Commentary & Insights

Manufacturing under cyber-attack

Cyber incidents were publicly reported at two manufacturing companies over the past few weeks.

This comes as cyber security company Dragos reported it had tracked a 50% increase in ransomware attacks against industrial companies in 2023, with manufacturing accounting for 71% of all ransomware attacks.

Varta batteries was attacked on 12 February 2024, and steel giant ThyssenKrupp suffered a ransomware attack a week later.

Production was halted at all five of Varta’s global production sites. In a notice to the stock market, they said systems were proactively shutdown for security reasons and disconnected from the internet.

Certain applications and systems within the Automotive Body Solutions unit of ThyssenKrupp were also temporarily taken offline, halting production (source: WSJ).

At the time of writing this email, there have been no public reports of service resuming at either company.

Above: Video tour of Varta’s Brasov facility. Operational technology is at the heart of production.

What can be learnt based on available information?

Varta’s proactive response of shutting down systems suggests they could be following a cyber incident response plan.

Total shutdown can help to stop or minimise further spread of any malicious software, like ransomware. It also means that if there is a hacker in the system, any remote access should be cut off.

To not take this action leaves systems vulnerable to further exploit and compromise.

Whilst on-going downtime is undesirable, in the long-run it may be shorter than the time required to restore a completely destroyed system.

A 2019 cyber attack on aluminium maker Norsk Hydro affected all 35,000 employees across 40 countries. Recovery took months, and the financial impact eventually approached US$71 million.

Unprepared for the attack, Norsk Hydro’s operations were forced into manual mode. Manufacturing patterns required for fabrication were dug out of archives, and long since retired plant operators were brought back in to operate machines.

Above: A behind the scenes look into the Norsk Hydro cyber attack (short but compelling viewing)

Planning to respond to a cyber attack

Cyber attacks are disruptive and disorientating events that require all hands on deck.

Leadership by top management provides stability and support to front-line workers so they can do their best work.

Running table-top exercises ahead of an actual event helps reveal deficiencies in processes and systems, refine roles and responsibilities, and bring a level of situational familiarity amongst participants.

Materials to guide table-top exercises are freely available from:

Most if not all exercises can be run by an internal resource. Localisation of some material may be required if using international sources.

Monthly cyber security insights, news and tips direct to your inbox

More information here. You can unsubscribe at any time. See Privacy Policy for further details.