Manufacturing Cybersecurity - the Brexit Lookout

Written by

With a matter of weeks (perhaps months) still to go, Brexit remains as clear as mud. We’re all aware of the potential economic impacts, but it goes deeper than that: cybersecurity could also be affected by a disorderly exit, as the UK’s information exchange with partners around the world undergoes change.

As the world goes digital, British industry is at the mercy of cyber-attackers – when considering the economic health of the country, cybersecurity should be top of mind.

As an example, Britain’s manufacturers have become much less confident about the prospects for the UK economy as a result of Brexit uncertainty and fears over cybersecurity. Worryingly, there has been a declining trajectory of manufacturing output, which fell for a fifth straight month in November of 2018. The last time that occurred was the 2008-09 recession.

This year has also seen the departure of multiple large players in the automotive space, as well as moves EU-wards by big employers. There are some major bumps in the road ahead. Manufacturers have a lot on their plate. How can they ensure cybersecurity doesn’t worsen the headache?
The security challenge
At the same time, with the rise of increasingly, complex cyber threats, Britain’s manufacturing industry faces a serious challenge. Manufacturing is often targeted by both opportunist and targeted hackers, looking for an easy target or a specific set of intellectual property. In 2018, it was reported that nearly half of UK manufacturers were hit by a cybersecurity incident. 

Digital transformation is increasingly visible on the factory floor, and IP-connected robots, sensors and process management systems are increasingly replacing manned and manual workflows. That means that the average facility now has countless more potential access points for cyber-attacks – and a successful breach could halt production in its tracks for many hours, causing serious financial and reputational damage. 

Nevertheless, across the manufacturing sector, awareness of the cybersecurity challenge and the implementation of appropriate preventive measures are “highly varied”. As such, manufacturers need to ensure that their cyber security capabilities are not just an afterthought. But with Brexit set to reduce the speed and smoothness of information-sharing between Britain and the EU, there’s a question mark over how much manufacturers will be able to rely on government support going forward.

We’re firm believers in an ‘all for one, one for all’ approach towards cybersecurity. In the face of political uncertainty, we need to see an increase in intelligence-sharing between businesses so they can collectively combat the common cyber-enemy. 

Prepare yourself
It’s hard to know what to prepare for in the maelstrom of Brexit back-and-forth. In that context, it’s easy to focus on the problems right in front of you – import/export tariffs, the brain drain – and let cybersecurity slip down the to-do list. That’s understandable, but it’s also dangerous. Cyber attackers are no respecters of politics or borders – organizations need to ensure they have a clear understanding of how their security will be impacted by Brexit and what they can do to prepare. 

The key question here is – how much of their defense is informed by information flows that could be impacted by Brexit? The UK’s current data sharing apparatus is governed by EU agreements – for instance, the US-EU Privacy Shield arrangement currently dictates the manner in which the UK handles personally identifiable data with the USA.

In the same way, sensitive security information is currently shared under existing frameworks of co-operation, which could well change depending on the specifics of Britain’s exit from the EU. 

All of that means that manufacturers need to be sure their defenses will remain up-to-date post-Brexit – it may seem like a distant risk at this point, but cybersecurity is always urgent in hindsight. Better to pay attention now than wish you had further down the line. 

Work with others
With that in mind, and with the future state of governmental information sharing currently uncertain, manufacturers need to take matters into their own hands and build collaborative networks with their peers in the industry.

By sharing pertinent security information with others in their space, companies can increase the chances of a successful defense. When one company comes under attack, it can share details of the exploit to allow its peers to benefit from the experience. This might go against common behavior between competitors, but think of it as ‘the enemy of my enemy is my friend’ – the industry as a whole will benefit if common attacks are met with a strong defense across the board. 

It’s also extremely helpful to have one centralized system in place to enable companies to maintain their defenses particularly in the transitional post-Brexit period. An intelligence-driven security operations platform can bring together all the security systems in a company network under a single point of management, automating routine tasks and creating playbooks for quick response to common attacks.

When paired with an effective security information-sharing network, a security operations platform driven by intelligence can take the manual weight off security teams, freeing them up to focus on driving value for the business. 

The next few months are going to be challenging for the manufacturing industry – there’s little doubt about that, but cyber-attacks needn’t add insult to injury if businesses prepare in the right way. With comprehensive information-sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended. 

What’s hot on Infosecurity Magazine?