During college, one of my jobs was working at the largest vitamin factory in Boston. It was a well-tuned machine churning out thousands of bottles filled with hearty pills. It was quite a sight to behold, but if the bottles were to suddenly stop on the floor, it wasn’t a national issue. But, if Alcoa, GE, Boeing or Intel had all their lines shut down for a prolonged period due to a cyber attack, that would have a huge ripple effect on our economy.
According to the DHS Critical Manufacturing Sector Specific Plan (SSP), Critical Manufacturing Sector infrastructure is divided based on four key functional areas:
- Primary Metals Manufacturing
- Machinery Manufacturing
- Electrical Equipment Manufacturing
- Transportation and Heavy Equipment Manufacturing.
Within each of these categories, there are three main areas ripe for attacks: Supply Chain, Factory Floor and Intellectual Property.
Manufacturing is no longer a vertical process where the company providing final goods builds everything from scratch. Those days are long gone and what we have is a supply chain of components and parts that is highly integrated and orchestrated. Even the slightest delays in some upstream component can have significant impact on the downstream products. Case in point is The Boeing Company’s 787 Dreamliner, where several delays in supplies left a once concrete flight date up in the air, unlike the plane, which was finally launched two years late. Most of those suppliers and Boeing utilize SCADA and DCS ICS systems to manufacture everything they provide, and these systems may also be intertwined through the use of extended networks. It is critical to ensure that only the correct, trusted access can occur. An attack on any system in the chain will surely have a magnified effect down the line.
The associated intellectual property for products we design and manufacture is very critical to our competitiveness on a global basis. There have been highly targeted attacks on key manufactures in many sectors that have led to big spending on investments with especially short shelf lives.
Besides risk of IP theft, manufacturers also face the threat of cyber espionage, particularly in the areas of product testing and development. For example, global teams often work around the clock on product development and testing. A team in the United States may make changes to a product, and a team in China might perform tests. If someone hacked into the system and changed results, products could get produced with flaws, causing dangerous, if not costly, outcomes. Trade secrets and intellectual property are high value targets and, if stolen, can severely damage a business or compromise our national security.
So, while the suspended production of my vitamin bottling plant may not be an urgent matter (except to that business), the halt of an Intel fab for months or the lack of aluminum for planes is a big deal. And, did you ever wonder why China’s new fighter jets look a lot like the F35?