You don’t have to go far to hear stories about the growing threat of cybersecurity. These stories always come packed with the drama and mystery of a binge-worthy Netflix show.
Shadowy figures living in Eastern Europe, nation-states sponsoring underground criminals, USB drives passing hands in the shadow of a national monument ... throw in a Maserati chase in the mountains and you have the next James Bond film.
It’s comforting to know the fictional targets are almost always a corrupt company or crooked politician and, at the end of the movie, you can go home and rest soundly knowing you’re safe.
The reality is much scarier than fiction. If you haven’t read Andy Greenberg’s recent Wired article “The Untold Story of Notpetya, the Most Devastating Cyberattack in History,” stop now and come back to this later.
As you’ll learn, the targets for these attacks are normal companies that we all benefit from. Suddenly the pills we take, the food we eat, the things we buy and ship, physical access to the buildings we walk in and out of, our global supply chain is at unprecedented risk.
The conservative estimate for this last attack yielded $10 billion in losses, but the personal impact for consumers as well as the employees who could have unwittingly caused these downtimes are unfathomable. The cause? For most of these companies a little-known application living on a server rack in a corner of their operations took down their entire global supply chain.
The NotPetya attack on its own created an explosion of need for industrial cybersecurity work (shameless plug: we can help) and this challenge is only going to snowball.
By now you’ve heard about the Industrial Internet of Things (IIoT) and the explosion of IP addressable devices. We’ve long since crossed the threshold where there are more IP addresses than humans on the planet.
According to Business Insider, we can expect the number of IP addresses to reach close to 35 billion (Cisco predicts this will grow to 50 billion by 2020) with more than 20 billion of those accounted for in IoT and enterprise applications.
Anyone who’s taken a quick stroll through an industrial facility wouldn’t be surprised by these numbers. Access control, HVAC, utilities, production systems, machines, gas safety systems, machine safety systems, batch processing and material handling are all connected, and the information is leveraged to drive plant-wide and enterprise-wide productivity. Plants don’t only rely on information to improve maintenance and energy use, they rely on this connectivity to run – and safely.
There’s a hidden threat lurking in plants all over the globe today, and it’s currently the most overlooked threat in the supply chain. The obvious threat vectors in cloud application hosting, unpatched network infrastructure and nefarious email spam are getting characterized and patched by “white hat” hackers all over the globe.
Where’s the breach in the moat? Billions of IP addressable smart devices that are critical to plant operations (and connected to the operations network) are suddenly the ultimate Trojan Horses, especially when you consider where these devices could come from.
If you’ve followed some of Bloomberg’s recent reporting you know that some nation states are embedding tiny chips within our connected devices with the sole intent of infiltrating and disrupting. This has been named the most significant supply chain attack known to be carried out on American companies. Suddenly every automation product purchased from surplus providers suddenly opens the plant to significant risk in loss of intellectual property and unintended downtime.
There are some obvious ways to mitigate this risk. We are being proactive in addressing this threat and protecting our customers through strict supply chain management and focus on product authenticity.
By selling our products direct or through an authorized distributor network, we help ensure customers receive new, genuine products with factory warranty that are not counterfeit, stolen or compromised. See a recent ruling we brought before the U.S. International Trade Commission (ITC)).
This does not stop enterprising procurement managers from buying this technology from non-authorized resellers with the hopes of reducing acquisition costs.
But what risks are you really willing to take? When you weigh the risk of increasing long-term support costs, intellectual property infringement, non-compliance with validation standards, and, worse, opening plants to untold security threats—there are no savings.
Procurement leaders around the globe can rest easy knowing there are other ways to reduce acquisition costs without installing significant risk in the plant floor by buying surplus automation products. Not only can manufacturers save significant money in remanufacturing, they can also improve OEE through downtime reduction and reduction in frequency of failure.
Only Rockwell Automation and its Authorized Distributors leverage our proprietary remanufacturing process that restores failed units to “like new” or better condition, extending equipment life and enhancing plant performance. Manufacturers who leverage these services reduce their procurement costs, reduce the frequency of part failure and plant unintended downtime, and more than ever help mitigate the risks of buying surplus or repaired automation products and installing significant risk in the production process.
Recent cyber attacks like NotPetya have taught us that it only takes one compromised device to open the entire enterprise to unfathomable risk in lost production and intellectual property. Take action by making sure the people in your organization understand these risks and start working with Authorized Distributors to remanufacture failed parts instead of repairing on the open market or buying surplus products in its place. Your company’s production and your reputation are worth it.