October is the European Cybersecurity Month of the EU's cybersecurity awareness campaign, Max Lemke looks at the importance of security and resilience in the manufacturing sector.

Once industrial companies start digitalising their factory floors, concerns about cybersecurity arise. Many industrial companies still remember the ransomware attacks in June 2017, when their automation process equipment stopped functioning, causing losses all across Europe. This was a wake-up call to many plant managers and factories. However, a year after, ransomware attacks still cause big losses of production and, in some cases, complete shutdown of operations. This shows that even basic cybersecurity measures remain a challenge in industrial environments.

Manufacturing companies rely heavily on automation to monitor, control and support their production processes. However, many of these systems were built decades ago, and were developed to execute relatively simple commands. With the rapid digital changes and the increasing needs of the sector, many of these systems are now outdated and incapable of facing new threats brought by the introduction of the internet in factories (the Industrial Internet of Things).

Risks are not restricted to production disruption: data losses, industrial espionage, impact on production quality or safety become real problems. The immediate result is that industrial companies have been overwhelmed by cyber-vulnerabilities, hindering their innovation process, and holding back on digital transformation.

This is not new, but exacerbated by increasing digitalisation on the shop floor and increasing exchange of data with other organisations. Cybersecurity experts had already seen the impact of attacks such as Stuxnet in 2010, as well as botnets, eavesdropping and unauthorized access through backdoors for over decades. The problem is that many companies, still today, are not ready to face such attacks and that their systems and production remain compromised.

Security in industrial platforms

European industry will not thrive unless it is duly protected. This is not just a matter of economic loss; it is also about safety of workers, environmental accidents, and other potential risks in production processes. Beyond basic cybersecurity measures, a company-wide policy is needed.

For example, we must train the workforce accordingly, as many times workers are not aware of the importance of cyber threats. Also, there is often a lack of understanding between the engineers responsible for the communication between machines and those working in ICT networks and the cloud. Their cooperation is relevant because cybersecurity is a company-wide challenge, even an industry-wide challenge.

Within this context, digital industrial platforms play a key role. They help factories throughout the world to connect to their suppliers and customers. However, working in such a hyper-connected environment raises concerns about vulnerabilities, as companies do not want their operational data to be visible to other companies in their supply chain, unless specifically designed for and controlled.

Therefore, digital industrial platforms must ensure security by design and by default, putting in place a control framework that includes continuous monitoring. They must support manufacturing companies with increased transparency, interactions with the larger ecosystem, efficiency, and innovation.

Cybersecurity becomes a prerequisite to unlock all this potential.

Horizon 2020 for more resilient manufacturing

The European Commission, through its policy actions and research and development activities, has contributed to creating the building blocks for a more secure and resilient industrial fabric. Last year, the Commission proposed a new set of measures to equip European industry and society with the right tools to deal with cyber-threats. These include a proposal for an EU Cybersecurity Agency to assist Member States in dealing with cyber-attacks, a new European certification scheme for products and services, and further actions to step up the EU’s cybersecurity capacity, such as a European Cybersecurity Industrial, Technology and Research Competence Centre and a network of National Coordination Centres.

Systems used in manufacturing environments have some specific requirements in terms of reliability and security, as they need to protect data generated on the shop floor while being digitally connected with external partners in the value chain.

In order to address this specific challenge, the European Commission is offering 11 million EUR in the Horizon 2020 programme. The goal is to develop practical solutions to guarantee security without limiting the capability to exchange data and information both on the manufacturing floor and beyond the factory.

I expect the Factories of the Future and the Cybersecurity Public-Private Partnerships to work together, so that we can shape together a more resilient industrial sector that can fully seize the opportunities of our digital world.

More information