Supply Chain Complexities Increase Risk of Cyberattack
The supply chain is more connected than ever, which means more vulnerabilities exist that allow cyber criminals to gain access to sensitive information.
Most software providers regularly send updates to their systems to fix bugs or provide additional features, and routinely installing these updates has long been recognized as one protection against cybercriminals looking for ways into a network. Unfortunately for 33,000 customers of SolarWinds, a software technology company, the update sent by the company in March 2020 included a malicious code placed by hackers.
The code created a backdoor into the customer’s information technology system that allowed placement of other malware that allowed hackers to spy on companies and organizations for many months before detection.
This real-world example of the interconnectedness of the supply chain demonstrates that the risk of cybercrimes can come from any supplier, vendor, logistics partner or even department within your own organization if a comprehensive cybersecurity program is not in place.
“Everything in the supply chain is more connected than ever,” said Nathan Bivans, chief technology officer for MHI member Fort Robotics. “Leveraging data from all areas of the operation to improve processes has always been important but technology has increased our ability to gather data rather than rely on staff for information.” As machines become more intelligent and can “talk” with each other, those connections can create vulnerabilities that allow cyber criminals to gain access to your network, he said.
Although some cyberattacks may be about spying on a company, many more are about exploiting access to extort money to prevent disruptions to the business, said Bivans. “These are not always victimless crime either because delaying medical supplies while holding a company’s network hostage can affect lives.”
In the additive manufacturing environment, the cyber risk includes the theft of files that can be used to create counterfeit components or the alteration of files to affect the performance of parts, said John Wilczynski, the executive director of America Makes, a public-private partnership for additive manufacturing technology development and education. “Any new or emerging technology creates access points to equipment, software and networks,” he said. “We focus on technology protection to ensure that equipment and systems can transfer information safely and securely.”
There are different ways to protect networks on the software side, which include encryption, tokenization and blockchain, said Wilczynski, because blockchain is a system of recording information in a ledger in such a way that makes it difficult to change, hack or cheat the system. “On both the hardware and software side, it is important to protect information as it flows throughout the supply chain.”