• Email
  • Facebook
  • LinkedIn
  • Twitter
  • Vimeo
Contact Us

Manufacturer's Edge

Transforming Colorado One Company at a Time

  • COVID-19 Resources
    • Main COVID page
    • Product & Services Directory
    • Critical Supply List – Manufacturing Specs
    • Cybersecurity
    • Health and Safety in the Workplace
    • Loans & Financial Resources
    • National/International Resources
    • State Resources
    • Supply Chain
  • About Us
    • Staff and Locations
    • Board of Directors
    • Partners
    • Manufacturing Minutes Newsletter
    • Videos
    • Webinars
    • Success Stories
    • Congressional District Fact Sheets
  • Services
    • Cybersecurity
    • Continuous Improvement
    • Technology Acceleration
    • Supplier Development
    • Sustainable Practices
    • Workforce Development
    • Online Programs
  • Events
  • Small Manufacturer’s AdvantEDGE
  • Manufacturers Connect
You are here: Home / Uncategorized / Simply Cyber (vol. 31): Trick or Treat Technology

Simply Cyber (vol. 31): Trick or Treat Technology

by Jennifer Kurtz, Cyber Program Director

As a first-grader walking twilight streets with classmates in Youngstown, OH, I learned about Halloween’s best practices: knock on a neighbor’s door, recite the “Trick or Treat” mantra, open my pillowcase to receive candy, move on to the next house. I also learned that some people begrudged such traditions, mistrusted young masked children, and anticipated potential cheaters. One woman accused me of being a repeat visitor because of the black construction paper witch’s hat I work. Intimidated (but recognizing the injustice of false accusation), I protested that our whole class at St. Edward’s School had made the same hats. I also realized that what I had considered an asset (strength)—my handmade costume accessory—was also a vulnerability (weakness).

Disappointed that my pillowcase was not an ounce heavier and perplexed by the conflicting perceptions of my witch’s hat (after all, parochial school teaching encouraged clear definitions of right and wrong), I retreated to the sidewalk to wait for my friends to continue our quest for Halloween loot. My confidence was shaken.

Technology implementations often show this kind of duality. For example, connecting factory systems (operational technology) to front/back-office systems (information technology) sounds like a good idea for streamlining business-related activity—something like having everyone in class work on the same (witch)craft project. But this newly integrated asset can also create a new attack surface or vulnerability. In the case earlier this year of a US natural gas producer, an email message carrying a ransomware payload was opened by an employee using the information technology (IT) system, which was connected to the operational technology (OT) system of the gas compression facility. This compromised OT-driven machines, leading to their malfunction and consequent shut down to prevent further damage. The collateral effect was that the pipeline was unavailable for two days. Such attacks on industrial control systems have increased over 2000% in the past year, according to a recent IBM report.[i]

The lesson here is not to stop modernizing production facilities through the integration of IT and OT systems. The lesson is just to move cautiously. During a panel discussion on “securing the connected and digitized factory” at the October 13 ManuSec Summit, panelists from Nexteer, Petronas, and Fortinet commented that such connectivity is becoming more relevant in the Covid era and can be helpful as a means to reducing the health risks associated with many personnel being on-premise. As with my witch’s hat, technology can be both trick and treat, asset and vulnerability.

Reflecting back on the lessons I learned from my first Halloween outing, there are some tips for prudent technology implementation:

  • Magic phrases don’t always work. (Even “please and thank you” and knocking on wood have limited protection qualities.)
  • Unique proof of identity is important. (Multi-factor authentication is really, really a terrific tool to prevent access across systems.)
  • An unprotected asset can create risk. (Segregate systems into distinct, identifiable protection zones. As a child, I could have just painted a green stripe on my hat to differentiate from all the others!)

[i] https://www.eenews.net/stories/1062388455

Consulting

Featured Consulting

Company transformations

Training

Training

Results-driven training

Events

Events

Browse upcoming events

Success Story

Success Story
Food Manufacturer Takes Kata to a Whole New Level Thanks to Virtual Collaboration

Ready Foods was founded in 1972 by Luis Abarca, a Mexican immigrant. Their first kitchen was located in a small meat plant located under the Colfax viaduct. In 1992, the reins of leadership were passed onto his children Marco and Adrianna. They have been able to grow the business

Cost Savings
1,000,000
Read Full Story
Manufacturer's Edge
Manufacturer's Edge
2650 E 40th Ave
Denver, Colorado 80205
info@manufacturersedge.com

Click here to find our staff & locations
Sign Up for Email Updates
For Email Marketing you can trust.

© 2021 · Manufacturer's Edge All Rights Reserved

Phone: 303.592.4087

  • COVID-19 Resources
    ▼
    • Main COVID page
    • Product & Services Directory
    • Critical Supply List – Manufacturing Specs
    • Cybersecurity
    • Health and Safety in the Workplace
    • Loans & Financial Resources
    • National/International Resources
    • State Resources
    • Supply Chain
  • About Us
    ▼
    • Staff and Locations
    • Board of Directors
    • Partners
    • Manufacturing Minutes Newsletter
    • Videos
    • Webinars
    • Success Stories
    • Congressional District Fact Sheets
  • Services
    ▼
    • Cybersecurity
    • Continuous Improvement
    • Technology Acceleration
    • Supplier Development
    • Sustainable Practices
    • Workforce Development
    • Online Programs
  • Events
  • Small Manufacturer’s AdvantEDGE
  • Manufacturers Connect