One year ago it was the WannaCry ransomware attack. Less than a year ago, the NotPetya cyber attack cost organizations like Merck & Co., FedEx, the port of Rotterdam and a whole host of others billions of dollars in total. Today geopolitical tensions are increasing and with them, the threat of more, and more-devastating, cyber attacks.
That was the warning issued by Roel Schouwenberg during his keynote address May 10 at the 2018 IndustryWeek Manufacturing & Technology Conference & Expo.
Schouwenberg is the director of intelligence and research at Celsus Advisory Group, and one of the first individuals to perform deep research on Stuxnet, a sophisticated computer worm discovered in 2010.
During his talk, the cybersecurity expert said nothing to make manufacturers rest easy about threats to their organizations from cyber attackers. In fact, he said just the opposite.
“Things are heating up,” Schouwenberg warned. He cited growing tensions between the U.S. and Iran following President Trump’s announcement that the U.S. would withdraw from the Iran nuclear deal, as well as the recent exchange of fire between Iran and Israel.
Iran is “very aggressive” in cyber space and has had “no qualms” about going after manufacturing in the Middle East, Schouwenberg said. He assured the group “it was very plausible” Iran could target U.S. companies as a result of the escalating tensions, particularly firms perceived as “true American brands.”
“I don’t think that is fearmongering whatsoever,” Schouwenberg said.
Cybersecurity does not exist in a vacuum, he noted. It is connected to everything, including geopolitics. Moreover, it is clear the Internet is becoming “militarized,” he said.
The keynote speaker spared no technologies or techniques as he discussed means used by cyber attackers to infiltrate companies. He referred to the Internet of Things as the Internet of Threats. He talked about the cloud, noting that once you begin storing things in the cloud, you still have to keep it secure and make sure your cloud provider is secure.
He called two-factor authentication “no more than a speed bump when we are talking about targeted attacks.”
And, Schouwenberg said, cyber attacks are becoming all about the supply chain. “[It] means you are both a target for attack and a vehicle for attack.”
Artificial intelligence adds yet another twist, he said. Cyber attackers began with hacking software. “The next step is hacking our mind.”
So what can manufacturers do in the face of increasing threats? The cybersecurity expert outlined steps to take, including:
- Look at security holistically.
- Identify key assets and lock down access.
- Talk to your suppliers and vendors.
- Consider whether your product/service could be attack vehicles.
The stakes are increasing, Schouwenberg said, and manufacturers need to adapt. Size doesn’t matter. Be aware that everyone can be a target, or a vehicle to get to a target.