industry always puts more attention on the emerging technologies rather than on security.
The cyber risks, given the high levels of connectivity involved with Industry 4.0, need to be faced head on and effectively managed in terms of understanding of specific systems. By its very nature, the shift to a digitalised system is providing a series of cracks in security. An autonomous system is dependent on communications, sharing data at high speeds between management hubs and all the individual mobile elements involved – thereby opening a front to cyberattacks and industrial espionage. Leadership, then, is the key factor: the combination of clear-sighted decision-making based on an understanding of the full operation and its supply chains, to balance risks against benefits, to keep the business moving forward – not shrinking into itself or exposing the organisation to unnecessary threats.
At Cranfield we have focused our work on developing manufacturing professionals who can take a lead on cybersecurity for engineering at a higher level. That means being equipped to not only develop strategy and the technical dimension but take charge of creating a culture of cybersecurity among all staff. A range of skills and techniques are needed.
There is a critical role for cybersecurity professionals in acting as the bridge between the two domains of IT and general business management, to translate IT knowledge to help managers and directors to understand the security issues in engineering sector, to broaden out the CIO role, and make cybersecurity part of the everyday working culture, not just the updating of software. Women could be well-placed to take on these interdisciplinary roles as well. Current figures suggest just one in ten professionals working in cybersecurity globally are women. Hence, more women are needed in cybersecurity roles, in manufacturing and industry more generally.