In the context of manufacturing environments, the word “risk” used to be synonymous with “safety hazards.” While safety is still important, industrial risk now also invokes concerns about protecting industrial control systems (ICS) from cyber threats.

The risk concern is not misplaced; one of the most significant threats to industrial systems in 2018 is encryption ransomware attacks, in which critical data is encrypted and held for ransom. The Wanna Cry and ExPetr ransomware attacks that swept the globe in 2017 taught both security experts and cybercriminals that operational technology (OT) systems are more vulnerable to attack than information technology (IT) systems.

Those attacks caused outages at utilities in the U.S. and Europe, as well as at manufacturers, telecoms, and public transportation systems.

Industrial Threats Come in Many Forms

Of course, ransomware isn’t the only cyber risk to industrial control systems. Attacks are carried out by all manner of terrorist groups, nation-states and industrial spies who want to infiltrate OT systems to monetize the data they can get, steal intellectual property such as manufacturing blueprints or formulas, deny service or do damage to the plants.

Cyberattacks gain all the attention, but even accidental disruptions can happen in manufacturing and industrial environments. For example, the manufacturing line for a large automaker was shut down completely for more than 24 hours when a system integrator made a planned change on the wrong PLC. The error occurred because the hard copy asset spreadsheet he was working from was out of date and inaccurate.

Whether by accident or attack, all of these developments should have manufacturing leaders considering their options for protecting their operations from unintended or unauthorized changes.