By Karen Hanna
If you share manufacturing data — whether with customers or suppliers — you share risk.
Representatives of companies that work to thwart hackers recommend that manufacturers maintain open lines of communication about how each partner is working to mitigate the threat of an attack.
“Trust is a two-way street, and anytime that you’re sharing data, sharing something that may make you vulnerable or something that makes somebody else vulnerable, you need to have that conversation of, ‘What are our roles and responsibilities here? … I know that I’m sharing with you, but do I also need to protect myself from you?’ ” said Christopher Fielder, field CTO at Arctic Wolf, which provides cybersecurity services and publishes research about cyber security topics.
Maintaining security all along the supply chain is “super-tough,” said Patrick Curtin, director of technical sales for Field Effect, another cybersecurity services firm.
For some hackers, especially those working for nation states looking to establish themselves within an economic sector, even a small shop represents a beachhead toward a bigger goal, Fielder said.
“It’s very easy to go, ‘I’m just one person, or I’m just a small shop, or I only have one or two contracts.’ But those may be valuable contracts. Those may be ones that also feed a larger supplier further down the line. So, there is no such thing as ‘too small,’ ” Fielder said.
He explained: “If there’s a dollar to be made, then they will make that dollar.”
Whether buying new machinery or making deals for raw materials or parts deliveries, manufacturers should scrutinize their partners’ approach to cybersecurity in the same way they evaluate their own systems.
Ultimately, manufacturers should do their research and follow their instincts as they look into Industry 4.0 technologies that could expose data being used to optimize processes.
Arctic Wolf provides some recommendations in its “2025 Cybersecurity Predictions” report:
- Incorporate third-party outages into your disaster recovery planning, and
- As part of the due diligence process when evaluating potential third-party vendors and service providers, pay particular attention to their continuity and recovery plans, and compliance certifications.
While he acknowledged the many advantages of Industry 4.0, Curtin suggested a few questions manufacturers should ask their suppliers: “What are the specific things you are doing to safeguard our data, and how can we review this? What assurances do I have? And if something goes wrong, are you going to tell us? How are you going to tell us?”
Fielder added a question of his own, as well as a warning: “What’s expected when it comes to securing this information in this equipment? Anytime you install either equipment or software into your environment, you have the potential to install vulnerabilities, install weak points, install an open door to where an attacker can get in.”
Often, Fielder said third-party vendors, such as consultants, are the weakest link in the supply chain. If their security is lax, your shop can be hit, he said.
Once that happens, it becomes obvious why having the difficult conversations upfront is so important.
“Never assume that they are protecting you, because once you find out that they’re not, it’s too late, and it’s better to know that in advance,” Fielder said.
Contact:
Arctic Wolf, Eden Prairie, Minn., 1-888-272-8429, https://arcticwolf.com
Field Effect, Ottawa, Ontario, 800-299-8986, https://fieldeffect.com
Karen Hanna | Senior Staff Reporter
Senior Staff Reporter Karen Hanna covers injection molding, molds and tooling, processors, workforce and other topics, and writes features including In Other Words and Problem Solved for Plastics Machinery & Manufacturing, Plastics Recycling and The Journal of Blow Molding. She has more than 15 years of experience in daily and magazine journalism.
