Securing the Manufacturing Supply Chain Use Case

The manufacturing supply chain is increasingly vulnerable to cyber-attacks as more analog systems move to digital, cloud-based, and SaaS systems. A wide range of data is now handled digitally—from important factory communications, to how products are actually made, and even plant safety controls.

As critical systems have gone digital, there is a core area that is often neglected—secure communications. If there is a hack or crisis, essential personnel need a never-fail,  guaranteed secure, and separate system for communicating with each other. Below are compelling statistics on digital attacks against manufacturing supply chains, an example of how a company was attacked, and how SKY ECC would’ve changed the outcome.

Securing the manufacturing supply chain

In 2018, 1 in 5 companies reported some form of IP theft from China. The cost of this is estimated at between $225 to $600 billion. China is not the only bad actor, but certainly a leading one:

  • Roughly half of all technology China has right now was taken from foreign companies.
  • There’s evidence that China pressures foreign companies to switch to Chinese firms so that they can access trade secrets during manufacturing.
  • 51% of European firms say that IP theft enforcement is inadequate in China.
  • Worst of all, a Chinese chemical engineer attempted to steal the chemical which whitens the middle of Oreos (and other white products) by inserting himself into the supply chain.

These examples may be over the head of your average company who doesn’t see themselves as the target of a nation state, but remember that corporate espionage from rivals is just as damaging.

How SKY ECC helps the manufacturing supply chain

SKY ECC can be used both for internal discussions about proprietary data and for an assured communications channel. In the Oreo example, core members of the supply chain—even across companies—could confirm changes to orders or changing who has access to data, part of our contact list security strategy.

Supply chain attacks often include compromising email systems so hackers can impersonate legitimate people. SKY ECC prevents this through being separate from internal communications systems and its assured and unspoofable contact list.

Hacking Norsk Hydro

Norsk Hydro, manufactures aluminum for the automotive sector, and suffered an attack that went like this:

  • The U.S. IT systems were compromised taking out communications and control over critical machinery.
  • The attack then spread to more important IT systems in Norway.
  • Computer-controlled manufacturing had to be switched to manual operation.
  • Communications to employees had to be sent via social media because all others were compromised.

The impact on communications alone would have been damaging to the company, especially those in upper management and IT who needed to communicate about what was happening and how to manage it, but the risks to production and safety were much greater. Total loses reached $40 million in the first week.

How they could have protected themselves

Securing the communications of key company players with SKY ECC, a practice known as microsegmentation, would have saved valuable time in the following ways:

  • SKY ECC would’ve been safe as it wouldn’t be part of their network, and because of how we designed it.
  • Those in executive roles would’ve never lost contact with IT teams, enabling better communications.
  • Supervisors for each department could’ve stayed in the loop and personally communicated with staff.

Being able to communicate in a time of crisis is crucial as time and money will be lost without a microsegmentation plan in place for communications. Not only will SKY ECC help with microsegmentation, but it also would have prevented attackers from monitoring important messages once they infiltrated the network.

The fallout from the attack

The above attack was later named LockerGoga and went on to hit up to five other companies. Each of these companies would’ve experienced the same panic as not only systems were shut down, but even those systems used to talk (company email, Skype, workspace chat apps) about how it was to be fixed would have shut down. 

With attacks against the manufacturing supply chain growing, you can’t afford to be the next victim of a loss of money, productivity, time, or trade secrets to an attack by a nation-state or competitor.