Huge spike in cybercrimes with manufacturing on the front line


Share

The COVID-19 pandemic has resulted in a massive spike in cybercrime with manufacturing on the front line, and micro, small and medium enterprises particularly vulnerable to attacks, Houlin Zhao, the Secretary General of the International Telecommunication Union (ITU), warned today at the Global Manufacturing and Industrialization Summit (#GMIS2020) Digital Series.

Zhao’s remarks came in a keynote address that preceded a panel discussion around the topic of ‘Cybersecurity: Safeguarding the future of manufacturing’, which included representatives from GE, United Airlines, Good Harbor Security, and Dublin City University (DCU). 

Houlin-Zhao,-the-Secretary-General-of-the-International-cybercrime-techxmedia

“If we want to safeguard the future of manufacturing, businesses of all sizes need to rally around good cybersecurity practices,” Zhao said. “We at the ITU believe that, in addition to regulations, voluntary standards are an important tool to support reliable and predictable management of risk.”

Zhao also categorically rejected conspiracy theories that COVID-19 is transmitted via 5G networks, which he said would be critical to the next wave of manufacturing innovation and acceleration towards the achievement of the Sustainable Development Goals (SDGs).

“Let me be clear, viruses cannot travel on radio waves and mobile networks,” he said. “These claims have no scientific basis whatsoever and ITU condemns the attacks on infrastructure vital to address the pandemic and keep our economies and societies working,” he said.

Now is the time to invest in cybersecurity

Emilian-Papadopoulos,-President-of-Good-Harbor-Security-cybercrime-techxmedia

Emilian Papadopoulos, President of Good Harbor Security, stressed that the crisis had hit companies hard and imposed financial constraints that meant investments in cybersecurity are not necessarily a top priority.“The attackers are still coming at us. They didn’t stay at home and stop working. And the coronavirus has just taught us that Black Swan events happen. So now is not a time to be constraining the purse strings for the CISO, we need to actually invest more in security right now,” he said.

Deneen-DeFiore,-Vice-President-and-Chief-Information-Security-Officer-cybercrime-techxmedia

Deneen DeFiore, Vice President and Chief Information Security Officer (CISO) of United Airlines, also warned companies against compromising on cybersecurity, saying that there was no question that cybercriminals were taking advantage of the crisis and that industry data showed threat activity had increased by as much as 1,000%.“It’s not the time to cut the budget. It’s actually the time to double down and make sure that you are closing the gaps. That doesn’t mean investing millions of dollars, but there are lots of things you can do to get back to basics and shore up those vulnerabilities and heighten your posture a little bit,” she said.

Towards global standards

Justin John, Executive Technology Director of GE, stressed the importance of strengthening standards governing cybersecurity and fourth industrial revolution technologies so that more companies complied with them. “There’s a number of standards that are out there, but they lack regulatory teeth. They lay out a really good plan of how you should comply, but there’s nothing that’s enforceable about them,” he said.

Ray Walshe, Dublin City University (DCU) and Technology Standards Leader – EC, WEF, UN, agreed on the importance of developing international standards due to the proliferation of new technologies coupled with the complexity of global supply chains.  “The whole ecosystem that we’re living in has changed. Emerging technologies are highly embedded in the manufacturing industry now,” he said. “Standards give you that interoperability when you have people who are geographically dispersed and you’re trading across international boundaries. Standards are the glue that holds all these ecosystems together, so I can’t emphasise enough how important that standardisation process is.”

DeFiore cited the aviation industry as an example of a sector where global standards had been successfully introduced and said this could be applied across other industries.  

“You’re only as secure as the entire ecosystem and in aerospace and defence that’s huge,” she said. “Our assets are big, they’re mobile and they cross international boundaries. So, for us, cybersecurity is paramount, as is having standards that are enforceable and normalised across the standards bodies, as well as regulators, and are easily implemented by operators. That’s something that we’re working on in the aviation industry but should be applied across many other industries as well.”

Multi-stakeholder collaboration is vital

John stressed the importance of multi-stakeholder collaboration to combat the threat posed by cybercriminals. He said national labs and academia are constantly conducting groundbreaking research into AI machine learning techniques in cybersecurity. Industries then deploy the technology in the market while governments can shed light on the attacks that are taking place at a national level.

“You combine all these together and you can keep pace with what the hackers are doing. And the goal of the government is to get that technology to the customers because they want to raise the level of cybersecurity across the globe. It’s really a win-win for everyone on the defence side of cybersecurity.”

Walshe said collaboration was key for standardisation and that it should happen on an international level in order to facilitate global trade. He said a joint technical committee of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) is developing standards for cybersecurity which would be adopted by the European Union.

“As soon as that happens, then all national bodies who are members of the EU will adopt that as a national standard, which is then used as a mechanism for regulation, certification, and legislating for cybersecurity issues. So, the best way to do it, which allows for international trade, is through international standardisation,” he said.

Papadopoulos said the most effective role for government is to focus on managing systemic risk by looking at critical nodes across digital supply chains to identify vulnerabilities in infrastructure that many small companies and entire industries depend on.

“Government has a role to look at that systemic risk and say it’s not any one company’s job to fix that,” he said. “But if it goes wrong the nation suffers, the international community suffers, and therefore it is government’s role to go and look at those problems.”