Biblio

The manufacturing and production industry must address physical, human, and cyber threats in order to secure their supply chains. Physical threats include climate change/natural disasters that may reduce the supply of raw materials and disrupt production of final products. Facility flaws – “guards and gates” – also present a physical threat that may allow penetration points at manufacturing sites. Malicious human actions (e.g., crime, sabotage, and terrorism) and non-malicious human actions (e.g., accidents and negligence) also threaten “just in time” manufacturing schedules. Finally, cyber threats including ransomware attacks, software supply chain exploits a means by which threat actors may compromise industrial control systems as well as corporate networks and information systems bringing production to a standstill.

Another risk posed by the limited number of available vendors is the threat of supply chain attacks. According to researchers at CrowdStrike on June 27, 2017 the destructive malware known as NotPetya was deployed using a legitimate software package employed by organizations operating in Ukraine. The attack used an update mechanism built into the software to provide updates and distribute them to the vendor’s customers. This same mechanism had been used a month earlier to deploy other ransomware attacks. Supply chain attacks exploit a trust relationship between software or hardware vendors and their customers. These attacks can be widespread targeting the entire trusted vendor’s customer base and are growing in frequency as well as sophistication.