Cyber agency warns of increased threats to manufacturing groups during pandemic

Manufacturing organizations are at higher risk of being targeted by hackers during the COVID-19 pandemic, the nation’s key cybersecurity agency warned Wednesday.

The Cybersecurity and Infrastructure Security Agency (CISA) laid out the potential threats to the critical manufacturing sector in an insights report released Wednesday, noting that attacks could increase due to more remote work, which had expanded the threat surface for hackers to exploit.

“The Critical Manufacturing Sector is at risk from increased cyber-attack surface areas and limited cybersecurity workforces related to the COVID-19 pandemic,” the report reads. “These trends increase the vulnerability of the Critical Manufacturing Sector to the growing number of ransomware attacks aimed at private businesses by increasing attack surfaces and reducing protective abilities. To mitigate future threats, the Critical Manufacturing Sector should prioritize the management of risks.”

ADVERTISEMENT

Key areas of concerns highlighted by CISA include the increased use of robotics and remote processes during the pandemic to protect workers, which CISA noted has opened up new security vulnerabilities, and the increasing lack of qualified personnel to protect highly technical manufacturing systems. Ransomware attacks, which have become a major concern during the course of the pandemic in all sectors, have also become a threat to manufacturing companies. 

"If current trends hold, attacks against manufacturing sector infrastructure will continue to increase,” the report reads. “A new threat to manufacturing—ransomware … has begun to target systems lacking the inherent security controls required to protect themselves. The result can be catastrophic production loss and downtime as well as lost revenues and penalties for production delays.”

CISA Director Jen Easterly tweeted out the report Wednesday, underlining the importance of manufacturing groups taking steps to protect themselves. 

“As more critical manufacturing plants move to adopt robotic process automation (RPA) due to Covid, bad actors have more opportunities to take advantage of vulnerabilities,” Easterly tweeted. 

Threats against the manufacturing sector have grown in recent years. The Department of Homeland Security, which houses CISA, announced in 2016 that it had investigated twice the number of attempted attacks on manufacturing companies in 2015 as it had the year before. 

More recently, researchers found that large biomanufacturing companies, including those involved in producing COVID-19 vaccines and medications, were targeted by hackers potentially linked to Russia.