The Internet of Things: Risks in Manufacturing

A New Industrial Revolution

Manufacturing was a dirty job. But hands eventually gave way to machines. Between 1760 and 1840, The Industrial Revolution ushered in a new era in manufacturing and sought to change the very mindset of how we approached the grind…the back-breaking work our ancestors were accustomed to. Modern technology set levers, wheels, and pulleys into motion and workers tackled production with a literal iron fist. Without question, it was a turning point in U.S. history. Today, The Internet of Things (IoT) echoes this period of transition--cars, electronics, equipment and more are giving way to the network in new and exciting ways.

By definition, The Internet of Things are ‘the products and machines that have embedded electronics, software sensors, and network connectivity, enabling remote data collection and control.’ Put simply, machines are interacting with each other and with the internet, providing real-time, actionable data. As a result, businesses are reporting better profits and revenue; more is being produced in less time.

Without question, this interconnectivity is moving the industry forward…but the risks cannot be ignored.

Cyber exposures have already become a major concern to business owners who are implementing the new technology. Next-gen firewalls and commercial insurance coverages provide some level of security. But the facts are clear: cyber threats are dynamic.

Hackers are finding newer, more superior methods of breaching computer systems and the conventional insurance industry is at best, trying to keep up.

Could the formation of a captive insurance company stave off the financial repercussions of a data breach? The answer to this question will become exceedingly more important as The Internet of Things continues to intertwine into industry…and into our way of life. Manufacturers have an obligation to pay attention.

Cyber Threats via The Internet of Things

Manufacturing used to be a very manual process, whereby machines moved with an initial push of a button. Systems didn’t communicate with each other, and when machinery malfunctioned, workers found out the hard way. The Internet of Things is solving these problems in profound ways, and profitable ways. In fact, manufacturers who have adopted the tech between 2013 and 2014 reported a 28.5% increase in revenue, according to a TATA Consultancy Survey. Experts estimate that the IoT will continue to take hold, and lead to about 50 billion connected devices by 2020.

The Internet of Things has made an impact on operations, increasing efficiency and decreasing breakdowns. For example, connected machinery has all but eliminated disconnects between the manufacturing and enterprise networks, through “smart assembly.” Manufacturers are adopting converged intelligent networks, reducing downtime by allowing remote access to systems.

Internet of ThingsBetter visualization of equipment performance is also a huge benefit—comprehensive dashboards of multi-plant environments are boosting efficiency, safety, and return on investment. Industrial facilities with globally dispersed production sites need better integrated production systems to shorten lead times. Internet Protocol (IP) network technology is connecting enterprise applications with device-level production data in real time, allowing faster information flows, faster decisions, and greater market responsiveness.

Real-time plant notifications and resolution processes are also being leveraged. When equipment fails, users can connect with sensor-level networks that detect malfunctions instantly (and often before they occur) to create higher levels of overall equipment (OEE) effectiveness (Source: Industrial IP Advantage, How Internet of Things Will Change Industry).

But these networks are often built on devices that have vulnerabilities within their very design. Many devices are built on open source libraries, which have inherent security issues. Or, they may be connected to software that could be accessed and exploited remotely.

Right now, people are leveraging “smart thermostats” allowing homeowners to change the temperatures in their homes with a smartphone app. Researchers have found security weaknesses in these apps, creating a gateway for cybercriminals to potentially hack the system, change settings, and demand “ransom money” for release of private information. Similarly, there have been reports of attackers who have taken control of machines and even motor vehicles, remotely.

The same vulnerabilities exist within the technology currently being utilized in manufacturing plants. Industrial control systems connected to a Wi-Fi network can be hacked, causing machinery to malfunction or proprietary information to be exposed.

Industry Week reports that a software glitch allowed hackers to remotely commandeer a Jeep Cherokee while on the move. In another case, a blast furnace at a German steel mill suffered major damage when attackers used ‘phishing’ emails to steal login information that gave them access to the mill's control systems.

In yet another example, an independent security organization scanned 900 MHz bandwidth used by IoT wireless devices and found, to their client's astonishment, that the client's building HVAC (heating, ventilating, and air conditioning) was IoT-connected.

The client didn't know this, and wasn't responsible for its security. It was also identified that the HVAC devices had default passwords and very little by way of security. If a hacker had gained control of these devices, they could have caused potential damage.

Hackers

In 2013, the U.S. Federal Trade Commission settled with TRENDnet, an IoT vendor that supplied home viewing technology called SecureView. Despite the vendor's claim that its products were secure, they in fact had an exploit that allowed them to be controlled remotely by anyone with the camera's address. There was also a third-party website where absolutely anyone could click a camera to see what the camera could see. (Source for previous examples: IT Business Edge, Beware the Hidden Dangers of the Internet of Things).

These types of threats put manufacturing, the automotive, and other industries on notice as the ability to seize data from or take control of inanimate devices is now possible with wireless Internet connections. Supply chains can become susceptible to attacks, causing a complete disruption in business operations. This in turn means lost revenue, a depletion in consumer confidence, and hardship in rebounding.

Smartphones increasingly have the ability to remotely control an entire ecosystem of new devices, but these Wi-Fi connections need heavy security to protect personal data bouncing between these products (Source: U.S. News, The Privacy, Security Risks of the Internet of Things).

It’s a scary thought. The ease in which these risks can morph into actual business losses is alarming.

But despite the exposures, business owners can still adopt The Internet of Things technology with confidence, as long as a solid risk mitigation plan is established. Protecting your business with security measures on the front-end and adequate loss funding on the back-end is the only course of action that makes sense in an environment where technology determines competitiveness.

Captives and The IoT

According to the U.S. Federal Trade Commission, there are twenty-five billion devices online, with separate research from HP stating that 70 percent of IoT devices are unsecured. Despite the numbers, the perception among manufacturers is that The Internet of Things is important and even integral to business and industry growth.

Cyber CrimeThe interconnectivity of devices, vehicles, buildings and the Internet is just as important today as water, steam, machine tools, and factories were to manufacturers during The Industrial Revolution. It’s safe to say that the adoption of technology is inevitable—and so must the adoption of comprehensive risk coverage.

Cyber risk coverage can certainly be found in the conventional marketplace, but unfortunately, policies have not fully addressed the broad spectrum of cyber risks. This is why the formation of a captive insurance company is so important for owners of closely-held businesses. As a supplement to an existing commercial policy, captives afford broader coverages that can address exposures stemming from The Internet of Things and other technologies.

Captives are an attractive option for the midmarket because the tailored coverages written under it reduce or prevent out-of-pocket expenses to pay for losses. Ancillary benefits can also be leveraged by companies who choose to self-insure through their own captive insurance company.

As a manufacturer, partnering with a top-level captive insurance planning company is the first step toward forming your own captive while keeping in compliance with regulatory and governmental laws. It’s the best way to combat risk and "lean in" when it comes to tech advances.

Call the experts at Capstone to learn more: WEB_TEL .