Cybersecurity Best Practices For
Connected Devices In Manufacturing

The speed of technological development in manufacturing means cybersecurity must be constantly upgraded and adapted to handle the latest threats, and manufacturers dedicate significant resources to ensure their digital safety.

It hasn’t always been this way. For a long time manufacturers thought they weren’t targets for hackers and cybercriminals. That quickly changed after a number of cyber attacks from 2017 to 2020 hit major global manufacturers, including Norsk Hydro, Renault-Nissan and Mondelez. These attacks exposed customer lists, compromised IT infrastructure, and brought production to a grinding halt. It’s estimated these and other cyber attacks have cost the industrial sector billions of dollars in lost revenue, production stoppages and ransoms.

Cybersecurity is a company-wide concern

The technology that enables connected factories, the Industrial Internet of Things (IIoT) and unattended manufacturing also brings security risks to the shop floor. Many robots, machine tools and other shop floor equipment are now “smart machines” with the ability to connect to each other, the company’s network and the internet. This creates a new set of challenges for cybersecurity professionals in manufacturing. Luckily, some equipment providers have recognized the threat and have developed robust cybersecurity protocols to help their customers meet the challenge.

Best Practices For Choosing Connected Devices

There’s a lot to consider when making buying decisions for manufacturing equipment—sometimes security is overlooked.

Here is an easy checklist to follow when investing in connected equipment for your factory:

Choose products/platforms designed for security from the start

“These days, this should be the starting point for any buying decision,” says Meagan Hiatt, Flexxbotic’s Senior Software Engineer. “Security is often overlooked or is not considered a priority, particularly when companies are trying to push out initial products.”

Hiatt says designing with a security-forward approach reduces the patches needed in the future, creating a more stable software platform.

Choose patchable devices made by a reputable company

A product that was made five years ago will not have the security standards of today’s products. If the device can’t be patched, you have a gaping hole in your cyber security. The software engineers at Flexxbotics make sure they know of any newly discovered potential security issues with any end devices, so it can prevent any attacks coming though those vulnerabilities until they are patched.

Choose products/platforms using Token

Choose products that use the latest security standards—like HSTS (HTTP Strict Transport Standard) and JSON Web Token (JWT tokens)—when authenticating users and requests to help secure data. Click here to see a list of Flexxbotics’ compliance certifications.

Use Auth0 and other certified third party tools

Common security issues in manufacturing include ransomware attacks and intellectual property theft. Both of these attacks can be devastating for a company.

“Because of this, protecting client data is extremely important and using a third party software or service allows for the security features to be thoroughly tested and certified by a dedicated team at the third party vendor, while we can focus on the features our clients need,” says Hiatt.

Examples of third party tools are Auth0 and AWS Cloud.

Don’t Skip Updates

Keeping systems up to date is vital. Many security breaches come through vulnerabilities that don’t get fixed because updates aren’t done. There are still many factories that run Windows XP, which hasn’t been supported for over eight years. Flexxbotics cloud software (FlexxControl™) is always up to date and its FlexxEdge™ hub for end devices in workcells uses centralized updating so quick to do with very little machine downtime—users can easily see when a FlexxEdge needs a software update.

Flexxbotics also conducts extensive testing using an external service for software penetration testing, which is a method to ensure there are no weak points hackers can use to gain access. Tests are run monthly, and clients can inspect the testing results. In addition, internal weekly reviews are performed to check package vulnerabilities for software tools. If an issue is discovered, engineers immediately address it.

“Software security is something we’ve concentrated on since day one, it’s part of our development and design DNA,” says Hiatt. “At every stage of our software development lifecycle, we consider security. We have it enabled both for our FlexxEdge hub and FlexxConnect™ portal control software.”

Cybersecurity is More than Protecting your Website

Manufacturers may not think that shop floor equipment is at risk, but as the number of IIoT devices expands, so does the risk. Tom Meehan, cybersecurity and loss prevention expert and chief strategy officer at electronics manufacturer CONTROLTEK, recently outlined the top cybersecurity risks for companies when he spoke at AEM’s Product Safety & Compliance Seminar.

He said that while traditional attacks such as ransomware and phishing are still a threat, one of the biggest gaps in manufacturing cybersecurity going forward will be the number of connected devices on the shop floor.

“The more connected you are, the more vulnerable you become because your digital footprint expands,” he says. “All of these connected products create entry points into your network. Even if an IoT device doesn’t necessarily create an intrusion point into your network, it could create a disruption point for your business.”

The disruption created by this sort of attack can be very costly. One such attack could be hacking a robot to create micro defects in a part production program, rendering an entire production run unusable and hurting your reputation with the customer. Another risk is a hacker stealing proprietary production techniques from the network, jeopardizing your competitive advantage and that of your customer. This all creates yet another layer of due diligence for manufacturing companies.

At Flexxbotics, all of this is part of the package. “Companies have to question the security implications of every new product they bring in,” says Hiatt. “Being able to say that we’ve developed a secure software and run monthly tests to ensure our code is secure and that we stay on top of the security patches for Amazon Web Services (AWS) and other Cloud frameworks is a big plus for our customers.”