The future of manufacturing is digital – but API security is essential


By Filip Verloy, Technical Evangelist EMEA, Noname Security.

Today’s manufacturing sector is being shaped by large scale economic forces, technological change, the energy crisis, disrupted supply chains and the after-effects of the pandemic. 

While digital, connected, and smart systems are on the rise, manufacturers face significant challenges with skills shortages, increasing demand for sustainable products, the pressing need for automation and aging legacy systems.

Large plants need to be always on; halting production or downtime costs money, and this means manufacturers are often afraid to tamper with legacy. Instead, they work around these systems, often implementing API gateways on the front-end to access systems and data. These are subsequently targeted by hackers. 

The merging of OT and IT systems 

At the same time, digital transformation initiatives have propelled a surge in the convergence of information technology (IT) and operational technology (OT) networks. The drive to improve operational efficiency, performance, quality of service and customisation of products is behind the focus on leveraging elements of IT infrastructures within OT environments. However, the consequence of this is that many OT systems, which were never designed for internet connectivity, are now connected to the network and introducing security threats across both IT and OT.  

A well-publicised example is The Honda ‘Snake’ ransomware attack. Here, ransomware spread from corporate IT to operational technology and led to global business and manufacturing disruption. Cybercriminal activity is increasing across this sector because attackers know that business interruption will be particularly crippling, meaning the victims are more likely to pay. Downtime costs money. 

For example, shutting a major plant is not only massively inconvenient but the cost can run into millions - analyst firm Aberdeen Research states that unplanned downtime can cost as much as $260,000 an hour.  

The future of manufacturing is digital 

However, executives are acutely aware that the future of manufacturing is digital, where digital manufacturing has become essential to solving complex production problems and improving business agility. Digital manufacturing creates continuity between innovative product designs, product customisation and best-in-class performance. Companies that embrace digital manufacturing are seeing greater speed-to-market, reduced risk, increased margins, and enhanced market position. 

Likewise, the industry is also shifting to meet consumer-led demand, with production processes designed to meet customers’ changing requirements. Consumers are increasingly expecting personalised products, faster delivery systems, and sustainable practices. To achieve these manufacturers must work more closely with their ecosystem of partners and suppliers to integrate, access and exchange data. 

Why APIs are revolutionising manufacturing 

Electronic Data Interchange (EDI) and APIs allow manufacturers to exchange data quickly and securely from system to system. APIs provide a standardised way to securely integrate between systems and devices. While EDI has been around for longer and is, therefore, more widespread, APIs are growing in usage and fast becoming the first choice for integration and data transfer.  

APIs are making the digital vision a reality, meaning manufacturers can move away from heavy-lifting manual tasks and automate more. They can adopt newer technologies through APIs, utilising API gateways on top of their legacy systems. Through uniform standards they make it possible to unlock data and to expand application systems relatively easily. APIs can create exciting new experiences for customers and partners and are becoming both the main enabler of new digital manufacturers as well as the link between companies, customers, and their partners.  

The ability to process orders from the app to the manufacturing floor 

Take Nike as an example and look at the way the company enables its trainers to be mass customised. The Nike app works based on APIs to customise orders. Consumers simply order exactly what they want through the app and this in turn goes directly through to the factory floor with the order process communicating with the backend manufacturing system. This again is dragging proprietary systems to integrate with smart devices and be internet connected, however it also opens the floodgates to hackers.  

The ability to integrate a seller’s e-commerce or ERP system within their manufacturing partner’s fulfillment platform closes the loop and makes the seamless delivery of products to customers possible. This means manufacturers are now part of an ecosystem whereby consumers and partners communicate through these API integrations. 

This also means more rapid prototyping and testing as newly customised products and other innovations continue to evolve. Unfortunately, the downside to this is that now manufacturers are witnessing a wave of API-related security incidents resulting from leaky APIs, vulnerable system APIs, and authorisation flaws as manufacturers try to integrate previously isolated systems that lacked interoperability. 

API security incidents are growing 

Indeed, independent research that we have just undertaken with 600 senior security professionals across six different vertical sectors in the UK and USA showed that manufacturing respondents were reporting the highest percentage of API security incidents compared to other vertical sectors. Eight in ten respondents said they had experienced an incident. 

Manufacturers are therefore coming to the realisation that securing their APIs will not only help them protect their most precious assets but will also keep the factory floor operating. Likewise, the ability to stop vulnerabilities before they reach production and shift-left with API security testing is another factor for manufacturers to consider. 

The cost of remediating vulnerabilities is dramatically reduced when they are detected and fixed earlier in the software development lifecycle, helping to maintain the integrity of a manufacturer’s code base. Interestingly, in our research the manufacturing sector was the most likely to admit that it tested less than once per month.  

By not testing in real-time manufacturers are leaving themselves open to vulnerabilities and exploits, which correlates with the high level of API security incidents they are experiencing. 

Industry 4.0 is set to revolutionise manufacturing 

The future for this sector is Industry 4.0, which is set to revolutionise the manufacturing and production industry by integrating IoT, cloud computing, AI, 5G, edge networks and more into the heart of manufacturing production and processes. Investing in these technologies will enable manufacturers to remain competitive. 

That said, when undergoing a digital transformation to Industry 4.0, it is essential that manufacturers consider a cybersecurity approach that encompasses API security. Part of the vision of Industry 4.0 consists of overcoming barriers, such as lack of interoperability and isolated systems, enabling the flow of information and allowing coordinated actions among employees, systems, machines, and external partners, suppliers and customers to happen seamlessly. 

With digital transformation initiatives accelerating in manufacturing, dependency on APIs will only grow, therefore greater focus around API security is needed to set manufacturers on the right path for the next decade. Key considerations include more robust API security practices, such as maintaining accurate API inventories, and better understanding around which APIs return sensitive data. 

More frequent and accurate API security testing is also required, particularly in pre-production environments, to ensure that vulnerabilities don’t creep into the development stage.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter