Integrated risk management essential

August 2019 Infrastructure, Security Services & Risk Management, Industrial (Industry)

With manufacturing focused intensively on innovation, combined with a reliance on connected networks and products, it is an industry that is highly vulnerable to cyberattacks. Yet, the manufacturing industry remains fragmented in its approach to managing cyber-related risks.

Charl Ueckermann.
Charl Ueckermann.

This is according to Charl Ueckermann, CEO at AVeS Cyber Security, who was on the Manufacturing Indaba’s panel of discussion at the Sandton Convention Centre in June; “For manufacturing companies, the focus has always been on production innovation, operational efficiencies, minimising downtime and keeping the lights on. Therefore, when it comes to technology infrastructures in the manufacturing industry, the availability of systems has always taken priority over integrity and confidentiality, which inherently made cyber risk the least of concerns. However, in modern manufacturing, where systems are connected to the Internet, integrity and confidentiality will start to play a bigger role. In most other industries, such as financial services, confidentiality and integrity of their technology systems are prioritised over availability already, making the management of cyber risks a key focus.

“Historically, IT and operational technologies (OT) in manufacturing have also been managed separately, within different departments with their own sets of vocabulary and structures. OT departments don’t generally have as much insight into cyber risks as IT and this, by default, means that OT tends to lag behind IT in this regard.

“Yet nowadays, cyber risks are no less for a manufacturing company to protect its data, intellectual property and trade secrets than for a bank to ensure the confidentiality of customer information and other sensitive data. In fact, a cyber breach on an OT system could present a life or death situation for a manufacturing business because the health and safety of workers are at risk, and machinery and processes may become unsafe.

“The good news is that there is no need to compromise and sacrifice confidentiality and integrity over availability. In modern manufacturing, cyber risks can be effectively managed with the correct setup of OT networks that continue streamlining their production efficiency and capacity.”

Know the status quo

He advises manufacturing companies to get a firmer grip on the devices used on their OT networks.

“Have a good picture of the status quo. You need clear visibility of your OT architecture and know what devices are being connected to it so that effective security mechanisms can be incorporated into that fabric. No unauthorised devices should be permitted onto the network. Do not make use of off-the-shelf Raspberry Pis for testing in a live, non-air-gapped network that is not physically isolated from the Internet. It is doable to prevent an attack as experienced by NASA in June 2019; according to Forbes magazine, an unauthorised Raspberry Pi that was connected to its JPL servers was targeted by hackers, who then moved laterally further into the NASA network, comments Ueckermann.1

He continues: “You also want to find the best practices around cybersecurity hardening on your Supervisory Control and Data Acquisition (scada) systems and engage with a specialist OT security provider to implement the correct software required to ensure that your manufacturing environment is well protected, without compromising machine uptime. Ideally, due to the potential health and safety risks in the event of a breach, you should obtain the services of an OT governance organisation to assist with creating or adjusting processes that are globally aligned.”

Assess before you spend

His advice to manufacturing companies is to perform an Industrial Cyber Security (ICS) assessment before making any rash investments in people or technologies. Such an assessment comprises of a vulnerability assessment and a penetration test of the current infrastructure to get an accurate view of the assets and architecture and understand the cyber risks.

“Once this has been done, a pragmatic ICS cyber risk roadmap needs to be developed to determine the risks and how these can be minimised, accepted or outsourced. Importantly, operational and production efficiencies, as well as capacity, should not be compromised. Cybersecurity can be built intelligently into the fabric of the production systems,” explains Ueckermann, adding that ongoing monitoring with appropriate tools and processes is imperative to ensuring a proactive and predictive approach to managing risks in industrial control environments over the long term.

He concludes: “Manufacturing companies can benefit from a two-pronged approach that encompasses both risk management and risk outsourcing in the form of cyber insurance. The company’s risk profile will determine the level of cover required. Companies could lower their cyber insurance costs by taking steps to improve their risk profile, for instance, by ensuring that security solutions are up-to-date and properly managed, and by practising good governance.

“Cyber risk management in modern manufacturing is still new to the industry, and manufacturing companies need to plan and implement effective strategies and appropriate tools to manage and offset cyber risks in their environments. A team with a deep skill-set and appropriate experience is needed to find solutions for specific environments and risk profiles.”

Reference:

1. Winder, D. (2019, June 20). NASA has been hacked. Retrieved from Forbes: www.forbes.com/sites/daveywinder/2019/06/20/confirmed-nasa-has-been-hacked/#2e99f18cdc62





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
From drone market growth to application-level commercialisation
IoT & Automation Infrastructure
After years of pilot projects and technology validation, the question for the market is shifting from whether drones can fly safely and collect data, to where they can deliver repeatable operational value at scale.

Read more...
AI-enabled NVR for Milestone XProtect
Surveillance Infrastructure Products & Solutions
As surveillance environments continue to grow in scale and complexity, organisations need infrastructure that is easy to deploy, simple to manage, and ready for AI-driven workloads.

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Industry perspective on industrial cybersecurity
Technews Publishing News & Events Infrastructure Industrial (Industry)
The Industrial Security Harmonization Group has released a joint industry perspective highlighting a critical truth in industrial cybersecurity: secure communication is not determined by protocols alone, but by how they are deployed and managed in real-world environments.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.