Cybersecurity and manufacturing highlighted at conference

What if a cyber attack targeted your manufacturing business, potentially compromising intellectual property or even affecting your machinery and impacting production? A recent conference on cybersecurity in manufacturing addressed these contemporary challenges facing manufacturers.

The Make IT Secure conference was hosted by Ryerson University's new Cybersecure Catalyst and the Canadian Centre for Cyber Security and presented by the City of Brampton, drawing a large crowd to Brampton on April 25. It offered the more than 200 attendees an opportunity to hear from industry professionals, public sector experts and researchers about the cybersecurity threats that face the Canadian manufacturing industry, as well as approaches to mitigating them, including a keynote address and a Q-and-A session with Adam Hatfield, director of partnerships at the Canadian Centre for Cyber Security.

Elected officials who opened the event helped highlight the importance of the manufacturing industry to Brampton and Canada, and the importance of cybersecurity to the industry. The morning session began with remarks from Brampton Mayor Patrick Brown, Brampton MP Sonia Sidhu and Brampton MPP Prabmeet Singh Sarkaria. The afternoon also featured Brampton MP Ruby Sahota and MP Karen McCrimmon, the parliamentary secretary to the federal Minister of Public Safety and Emergency Preparedness.

Introducing the first keynote speaker of the day, Charles Finlay, the executive director of the Cybersecure Catalyst, said part of the purpose of the conference was to help turn up the volume about cyber threats to manufacturing in Canada.

"Cybersecurity in manufacturing is a topic that deserves immediate attention. The threats are real, and they need to be understood, and they need to be addressed," he said.

The Cybersecure Catalyst is based in Brampton and will help Canadians and Canadian businesses address the opportunities and challenges in the cybersecurity industry. It will also offer public education, training and certification, and serve as a commercial accelerator for those pursuing applied research and development.

"The Catalyst is driven by a strong industry-facing orientation. It will enable scaling, positioning Canada as a leader in cybersecurity and securing economic development," said Steven N. Liss, Ryerson's vice-president, research and innovation. "The Catalyst will be a national platform, where the private sector, governments and the academy will come together to collaborate and innovate in cybersecurity."

The ongoing transition of the manufacturing industry to a more digital world – and the risks that involves in terms of cyber security vulnerabilities – was noted by the day's first keynote speaker, Joris Myny, senior vice-president, digital factory and process industries and drives, Siemens Canada. He said the manufacturing industry is vulnerable because of factors such as machinery being kept for decades and patchworks of multi-vendor systems.

"Cybersecurity is not a static thing. Threats are continuously changing," he said.

The ongoing evolution of that threat was highlighted by the participants on the day's first panel. Panelists discussed what cybersecurity threats Canadian manufacturers need to know about, observing in particular the changing nature and growing sophistication of ransomware and malware as a threat. They agreed about the need to educate a company's workforce, as humans are often the weak link in cybersecurity, with Ryerson professor Atefeh (Atty) Mashatan observing that it only takes one "malicious insider" to steal data or cause a disruption.

Professor Mashatan along with Moshe Toledano, the chief information security officer for Bombardier, suggested manufacturers prioritize their assets and areas of risk.

"Protection and prevention is very expensive and almost impossible," said Moshe Toledano.

How manufacturers can manage and mitigate the kinds cybersecurity threats identified by the first round of speakers was the topic of the second panel discussion of the day. Panelists urged manufacturers to assess their vulnerabilities, including third-party suppliers, and to develop policies and processes. Like the previous panel, the speakers emphasized that pure prevention is next to impossible – what's important is having a response and recovery plan.

"You are never going to protect everything," said Wendy Young, the director of operations for technology, data and security at Next Generation Manufacturing Canada. "I'm not saying don't be secure, I'm saying you will never be 100 per cent. To me this is the important piece, is knowing how you're going to respond and continue the business when something hits and try to reduce the risk."

The final speaker of the day, Adam Hatfield, director, partnerships, Canadian Centre for Cyber Security, delivered a keynote address that outlined both the positive and risky aspects of a "world gone digital," as well as the resources available through the centre. He concluded by urging collaboration.

Cybersecurity is not a "problem to be fixed" or a one-time job, he said. "It is a strategic enabler of your business," he said, adding that manufacturers looking to transition to Industry 4.0 need to be good at cybersecurity, as cyber attacks on businesses are a near certainty.

"It is not a question of if you are going to be hit by something, it's not even a question of when, if you're a business. It's a question of how often and if you're going to notice when it happens," he said.

Please visit their website for more information about Ryerson's Cybersecure Catalyst.

Guest panelists:

Panel: What Cybersecurity Threats Do Canadian Manufacturers Need to Know About?

• Angela Anand – RCMP, Criminal Intelligence, Cybercrime
• Dr. Michelle Chrétien – Director, Centre for Advanced Manufacturing and Design Technologies, Sheridan College
• Professor Atefeh (Atty) Mashatan – Director, Ryerson University's Cybersecurity Research Lab
• Moshe Toledano – Chief Information Security Officer, Bombardier

Panel: How Can Canadian Manufacturers Manage Cybersecurity Threats?

• Simon Conant – Principal Researcher, Unit 42, Palo Alto Networks
• Ira Goldstein – Senior Vice President, Herjavec Group
• Adam Schieman – Director, Security Solutions, BlackBerry
• Wendy Young – Director of Operations for Technology, Data and Security, Next Generation Manufacturing Canada (NGen)