Cyberattacks — both passive and active — have been increasing in both frequency and financial impact, according to a white paper written by Bowling Green State University researchers MD Sarder and Matthew Haschak. The pair, who work in the Department of Technology, Architecture and Applied Engineering and in Information Technology Services respectively, studied “Cybersecurity and Its Implication on Material Handling and Logistics” through a grant funded by MHI’s Solutions Community and the College Industry Council on Material Handling Education (CICMHE).
In the paper, the researchers note that one in three small businesses do not have the resources to protect themselves against the dynamic and perpetually changing nature of cyberattacks. Yet they must find a way to do so, as these disruptions threaten to upend both operations and competitive advantage. Their research focuses on the cybersecurity challenges faced by supply chains, and how businesses can leverage a variety of techniques to mitigate or prevent these threats.
With the advent of Industry 4.0, or smart manufacturing, advanced technologies such as the Internet of Things (IoT), analytics, robotics, artificial intelligence (AI), machine learning (ML) and more, are increasingly being applied to supply chains. In turn, as they transition to digital interconnectivity — with material handling systems, equipment and technologies sharing more information over internal and external networks — supply chains increase their risks of falling victim to cyberattacks. Although the enhanced connections help companies monitor and manage their operations remotely, as well as more efficiently communicate with suppliers and external vendors, they also open up greater potential for a breach.
In the white paper, Sarder and Haschak recommend the implementation of a Security Framework Assessment used to determine the risk of a breach to each network exposure point, including automated technologies, softwares, and other inputs and outputs within an organization’s digital supply network. The Framework includes:
- Identify. This includes evaluating all assets within a specific category, inventorying the equipment and systems used to run and maintain them, as well as mapping all the data flows. It also calls for an assessment of the business environment, governance, level of risk and how to manage it internally, and how those risks can be mitigated against outside disruption.
- Protect. In this step, personnel with authorization to access the system are identified and their ability to do so restricted with the appropriate authentication and access control processes. Additionally, users and executives should be made aware of the risks and trained on how to prevent them; data security processes (including backups) should be implemented; information protection processes and procedures should be established; maintenance of these protective systems should be scheduled regularly; and protective technologies, such as audit logs and redundancies, applied.
- Detect. This phase includes establishing a baseline of normal operating function in order to identify anomalies and unusual events. Further, continuous security monitoring should be put in place.
- Respond. A response planning process should be created, including procedures for communication, threat analysis and mitigation, and post-incident assessments to improve management prior to the next event.
- Recover. In this step, a recovery plan is executed post-incident, incorporating the lessons learned for future improvement, and communication to all impacted parties (including the public if affected) should occur.
Further, the paper lays out a high-level template to help organizations identify their level of risk in order to best allocate resources for effective mitigation. The calculation includes assigning value to each threat and its associated vulnerability and impact. Based on that determination, a company can define the appropriate level of protective controls.
Want to learn more about the cybersecurity risks your supply chain may be facing, and how to forestall those potential disruptions? The white paper is available as a free download, here.