Shoring up the cyber world
Published: 08 Jun 2016 By Evelyn Adams
Manufacturing is now undergoing a transformation as part of ‘the fourth industrial revolution’. This will see greater integration of digital process and physical products to drive down costs and increase efficiency. For manufacturers, that means moving certain processes to the Cloud and using the ‘Internet of things’ to gather huge amounts of data on the products. But that data may not be safe.
Cyber-attacks on engineering and manufacturing firms are on the rise – and the fourth industrial revolution could be about to make things much worse. Now, Britain’s manufacturers are being urged to improve their planning to counter the increasing number of cyber security threats. EEF, the manufacturers’ organisation, made the call on the back of a new survey showing just how little some manufacturers have been doing to mitigate cyber threats.
EEF’s findings, published last month, reveal that just under half of manufacturers have failed to increase their investment in cyber security in the past two years. That number is even greater for small manufacturers at 56 per cent. The organisation also found that two in 10 firms are not actively making employees aware of cyber risks, while less than six in 10 say cyber security is given serious attention by their board.
“Companies will inevitably find themselves more vulnerable to cyber breaches” - Lee Hopley, EEF
“As technology and data start to play increasingly critical roles in manufacturing, companies will inevitably find themselves more vulnerable to cyber breaches,” said Lee Hopley, chief economist at EEF. “Our survey highlights that investment in new technology isn’t being matched by investment in managing risks, especially among smaller firms.”
Government figures back up this claim. They show that last year, 90 per cent of large businesses and 74 per cent of small businesses reported a cyber-security breach – an increase on 2014. It is believed the average cost of these hacks is between £1.46m to £3.14m for a large firm and £75,000 to £311,000 for a small business.
“Technology is set to transform our industry as part of the fourth industrial revolution, opening up immense opportunities and possibilities but risks run alongside the rewards,” said Hopley. “It is important that manufacturers are able to identify, understand and put the correct strategies in place to keep their businesses safe and cyber secure.”
In response to the threats and, to back its call, EEF has developed a free online tool that will enable manufacturers to benchmark their cyber security skills. But the EEF said what is really needed is for employees to get training in how to best tackle cyber issues and mitigate the risk for their companies. There are an increasing number of continuing profession development (CPD) and training initiatives available that can help employees of engineering businesses learn more about cyber security.
For instance, on 15 June, the IET is holding a one-day seminar titled ‘Cyber security in modern power systems’. The course will help address the risks that hackers pose to networks and supply that power critical infrastructure. “Cyber security for power networks and energy systems is gaining momentum and a higher level of importance with increased threat of attacks to our critical infrastructure.
The risk of cyber-attacks to vital infrastructure is no longer a new threat and this event will offer an overview on operational and technical strategies for large and complex networks,” according to the IET.
Meanwhile, for engineers earlier in their careers, the government-based Cyber Security Challenge this year revealed it is offering the UK’s first Extended Project Qualification (EPQ) in cyber security. This is a level-three qualification – the equivalent of an AS level. The qualification is open to anyone and can be studied in an independent capacity by registering through Cyber Security Challenge UK.
“Too many firms are losing money, data and consumer confidence with the vast number of cyber-attacks. It’s crucial businesses are secure” - Ed Vaizey
The EPQ is based on the newly agreed National Occupation Standards (NOS) for cyber security, which is designed to be relevant for industry. It was set up by Cyber Security Challenge UK in collaboration with a number of independent cyber education specialists, including (ISC)2 – the world’s largest body of info security professionals.
“The subject is becoming increasingly important and for it to be officially recognised at this level paves the way for individuals to consider a career in the sector much earlier on,” said Stephanie Daman, CEO of Cyber Security Challenge UK. The qualification can also be used to supplement existing skills in engineering, and, according to CSC UK, would be a good investment in future employment opportunities.
Universities also offer a more traditional route into training by offering short courses in cyber security for engineers. For instance, Glasgow Caledonian University is offering a 10-week course aimed at providing engineers an introduction to core security concepts. The syllabus covers topics from cyber security terminology to devices and strategies used in maintaining secure networks.
For those who prefer distance learning, Queen’s University Belfast is offering ‘Cyber security CPD for industry professionals’. “As the risk of cyber security grows, a major issue for business is the capacity to train existing staff in 02 managing this risk in a cost-effective and flexible way,” according to the university, whose course is being led by Prof Maria Lee. “Through the design and delivery of an online module, the project plans to test the potential for training staff in-house using a flexible course design model.”
As well as professional organisations and universities, the government is providing help by offering through the ‘10 Steps to Cyber Security’ scheme, which provides advice to large businesses and the ‘Cyber Essentials scheme’ is available to all UK firms. The government is also creating a new National Cyber Security Centre offering industry what it claims to be a ‘one-stop shop’ for cyber security support.
“The UK is a world-leading digital economy and this government has made cyber security a top priority,” said minister for the digital economy
Ed Vaizey. “Too many firms are losing money, data and consumer confidence with the vast number of cyber-attacks. It’s absolutely crucial businesses are secure and can protect data.”