Manufacturing has become the most targeted industry by cyber criminals
Photo | Edd Cote
Employees at Security Engineered Machinery, which does most of its work for government agencies, must take extensive measures to ensure the security of the company's network.
The majority of the web and email traffic to Micron Products' servers is just bogus, said President and CEO Salvatore Emma, Jr.
That spam comes from abroad, and most of it is attempted malicious cyber attacks designed to hack into the Fitchburg company's network. The company is the supplier of non-lethal rounds to companies like Wakefield-based Security Devices International, which supplies government agencies, police departments and private security firms.
“They want our intellectual property,” Emma said. “They want to know what it is we're making so they can copy it. They want to know who's working on what project so they can send their sales folks after us.”
As the manufacturing industry becomes more technological, with more connected devices than ever, hackers have more opportunities to break into those networks. With urging from the government and public-private partnerships, manufacturers are beginning to take more seriously the threat of a hack.
Meeting government requirements
According to Emma, a former IT specialist, the company's IP addresses get hit from attempts largely from China.
Those usually manifest in the form of phishing attacks, in which a phony email is sent from an employee. In one instance, an employee came to Emma to ask why he was asking for $3,000 worth of PayPal gift cards in an email.
Micron is a bit lower down in the supply chain, as it doesn't contract directly with any government agencies, but those requirements of a stringent security plan are still passed down from Micron's clients who deal directly with government security compliance.
Those requirements include updating firewalls, testing the network for security, regular federal background checks of employees, monitoring company laptops to ensure they don't leave the building with sensitive data, and prohibiting phone discussions about technical details with someone outside of the country.
“The list goes on and on,” Emma said.
The most targeted industry
The manufacturing industry is now the most targeted for cyber attacks, beating out the finance and healthcare industries, said Tom Andrellos, director of growth services at the Massachusetts Manufacturing Extension Partnership (MassMEP), at the agency's Manufacturing Symposium in October in Worcester.
The foremost motivating factor for these attempted hacks is to steal intellectual property, said Andrellos.
Quoting the FBI, Andrellos said $400 billion worth of information was stolen out of the country in 2017.
The national network of MEPs, via the National Institute of Standards and Technology, pointed to a September 2017 report from Woburn cybersecurity firm Kaspersky, which found the manufacturing industry most susceptible to cyber threats, including attacks targeted at network-connected equipment.
Much of MassMEP's work around cybersecurity includes working with companies contracting directly with the U.S. Department of Defense, like Cambridge-based Silverside Detectors, which builds nuclear bomb detectors.
Sarah Haig Baker, founder and chief operating officer of the company, told an audience at MassMEP's event about the pages and pages of legal documents included in the company's first contract about cyber incident reporting. Much of that language covered protocols around handling the classified information as a result of that government contract.
“You can't dismiss that one,” she said.
Escorting all visitors
Helping to protect the government's information is, quite literally, what Westborough-based Security Engineered Machinery does. The company manufactures paper shredders and hard-drive destroyers to reduce items to dust. With products at every U.S. embassy, the government is SEM's largest customer.
As such, the company is required to do a more than maintain basic firewalls, said SEM President Andrew Kelleher.
SEM personnel are required to log into government networks to update the company's security programs to ensure everything is air tight.
When visiting the company's facility, visitors first enter a holding room before an employee unlocks the door to the main lobby. Any visitor must be escorted by a company employee at all times.
Much of that increased awareness comes after the U.S. Office of Personnel Management was hacked in 2014, which led to SEM employee information being leaked and distributed on the dark web.
“It's not only the scientific community that's building weapons systems (that is prone to attempted hacks),” Kelleher said. “They want to find out who is SEM's customer, what they're doing, where and when.”
Guarding against the latest hacks
At Charlton injection molding company MTD Micro Molding, IT Specialist Sergio Melgoza was hired to help the small company beef up its cyber defenses.
The company, which manufactures components largely for the medical industry, is growing and becoming more technological, adding machines already equipped with network connections.
“There are more things to look out for,” Melgoza said.
Melgoza said another big concern in the industry is ransomware – software stealing information from a person or company and publishing it unless a financial sum is paid.
To protect against ransomware, Melgoza has helped bring best practices right to the company's location after years of MTD outsourcing its IT services.
His work has included beefing up the company's backup systems, establishing user end training, encryption, firewalling and network segmentation.
The manufacturing industry has historically made use of older devices never intended to be connected to the internet. Hackers are becoming more adept and the manufacturing industry – and the world – is becoming more technologically advanced and plugged in to the network, said Melgoza.
“Machines weren't built with the thought that they would be connected to the internet, and manufacturers never thought the internet would be so big,” he said.
WBJ Web Partners
Most Recent
Most Recent
0 Comments