Why the digitisation of manufacturing systems and supply chains is heightening cyber risk concerns
Many of Germany’s large, global industrial companies are joining the race to digitise their manufacturing processes as it becomes increasingly clear that automation holds the key to remaining economically vibrant in the future. But as this shift occurs, the risk register will undergo substantial change, with both new and traditional risks rising to the fore.
The opportunities are many, including lower production costs, 24/7 production, shorter throughput time, better planning and logistics, there are also risks. Among these is the risk of disruptive innovation and being outcompeted as key manufacturing capabilities become obsolete, and the potential for cybercrime and IT vulnerability as systems become increasingly connected.
As Hans Laessoe, principal consultant at AKTUS and former senior director of risk at the LEGO Group explains. “Digitising manufacturing is the next step of advancing the way things are produced. Today, some industries are much further on this than others – the auto manufacturing industry being one example.”
“Best class auto manufacturing is digitised and automated to a very high extent, and for some enables levels of ‘single piece mass production’, which allow the factory to build exactly to order rather than stockpiling (which means freezing capital) and hoping for a subsequent sale (which is uncertain),” he continues.
As the competition from Silicon Valley intensifies, Germany is raising the stakes in auto innovation and digitised manufacturing processes. This includes the automation of logistics, with robots, self-driving vehicles, blockchain initiatives and the Internet of Things among the much-hyped sources of innovation promising to bring new efficiencies and a lower cost of capital to the manufacturing supply chain.
In August, Maersk and IBM launched their blockchain shipping solution in an effort to digitise the supply chain and remove paper from the system, while increasing automation and efficiency and preventing the build up of unknown risk accumulations. “Success with the technology rests on bringing the entire ecosystem together around a common approach that benefits all participants equally,” said Bridget van Kralingen, senior vice president, IBM Global Industries. “Blockchain can be used to transform a vital part of how global trade is conducted.”
However, as systems and supply chains become more connected, this introduces new exposures. Smart buildings and factories and more interconnected systems present challenges on multiple fronts, according to Alistair Jupp, head of Global Technical Services for Crawford UK. “Buildings are becoming a lot more complex and the more complicated a building, the higher the risks are. Now, if you have a breakdown in a building management system, it can shut everything down.”
Cyber is another vulnerability as manufacturers and their supply chains become more digitised. Nearly half of manufacturers have been the victim of cyber-crime, with the sector now the third most targeted for attack, according to research by the European Manufacturers’ Organisation (EEF), AIG and the Royal United Services Institute. It revealed that the cyber threat is holding back companies from investing in digital technologies, with a third of those surveyed nervous of digital improvement.
“By digitising your manufacturing you acquire tonnes of data and options to control machinery, product flow, planning, etc,” explains Laessoe. “While this is all good, any piece of data that hits the internet or the cloud can be hacked and looked at, by both competitors as well as a criminals seeking to profit.”
He cites the example of disruption caused by the ransomware attack NotPetya to shipping giant Maersk. The firm revealed that the total cost of the attack was $300m in business interruption as it was forced to reinstall 4,000 servers as part of a complete infrastructure overhaul. Similar disruption was caused by the Petya cyber attack to FedEx after the operations of the company’s TNT Express unit in Europe was disrupted.
Intellectual property theft is likely to be one motivation behind manufacturing cyber attacks in the future. “Maersk were just collateral damage, and not the real target for the attack,” says Laessoe. “But there is a risk that competitors may be able to hack in to your systems, potentially using third-party ‘vendors’, and steal your product ideas. I know this is a major issue for several companies, and of one where a copy-cat manufacturer actually launched a product before the company that designed it.”
“Competitors or others may also hack in to your systems with the intention of disrupting your manufacturing processes,” he continues. “Likewise, they may seek to disrupt your vendors, delivery routes and deteriorate your ability to deliver the products in time.”