WEF Warning - Manufacturing Sector - X-Industry

Manufacturing is the most targeted sector by cyberattacks, as reported by the World Economic Forum (WEF).[1] The heavy digitalization of the manufacturing sector is yielding increased growth, efficiency and profitability. This boost, however, has also exposed the sector to malicious actors looking to exploit vulnerabilities through sophisticated approaches.

For the second year running, manufacturing has been the most targeted sector by cyberattacks. Throughout 2022 alone, ransomware attacks on industrial infrastructure doubled, with a potential systemic impact to supply deliveries. Cyber-attacks may disrupt businesses and supply chains, offsetting the gains from digitalization and resulting in financial and productivity losses causing reputational damages.

Why the manufacturing sector is important. The manufacturing sector involves various industries essential for society. It contributes to global circular economies, such as consumer goods, electronics, automotive, energy, pharma, food and beverage, heavy industry and oil and gas.[2]

In the manufacturing ecosystem, production facilities are spread worldwide and each producer is also a consumer and vice-versa. Therefore a cyberattack on one company can have ripple effects across the ecosystem, with costly consequences.

The resulting risks are systemic, contagious and often beyond the understanding or control of any single entity. A new report found that 98% of organizations have a relationship with a third party that has been breached. In comparison, more than 50% have an indirect relationship, with more than 200 fourth parties experiencing breaches. A recent example is the ransomware attack on a large semiconductor industry supplier, which reportedly cost $250 million in the next quarter.

The scaling of advanced technologies, such as the industrial internet of things (IoT) and automation, and the increased digitalization and connectivity taking place with the fourth industrial revolution, have greatly improved the efficiency and productivity of manufacturing companies globally.

However, this progress has also exposed the manufacturing ecosystem to cyber-attacks. Considering the current rate of cyber-attacks affecting the sector and as cybercrime is predicted to be one of the major global risks in the next two to 10 years, manufacturers must prioritize cybersecurity in the medium to long term.

Today and tomorrow’s cybersecurity impacts. According to research, the sector’s five main threats are phishing attacks, ransomware, intellectual property (IP) theft, supply chain attacks and industrial IoT attacks. A recent report has also found that in 2022, victims in manufacturing accounted for 30% of incidents that resulted in extortion.

Manufacturing companies are a lucrative and accessible target for ransomware due to their low tolerance for downtime and the relatively low level of cyber maturity concerning other sectors. In addition, manufacturing industries often lag in investment into cyber resilience due to the extended production cycles and the hefty investments needed to re-design manufacturing lines.

In 2022, a ransomware-as-a-service group called Lockbit accounted for the largest number of ransomware attacks targeting industrial organizations and infrastructures. Some previous examples of ransomware attacks against manufacturing companies include the 2017 WannaCry ransomware, which affected over 100 countries and halted production of a major car manufacturer. The 2019 large-scale ransomware targeted an aircraft component maker crippling the production in factories across four countries. Meanwhile, the LockerGoga ransomware, which impacted a large aluminium manufacturer in Norway in March 2019. More recently, in the Spring of 2022, US government agencies warned about malicious custom malware targeting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.

Cybersecurity companies have attributed the malware to a state-sponsored actor aiming to access, manipulate and disrupt OT environments and processes. This malware, called “pipedream,” represents a genuine concern for the manufacturing sector due to its ability to target specific industrial equipment embedded in different types of machinery leveraged across multiple industries.

Cyber-resilient digitalization. The manufacturing sector must prepare itself against the growing threat landscape by becoming cyber-resilient to reap the benefits of digitalization. One of the manufacturing sector’s main struggles is having a fragmented approach to managing cyber-related issues. In the European Union, a new legislative proposal, the Cyber Resilience Act, is being discussed to introduce the mandatory cybersecurity requirements for hardware and software products throughout their lifecycle. Moreover, the new NIS 2 and Critical Entities Resilience (CER) directives classify certain manufacturing industries as important or “essential entities,” requiring them to manage their security risks and prevent or minimize the impact of incidents on recipients of their services. In the US, various federal regulations have been imposed on specific sectors like water, transportation and pipelines and a national cybersecurity strategy was recently released.

The International Electrotechnical Commission’s IEC 62443 is considered by many to be the primary cybersecurity standard for industrial control systems but it is complex.[3] It currently includes nine standards, technical reports and technical specifications.

The US government’s National Institute of Standards and Technology established a cybersecurity framework for critical infrastructure, which is currently being updated and developed implementation details for the manufacturing environment. To support the industry, the SANS Institute, a leading cybersecurity training and research center, highlighted five ICS cybersecurity critical controls. However, there is no overarching “cybersecurity gold standard” for manufacturers across the different sectors and countries which considers the sector’s interdependencies and sets the security requirements beyond the existing frameworks and IT standards.

The World Economic Forum is convening stakeholders from the manufacturing ecosystem, including the public sector and academia, to strengthen cyber resilience across the industrial manufacturing ecosystem by building awareness among decision-makers and mobilizing global commitment. This new initiative will define key guiding principles and practices for collective responsibility across the manufacturing ecosystem, built upon five cyber resilience pillars:

Develop a cybersecurity culture from the shop floor to the C-suite.
Adopt a risk-based approach to identify, protect, and monitor critical assets.
Plan an incident management process.
Harden the assets and the industrial control system environment.
Manage ecosystem risks.
Addressing the cybersecurity risk in the manufacturing sector in this way will have benefits that move far beyond the sector.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings: