United States is also extremely vulnerable to attack. Coseman said there’s a database called RISI (Repository of Industrial Incidents) that attempts to track cyber attacks, but much of its data comes from private incident reports from manufacturers that may not always want it known that they’ve been the victims of a cyber attack.
“The most important advice I have for manufacturers is to know what you have to evaluate risk and consequences,” he said. “Make sure someone at the company understands exactly what the security architecture looks like. If you don’t have a solid understanding of assets and how they’re configured, how can you protect them?”
He also advises manufacturers to have a formal, auditable security program in place in order to understand the potential exposure to attack.
“It’s surprising how many companies don’t do this,” Coseman said. “They’re woefully unaware of some of the risk. The digitization of technology in manufacturing has outstripped people’s ability to understand it. Manufacturers will automate and install equipment without fully appreciating the risk of doing so. Ultimately, cybersecurity in manufacturing comes down to risk management.”