Cybersecurity and Digitalization: A Cautionary Tale

Digital transformation across the industrial sector has been a work in progress for years, but the push to increase connectivity from the executive suite to HR and accounting to the manufacturing floor is becoming even more acute.

It only makes sense, as digital technologies can drive improved quality control, boost efficiency gains, reduce costs, enable better environmental controls, and create a stronger, more quality product. Not only is digitalization changing the stigma of manufacturing being a musty old environment, but it is also turning the sector into a glistening new workplace employing state-of-the-art technology that allows organizations to take on any competitor across the globe.

As these benefits allow for improved efficiency, faster decision-making, increased equipment uptime, improved supply chain management, reduced errors, faster turnaround times, and decreased costs, the key ingredient to this digital recipe is cybersecurity.

“Digitalization is rapidly expanding, making cybersecurity an essential backbone for sustaining digital enterprises,” said Dewan Chowdhury, chief executive and founder of cybersecurity provider, malcrawler. “The recent Microsoft-CrowdStrike incident highlighted the potential risks of an unsecured digital environment.”

The scenario leading to the Microsoft-CrowdStrike incident had the CrowdStrike Falcon sensor delivering artificial intelligence (AI) and machine learning to protect systems by identifying and remediating advanced threats. In February 2024, CrowdStrike introduced a new sensor capability. On 19 July 2024, a Rapid Response Content update went out to certain Microsoft Windows hosts with the new capability first released in February, CrowdStrike officials said. The sensor expected 20 input fields, while the update provided 21 input fields. In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash that affected 8.5 million computers globally and cost companies $5.4 billion.

“While this particular issue resulted from an internal error, it raises concerns about the consequences if an attacker deliberately seeks to cause harm,” Chowdhury said. “This situation demonstrates the critical need for integrating people, processes and technology to enhance cybersecurity in the digital age.”
 

Multiple threats

With increased connectivity in the digital environment, there are more opportunities for threat actors to hit manufacturers with multiple types of attacks including terrorists, hacktivism, supply chain disruption and ransomware.

To that end, one ransomware attack on a German bicycle maker halted production, invoicing and deliveries for three weeks. According to a report in the ICSSTRIVE.com incident repository, disrupted supply chains meant required parts did not arrive so workers could not assemble and deliver the bicycles. As a result of the attack, the company filed for bankruptcy.

While there are plenty of reasons why a company might go out of business, many factors can come into play. Some of these include having a digital environment moving forward with a lack of qualified cybersecurity professionals; problems with elements like artificial intelligence (AI), machine learning, training, education, planning, or even cloud computing could be a cause.

“The age of digitalization, including machine learning and AI is here,” said Mark Carrigan, senior vice president of process safety and OT cybersecurity at Hexagon. “The current and potential benefits these technologies can provide are compelling and will transform how we conduct business.”

With digitalization here to stay, security experts across the board can’t stress enough that having the right people, processes and technologies in place is vital. “Combining skilled personnel, effective processes, and advanced technology is crucial for bolstering cybersecurity,” Chowdhury said. “The shortage of qualified cybersecurity professionals poses a significant challenge. In response, organizations must rely more on artificial intelligence to automate threat detection and response. AI can analyze vast amounts of data quickly, identifying potential threats and mitigating risks, thus compensating for the lack of human resources.”

Creating cyber-skilled workers

The skills gap is a huge issue with an average of 3.4 million industrial cybersecurity open positions globally with more than 410,695 of those jobs in the U.S. alone, according to a report from (ICS)2, an international nonprofit membership association focused on inspiring a safe and secure cyber world.

Cyber education is one aspect continuing to grow to help fill that gap. (See “Adding ‘Industrial’ to Cybersecurity Education elsewhere in this issue.) Indeed, new programs are earning funding from multiple agencies to help bolster the workforce.

Arizona State University’s School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering just earned a two-year, $4.5 million grant from the U.S. Defense Advanced Research Projects Agency (DARPA) to establish an institute that will develop national and global cybersecurity educational standards and curriculums designed to address critical workforce shortages.