The Hidden Threat Plant Managers Need To Know About and What You Can Do To Help

The NotPetya attack on its own created an explosion of need for industrial cybersecurity work (shameless plug: we can help) and this challenge is only going to snowball.

By now you’ve heard about the Industrial Internet of Things (IIoT) and the explosion of IP addressable devices. We’ve long since crossed the threshold where there are more IP addresses than humans on the planet.

According to Business Insider, we can expect the number of IP addresses to reach close to 35 billion (Cisco predicts this will grow to 50 billion by 2020

) with more than 20 billion of those accounted for in IoT and enterprise applications.

Anyone who’s taken a quick stroll through an industrial facility wouldn’t be surprised by these numbers. Access control, HVAC, utilities, production systems, machines, gas safety systems, machine safety systems, batch processing and material handling are all connected, and the information is leveraged to drive plant-wide and enterprise-wide productivity. Plants don’t only rely on information to improve maintenance and energy use, they rely on this connectivity to run – and safely.

There’s a hidden threat lurking in plants all over the globe today, and it’s currently the most overlooked threat in the supply chain. The obvious threat vectors in cloud application hosting, unpatched network infrastructure and nefarious email spam are getting characterized and patched by “white hat” hackers all over the globe.

Where’s the breach in the moat? Billions of IP addressable smart devices that are critical to plant operations (and connected to the operations network) are suddenly the ultimate Trojan Horses, especially when you consider where these devices could come from.

If you’ve followed some of Bloomberg’s recent reporting

you know that some nation states are embedding tiny chips within our connected devices with the sole intent of infiltrating and disrupting. This has been named the most significant supply chain attack known to be carried out on American companies. Suddenly every automation product purchased from surplus providers suddenly opens the plant to significant risk in loss of intellectual property and unintended downtime.

There are some obvious ways to mitigate this risk. We are being proactive in addressing this threat and protecting our customers through strict supply chain management and focus on product authenticity.

By selling our products direct or through an authorized distributor network, we help ensure customers receive new, genuine products with factory warranty that are not counterfeit, stolen or compromised. See a recent ruling we brought before the U.S. International Trade Commission (ITC)).

This does not stop enterprising procurement managers from buying this technology from non-authorized resellers with the hopes of reducing acquisition costs.

But what risks are you really willing to take? When you weigh the risk of increasing long-term support costs, intellectual property infringement, non-compliance with validation standards, and, worse, opening plants to untold security threats—there are no savings.

Procurement leaders around the globe can rest easy knowing there are other ways to reduce acquisition costs without installing significant risk in the plant floor by buying surplus automation products. Not only can manufacturers save significant money in remanufacturing, they can also improve OEE through downtime reduction and reduction in frequency of failure.

Only Rockwell Automation and its Authorized Distributors leverage our proprietary remanufacturing process that restores failed units to “like new” or better condition, extending equipment life and enhancing plant performance. Manufacturers who leverage these services reduce their procurement costs, reduce the frequency of part failure and plant unintended downtime, and more than ever help mitigate the risks of buying surplus or repaired automation products and installing significant risk in the production process.

Recent cyber attacks like NotPetya have taught us that it only takes one compromised device to open the entire enterprise to unfathomable risk in lost production and intellectual property. Take action by making sure the people in your organization understand these risks and start working with Authorized Distributors to remanufacture failed parts instead of repairing on the open market or buying surplus products in its place. Your company’s production and your reputation are worth it.