[오토메이션페어2024] “Manufacturing industry faces increasing threats; context-based cyber security strategy must be established”

Michael Bayer, director of contract capabilities at Rockwell Automation, is speaking at ‘Automation Fair 2024’ held at the Anaheim Convention Center in California, USA on the 19th (local time). [ⓒ디지털데일리]

[디지털데일리 양민하 기자] In the manufacturing industry, cybersecurity is no longer an option but has become a necessity for survival. Cyber ​​attacks are becoming more sophisticated, and resulting security incidents can result in fatal economic losses and a decline in trust for companies.

Among these, Michael Bayer, director of contract capabilities at Rockwell Automation, said at the ‘Automation Fair 2024’ held at the Anaheim Convention Center in California, USA on the 19th (local time), “The manufacturing industry is becoming a major target of cyber attacks.” “Manufacturers in particular are prone to cyberattacks because the economic losses arising from the inability to produce are a huge burden on companies,” he said.

Companies must establish an appropriate security environment to respond to this, but due to the nature of the manufacturing industry, they are still experiencing many difficulties. “As machines and devices installed in factories become increasingly connected to sensors and systems, data collection and control become possible, but the attack surface also expands,” Beyer explained.

In addition, the lack of cybersecurity experts among the workforce supporting factories and the increased burden of complying with security policies as government and industry regulations are strengthened were also mentioned.

“Many manufacturing plants are using equipment that is 20, 30, or even 50 years old or more,” said Beyer. “In an environment with such a mix of different generations of equipment, identifying and managing asset health and security vulnerabilities is very challenging. “It is a difficult task,” he said.

For example, if the computer systems used in a factory are mixed with multiple versions such as Windows XP, Windows 2000, and Windows 2008, it is very difficult to protect them consistently. In particular, old equipment and systems are often poorly documented or management personnel have been replaced, making it difficult to determine their current status.

Rockwell Automation’s NIST-based approach. [ⓒ디지털데일리]

Accordingly, Rockwell Automation recommends applying the ‘NIST Framework’ for cybersecurity in manufacturing plants. The NIST-based approach consists of the following steps: identification, protection, detection, response, and recovery.

“In particular, the ‘identification’ step of identifying assets and potential vulnerabilities is the most important,” said Director Beyer. “If you do not know which assets are most important, where they are, and what condition they are in, it will be difficult for all subsequent security measures to be effective.” emphasized.

Rick Kuhn, Vice President of Rockwell Automation and Verve Industrial Solutions, followed with a presentation and explained why it is important to identify assets in the OT (Operation Technology) area.

“OT requires understanding multiple dimensions of an asset, including its installed state, life cycle, and operational impact,” Kuhn said.

Rick Kaun, Vice President, Verve Industrial Solutions, Rockwell Automation. [ⓒ디지털데일리]

In this regard, Rockwell is adopting a method of directly accessing endpoints and building a comprehensive asset view to understand assets in a multidimensional manner.

“This approach helps our clients make strategic decisions about where to focus their limited time and resources and what level of risk they can accept, even though they cannot eliminate all risk,” Kuhn added.

Based on Verve, a cybersecurity platform, Rockwell is building a more effective security approach by combining managed services and partner solutions.

This platform compiles various information such as basic asset information, importance assessment, external threat information, and protection status to calculate a context-based risk score. This allows customers to set risk tolerance within their organization and develop policies and procedures to manage risks according to priorities.

“Rockwell’s cybersecurity platform helps customers move beyond the traditional ‘react when a problem arises’ approach to proactively assess risks and strengthen their security systems,” said Vice President Kuhn. “This approach helps customers respond when new threats emerge. “We help you immediately assess the impact and build a consistent response strategy across your organization.”

Copyright ⓒ Digital Daily. Reproduction and redistribution prohibited.

What are the most common types of cyberattacks targeting the manufacturing industry today?

1. Can you tell us more ⁣about the severity of ‌cyberattacks on the manufacturing industry and why it‌ has become⁤ a major concern?

2. What ⁢are some common challenges that manufacturers face in​ establishing an appropriate security ‌environment?

3. Can you explain how does the NIST Framework​ help in securing manufacturing plants?

4. Why is it important to identify assets in the OT area‍ specifically?

5. How is Rockwell Automation addressing the cybersecurity​ skills gap within the manufacturing workforce?

6. Can⁣ you discuss the benefits of using⁤ a cybersecurity platform like Verve⁤ by Rockwell Automation?

7. In what ways‍ can manufacturers improve their response ​to ‍emerging cyber threats?

8. What role‍ do industry standards and ⁢regulations play in enhancing cybersecurity in the manufacturing sector?