Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Metal Fabricators Must Protect Themselves from Cyberattacks

Every industry is vulnerable to cybersecurity threats, including metal fabrication. Protecting this sector is critical, as essential infrastructure becomes more susceptible and desirable for hackers. Attacks like distributed denial-of-service (DDoS) that interrupt utilities and service access can disrupt communities and cities, jeopardizing livelihoods and daily necessities. 

Metal fabrication lies within the essential structures humans need. The amount of valuable information inside these databases, such as confidential blueprints and transactional records, is invaluable to threat actors. Supply chain and industrial professionals must include cyber defenses in their Industry 4.0 adoption and digital transformation initiatives to protect clients and communities from digital threats.

Understanding the Manufacturing Landscape

Ransomware, malware, DDoS, botnet, and phishing are only a few cyberattacks threatening manufacturing and metal fabrication. Some companies ignored cybersecurity for too longmaking them a prime target alongside their wealth of valuable information.

Stressed-out businesses focusing on staying profitable during material shortages and global conflict dismissed cyber hygiene, marking a historical high in the frequency of cyber invasions in metal fabrication.

Metal fabrication experiences unique challenges compared to other industrial niches. Metalworkers use different control hubs and systems than other parts of the manufacturing process.

These isolated systems cause gaps in protection when there should be a cohesive technological stack across all steps. Metal extends to countless industries, from tech to construction to automotive. Any second of downtime impacts multiple industries throughout the full supply chain—it makes fabricators particular targets for a widespread impact.

Recognizing the Impact of Industrial Cybersecurity Breaches

Metal fabricators invest over 95% of costs into the design process, so there’s a lot at stake. Budgets relying on ideation make cybersecurity attacks more severe, primarily when companies haven’t produced the work yet.

An example from 2016 demonstrates it’s not just internal processes that shut down in metal fabrication. Almost 25,000 metalworker union laborers had their data exposed in a breach because the database was not secure—and employee files were labeled with Social Security numbers. Expectations must shift with the landscape from reactive to proactive.

Data-driven decision-making and technological aids like AI are a staple of Industry 4.0, and metal fabrication is adopting them alongside industrial partners. They promise efficiency and productivity improvements but increase attack surface areas for hackers.

Internet of Things (IoT) devices are one of those avenues, and IoT isn’t known for its extensive cybersecurity features. The benefits often overshadow potential oversights from makers. However—tools like CNC machines are far more advanced than their predecessors, so not all technological adoption is inherently fraught.

Finding Metal Fabrication’s Entry Points

Legacy systems and industrial controls can present a large challenge for the metal fabrication industry. Every department—from floor workers to procurement—could potentially be reliant upon outdated software, posing a security risk with vulnerabilities that have been addressed in more modern systems and platforms. 

Digital transformation is a must in these situations. New technologies have insecurities, but outdated tech is no longer supported by programmers or engineers—making them perfect targets for novel cyberattack variants. At least new technology can withstand or delay the impact, and metal fabrication must embrace the learning curve to stay safe and secure.

Tenured employees are used to old systems, so learning new technologies can be challenging. During this transition, companies can take time to teach staff better cybersecurity hygiene and increase threat awareness. Human error is the most prominent cause of cybersecurity breaches for metalworkers, making them the first line of defense. The more companies bolster them, the better chance they will stand against threats. They can learn:

  • Password construction and management
  • Cyberthreat basics, including definitions and consequences
  • Chains of command for reporting suspicious activity
  • Reviewing or participating in cybersecurity testing exercises

These efforts include educating third parties and everyone in the supply chain. Metal fabrication requires a collaborative effort, and if one link in that chain doesn’t support cyber defenses, the rest could fall victim to that oversight. Everyone is responsible for holding each step accountable with reasonable contracts and expectations.

Prioritizing Protective Measures for Industrial Cybersecurity

Industrial cybersecurity includes numerous best practices. Some are purely digitallike using encryption on sensitive employee information. Others are more externallike reshoring metal-making efforts to contain surface areas. The best way to decide on priorities is to analyze the current landscape. What attacks are harming metalworkers the most this year? Depending on this answer, companies and unions can take these recommended steps with their internal or third-party cybersecurity teams.

The first is to create a strategy. There are numerous standards, practices, and conformance programs from the National Institute of Standards and Technology (NIST), the International Society of Automation (ISA), the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), the Cybersecurity Maturity Model Certification Program (CMMC) from the US Department of Defense.  Analyzing these will lead teams to perform tests, like vulnerability scans and penetration testing, on their systems to find loopholes. It could reveal opportunities for improvement, like data minimization or using a zero-trust framework. It might inspire teams to regularly update software and firewalls or back up data in immutable storage.

It’s critical to constantly test these strategies while leveraging other supplements like artificial intelligence, blockchain, and machine learning to help with threat and vulnerability detection. These tools can adapt to internal systems over time, becoming more familiar with operations to store transactions and data smartly while providing recommendations for continued development.

Eventually, it will develop into a curated business continuity and risk response plan. It will outline what tools are in place to detect, contain and eradicate threats. Effective strategies explain who has permission to perform tasks and access data, as well as recount historical datademonstrating improvements as metalworkers become safer.

Industrial Cybersecurity Is Essential for Metal Fabricators

Metal fabrication is just as vulnerable as any other industry regarding cyber safety. Companies must take threats seriously as they ramp up in severity and creativity. Critical infrastructure that relies on metal fabricators is a top targetso companies must immediately invest and implement the best cybersecurity practices like internal training as well as supply chain resilience.

The sector must set standards for every other industry it impacts by staying safe at the source. Threats are diverse and sometimes surprising, so no defense effort goes to waste. Proactive mentalities will be the most robust wall against cybercriminals impacting metal fabrication.

Emily Newton
Emily Newton
Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine celebrating advances in science and technology.

Related Posts

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM

Innovations in R&D: How AI Is Transforming Industrial Cybersecurity Operations

Industrial control systems are becoming more complex as evolved cyberattacks threaten industry functions....
Devin Partida Nov 15, 2024 7:00:00 AM

In Conversation with Authors of ISAGCA White Paper on Zero Trust and ISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) recently published a white paper exploring the application...
Kara Phelps Nov 8, 2024 12:00:00 PM