Manufacturing in the Crosshairs – An Interview with BlackBerry CTO Shishir Singh

We all rely on the manufacturing sector. It produces much of the food we eat, the vehicles we drive, the devices we use to communicate, and the healthcare products we use to extend our longevity. And yet, this linchpin of our day-to-day lives is woefully vulnerable to disruption from cyberattacks.

“Global manufacturers are headed for stormy waters,” warns BlackBerry Chief Technology Officer Shishir Singh in a recent live video interview with BlackBerry Public Relations Manager Rosie Del Campo.

The Achilles’ heel for the global manufacturing sector, Singh says, is its reliance on dated OT (operational technology) — the industrial counterpart of IT (information technology) — that’s required to manage machinery and other factory-floor systems. The long-heralded convergence of OT and IT promises huge improvements in productivity, but the near-term impact includes the increased risk of cyberattacks that can cross over from traditional data networks to compromise critical OT assets.

The OT-related challenges were confirmed by a new BlackBerry survey of 1,500 manufacturing IT decision-makers across North America, the United Kingdom, Germany, Japan, and Australia. The results reveal key drivers of the global risk that OT/ IT convergence poses for manufacturing, and the ways IT leaders in this sector are addressing their growing concerns.

Watch the full interview with Shishir and Rosie below.

Key Statistics

• Three out of four manufacturers surveyed said they were subject to a cybersecurity incident in the past year, either from being targeted directly or through discovering a vulnerability. This includes incidents that stem from employee errors.
• 75% of IT decision-makers in manufacturing are concerned they may become targets for state-sponsored threat actors who seek to damage critical assets, steal information, or conduct industrial espionage.
  
• 86% admit to running core functions on outdated and unsupported legacy operating systems, which by definition lack active, built-in security defenses.
  
• 68% of IT leaders say it is more difficult to defend OT than IT infrastructure.
  

Manufacturing: The Growing Cyber Target

BlackBerry’s recent blog, “Securing Operational Technology in a Hyperconnected World: How One Global Manufacturer Is Doing It Now,” describes how costly work stoppages are in manufacturing, and why it’s crucial to avoid them. The overwhelming impact of unplanned downtime makes manufacturers highly susceptible to ransomware attacks. Furthermore, because manufacturing partners are often privy to valuable intellectual property, including blueprints, formulas and designs, they also make attractive targets for online theft and cyber espionage.

Unfortunately, counteracting these risks is proving more and more difficult, Singh says. “Old hardware and operating systems that are not regularly patched are reasons why malicious actors can get into the [OT] environment quickly and easily.” 

As Singh explains in his blog, “Operational Technology Cyberattacks and the 2023 Threat Landscape,” the cyber risk confronting OT is quickly becoming a barrier to progress. Many organizations attempting to accomplish modernization and digitization initiatives find themselves shackled by aging hardware and outdated software platforms, and as a result, struggling to unify security across disparate technologies. Fortunately, there is a light at the end of the tunnel, Singh says: The key lies in the way we secure operational technology. 

The Way Forward: Self-Defending Factories

Could a business establish a “self-defending” factory floor that stays protected — even when systems become disconnected from the network, or were never connected to it in the first place? It’s possible, Singh affirms. “Thanks to AI (artificial intelligence) and machine learning algorithms, we now have cybersecurity solutions that provide protection in an air-gapped environment. A regular content update coming from the outside world is no longer necessary.”

BlackBerry has developed just such a solution, Singh says, with a lightweight footprint and OS-agnostic design, yet robust enough to work effectively even in a completely disconnected environment. The platform is particularly attractive to manufacturers seeking to modernize their environments because it allows them to deploy and manage a single solution to protect every endpoint across both their IT and OT networks. For mixed OT/IT environments, it means:

• Whether your OT systems are air-gapped, connected, or somewhere in between, the platform eliminates complexity via instant compatibility. This functionality fast-tracks uninterrupted business evolution with strong threat resiliency out of the box.
• There is no need for signatures, heuristics, or internet connectivity to remain protected.
  
• Cylance® AI from BlackBerry does not require online access or disruptive updates to remain effective.
  
• The platform improves risk posture for application inventory and prioritization.
  

This approach also helps protect endpoints across all operating systems, regardless of their age. This is crucial in sectors like manufacturing, where outdated operating systems often support critical systems and machinery that typically stay in use for decades. This is far too long for your factory floor to remain inadequately protected, Singh says. A cyberattack against your OT equipment now puts the rest of the business at risk, as OT and IT systems become increasingly interdependent. 

There’s Good News

“The good news is that, based on the artificial intelligence and machine learning algorithms we have developed, we now have a cybersecurity solution where we can provide this protection – even in an air-gapped, isolated environment,” Singh says.

“Our philosophy is 'prevention first.’ That's where we lead,” he adds. “And why we are very successful in these sectors.”

Related Reading

• New Independent Tests of Endpoint Protection Reveal Marked Differences in Performance, Efficacy
• Securing Operational Security Environments
  
• Operational Technology Insights Guide [eBook]