Securing Your Company's Manufacturing Data

Avoid breaches by knowing what to protect and how to protect it from external threats and internal accidents.
Dec 01, 2005
Volume 18, Issue 12

Bryan L. Singer, CISSP
The adoption of open networks in manufacturing environments, and the expanding connectivity and decentralization of computer systems and databases, are making the need to secure a company's automation and production systems more important than ever. The direct linking of manufacturing systems to information systems through the presence of Ethernet on the factory-floor creates an environment where traditional information technology (IT) and manufacturing worlds collide. This trend increases the vulnerability of these systems to the same security threats facing today's IT environments. Attacks — whether direct or indirect — from hackers, worms, viruses, and employees can affect the safety and security of people, products, processes, and productivity.

With increasing pressure from consumers and government bodies to ensure product authenticity and safety, life sciences companies need to consider security solutions that help them maintain regulatory requirements and also protect their manufacturing processes. One way companies can ensure their operations and systems are completely secure, is by staying educated and up-to-date on existing and emerging security threats to their facilities and developing a detailed and comprehensive plan of action similar to the one described in this article.


Though most manufacturers acknowledge that threats exist, it is difficult for them to determine just how vulnerable their systems are and what measures can improve factory floor security. An ARC Advisory Group report states that 92 percent of manufacturers claim plant security is of the utmost importance.1 However, only 3.6 percent state that their facility is "completely secure," meaning they are satisfied with precautions taken to protect assets from internal and external threats.

While the need to improve the security of manufacturing control systems is an important issue across all industries, it is especially critical for the life sciences industry. With millions of dollars invested in the research and development of a single product, one incident of counterfeiting or product tampering can have a significant impact on a company's bottom line.2 According to the International AntiCounterfeiting Coalition, counterfeiting pharmaceutical products has become a $350 billion per year problem.3 Criminal investigations of counterfeit drugs by the FDA has more than doubled in the last two years.4


Figure 1. Defense Measures For Security and Data Protection
Concerns typically faced by IT managers — viruses, Trojan horses and phishing — combined with the threat of espionage keep plant-floor security managers awake at night. Viruses and Trojan horses can wreak havoc on computer systems and render them inoperable. Phishing relies on fake credibility to lure victims into revealing proprietary information based on the tendency to trust the security of a brand name. Personalized e-mails linked to legitimate-looking web sites inform recipients that their password or other vital information has been compromised, and urges them to click on the web link to update their profiles. The link takes the victims to a fake web site where any corporate or financial data entered are routed directly to the phisher.

Computer security practitioners define a specific threat facing every company as social engineering. It is the practice of obtaining confidential information by manipulation of legitimate users. Parties interested in stealing a company's proprietary information contact unsuspecting employees via telephone or the Internet to request specific information. These scammers are looking to find anyone who might divulge information about a product or production process. If combined with other bits of information gathered from other unsuspecting employees, this detail can provide them with valuable information about a drug's recipe or manufacturing process.

lorem ipsum