Machine Viruses Pose More Risk for Factories Than Ebola

As anxiety about the Ebola virus rises, you should be even more concerned about a different epidemic — machine viruses that can invade your factory or office and cripple operations. It wasn’t so long ago that Heartbleed penetrated the SSL layers of websites, threatening servers and users. Hackers accessing customer data at giant banking and retail companies should remind us how vulnerable our Internet-connected systems can be. It was only a few years ago that the Stuxnet virus, intended to interrupt Iran’s nuclear program, got loose and spread to shop floors around the world, attacking CNC machine operating systems and PLC code.

Now Symantec warns of a Trojan from a group called Dragonfly, aka Energetic Bear, has entered the back doors of industrial control systems, enabling espionage and sabotage. First to be affected have been manufacturers of PLC devices, and systems managing wind turbines. The cybersecurity firm Tofino Security has warned that the pharmaceutical industry may have been the intended victim.

Unfortunately, most corporate executives think they are protected against cybercrime, according to an article in Wired, yet other reports say a vast majority of companies have experienced a system compromise from external invaders.

Corporate complacency itself is extremely risky. Companies large and small need comprehensive security assessments. They need to develop preventive measures and enforce security policies. The handy devices like tablets and mobile phones being integrated into operations are easily lost or stolen. Bots and spiders can spread over the globe in just a few hours probing for any chink into a system’s firewall. Employees must have a constant awareness that loading a program from a memory stick into a machine or opening an email can have disastrous consequences.

And not all threats come from secret groups of malicious individuals. Terrorist organizations are recruiting digital talent. Should government step in? They already have. Cyber invaders are being launched by nations against others. Remember, it was the U.S. that sent Stuxnet to Iran. The effectiveness of government help is also in doubt. It’s not reassuring that their systems are some of the most fragile of all.

Maybe we need something like the Center for Disease Control (CDC) with its well-tested protocols for controlling spreading infection. But we don’t have that today, and these threats won’t wait for the future. Companies need to respond now, and most need serious expertise they don’t have in-house. They should be vetting security consultants and talking to equipment manufacturers about specific vulnerabilities.

Are you overly optimistic about your company’s cybersecurity risk? It may be time to move it up on your list of worries.

For more information on cybercrime and its impact on manufacturers, read more from our recent GrayWay on how to mitigate cyber risks and what the U.S. government’s role in protecting American businesses is.

Karen Wilhelm has worked in the manufacturing industry for 25 years, and blogs at Lean Reflections, which has been named as one of the top ten lean blogs on the web.

Some opinions expressed in this article may be those of a contributing author and not necessarily Gray Construction.