Waking Up to Cyber Threats
If the Sony attack does not wake American manufacturers to the dangerous world of cyber threats that we live in, then nothing will. As many observers have already noted, the story, as we now understand it, is stranger than the victimized movie itself—which imagined the CIA hiring two hapless journalists to assassinate the North Korean leader. In real life, we are apparently being confronted by a North Korean–sponsored cyber breach that, in conjunction with a physical threat, actually shut down the premiere of an American movie. While there are other avenues to release the film, the direct and immediate losses are likely staggering and the alarm bells now going off in the film industry are adding greatly to the real costs of this event.
If U.S. manufacturers are not paying attention, they should be. There are a number of crucial lessons. First, awareness of the global cyber threat should, by now, be front and center in corporate board rooms. Cybersecurity crimes do not respect borders and are not stopped by distance. Secondly, this current instance is particularly dangerous in that it will likely empower bad actors to try similar bold feats. Hackers managed to shut down a movie premiere this time. Next time, they may try to suspend operations at a large factory—with potentially huge supply chain implications.
I’m not suggesting that U.S.-based goods producers panic or overreact. But with each passing day it becomes necessary for them to focus on education and resources. One positive aspect of the otherwise highly disturbing Sony story is the excellent performance of the Federal Bureau of Investigation (FBI), which did an impressive job of putting the pieces together. For both intelligence and protection, a relationship with the FBI is crucial for all manufacturers. All FBI field offices appear to have agents who have knowledge and skills in cybersecurity crimes. Manufacturing executives should get to know who they are and form relationships.
But even more is needed. As intellectual property occupies an increasingly large share of the output of U.S. manufacturers and as information becomes a more central driver of global supply chains, the stakes for protection of corporate computer and operating systems become astronomical for the factory sector. Manufacturers need to use valuable experts such as those at the Mitre Corporation. MAPI has brought such talent into our annual cybersecurity forum. We are expanding our efforts in this area with the upcoming inaugural meeting of our Corporate Security Forum.
Every manufacturing company is a potential target. No one should assume that their corporate resources are safe. Today it’s a movie. Tomorrow it could be an assembly line, a factory, or an entire supply chain.