U.S. Manufacturers Are Prime Targets for Cyberattacks, Report Says
WASHINGTON–U.S. manufacturers remain the prime targets for cyberattack and cyberespionage by malicious hackers, a new industry report shows. The report warns that there is a critical need for U.S. government and industry to build an effective cybersecurity framework to safeguard against a future major attack on the U.S. manufacturing industry, which forms the backbone of the U.S. economy and is responsible for equipping the U.S. military.
The report, titled “Cybersecurity for Manufacturers,” is produced by Computing Research Association’s Computing Community Consortium (CCC) together with MForesight, a federally-funded consortium for the U.S. manufacturing industry.
While cyberattacks still most often target high profile sectors such as financial services, public administration, and utilities, manufacturing as an industry is a very significant target for the theft of intellectual property (IP) and trade secrets, sabotage of processes and output, extortion, and malicious damage to networks and information systems, the report says.
The report notes that although there has not yet been a major successful cyberattack on the U.S. manufacturing industry, the scale and variety of recorded cyberattacks on U.S. manufacturers have only been growing in recent years and are quickly approaching a critical level. Because there has not been a reported major incident, however, financial or regulatory incentives to improve preparedness beyond the current level remain lackluster.
The lack of recognition of the threat may represent the greatest risk of cybersecurity failure for U.S. manufacturers, since they are the targets of nearly half the known global cyberattacks on manufacturing, the report says.
U.S. manufacturers are often the targets of cyber-espionage attacks that sought to steal American intellectual property (IP) and trade secrets. Citing research done by Symantec, the report says that more than half of successful IP thefts involved state-affiliated actors, and 57 percent of these attacks had their origins in China—although detection of Chinese-origin malware has fallen following a 2015 cyber agreement signed between the United States and China.
During the launch event for the report which was held on Sept. 22, several experts on the panel also attested to the growing concern for the risks of cyberattack on the U.S. manufacturing industry supply chains that are responsible for equipping the U.S. military.
Mike McGrath, consultant for McGrath Analytics LLC, said that many adversary nation states could be sophisticated enough to introduce a malicious defect in U.S. military equipment, maybe even an exploitable defect that can be triggered at a late time of the adversaries’ choosing.
Among the list of recommendations by the report is the call for the creation of a public-private partnership focused on manufacturing supply chain cybersecurity. The U.S. government should also establish a federal research initiative dedicated to address cybersecurity challenges and opportunities, the report suggests.
Americans Targeted by Global Hackers
Outside of the manufacturing industry, numerous major cyberattacks against other industries and U.S. government agencies have taken place in the last few years. Many of these have succeeded and produced serious, long-term consequences that continue to jeopardize U.S. national security and the interests of the American public at large.
In 2014, Sony Pictures suffered a massive hack in which a hacker group—later identified by U.S. intelligence as from North Korea—stole a large amount of data from the entertainment company and used it to blackmail the company into withdrawing a comedy making fun of the regime’s dictator, Kim Jong-Un.
Similarly, in 2015 Chinese regime-affiliated hackers were found to have infiltrated the U.S. Office of Personnel Management (OPM) and compromised the records of 22 million Americans who worked for the U.S. government.
Just recently, the credit rating firm Equifax Inc. is reported to have suffered a massive breach in which hackers compromised the personal data of more than 140 million Americans.