Cyber-attacks have been on the rise since the beginning of the pandemic, according to the Ransomware Task Force, an international coalition of experts formed to combat ransomware criminals. Ransomware is a type of malware used by attackers who threaten to publish the victim’s data or block access to their systems unless a ransom is paid.
Ransomware targeting infrastructure and manufacturing is a profitable business for bad actors because the impact and money lost due to production downtime is reason enough for companies to pay up fast. And as manufacturers create more connections into equipment to keep operations running from afar, it creates new pathways for hackers to access.
“If you think about the history of controls, [these systems have] always been disconnected, so no one worried about security,” says John Livingston, CEO of cybersecurity firm Verve Industrial. He says companies installed firewalls to protect the network, but no one worried too much about security of the machines inside the network barrier. “So they didn’t patch them, they used standard passwords, and allowed more people access to an incredibly insecure infrastructure that was completely unmanaged,” he says.
Now, however, OEMs and industrial control system (ICS) suppliers are rapidly rolling out remote access tools as a way for plant managers to monitor machines from wherever they are. The problem is, there are way too many methods of remote access.
Cargill, a global manufacturer with facilities in 70 countries, is a good example of an industrial company working to secure their systems amid a rise in the use of remote access technology. “We have so many OEMs that we mostly deal with at the local level,” says Dominic de Kerf, Cargill’s smart manufacturing expert focused on automation, instrumentation, and process control. “They know a lot about their machines, but cybersecurity is not something they do well.”
And every supplier has a different remote access method, making the management of security systems to block access into an ICS opening an IT nightmare.
The concern was so great for de Kerf that, when asked to join a remote access workgroup within the Organization for Machine Automation and Control (OMAC), he gladly accepted. The OMAC workgroup is facilitated by ei3 Corporation, a provider of technology used to increase machine performance and secure remote connections.
Members of this group include large consumer packaged goods (CPG) manufacturers such as Cargill, Frito-Lay, and P&G, as well as OEMs like ITW Hartness, Durr USA, Milacron, Mettler Toledo, Nordson, and ProMach. Technology suppliers Beckhoff Automation, Mitsubishi Electric Europe, Sick, Siemens, and of course, ei3, as well as many system integrators and organizations like …….