W hen I think about cybersecurity, I often think about September 11, 2001. .
One of the most significant findings of the 9/11 Commission Report was that, in the period leading up to the attack, the U.S. suffered from a lack of imagination – government officials, the media, the society at large simply could not imagine, despite a host of prior incidents at home and abroad, that such a well-coordinated, multi-pronged attack could be planned and carried out on such a scale by a small group of people from a developing country.
Are we in a similar situation today with cybersecurity? Awareness of cybersecurity risk certainly seems much higher than what existed on the terrorism front prior to 9/11. The Russian attack in the 2016 election; high-profile security breaches at Facebook, retail stores, and financial institutions; and attacks on companies that can number in the thousands per day would seem to have heightened sensitivity to an unprecedented degree.
Yet, I worry that the volume of hacks, breaches, and attacks may be having a numbing effect. The MLC’s new survey on cybersecurity in manufacturing, results of which follow this article, has a potentially disturbing finding. When asked whether the cyber issue could become a major obstacle to their M4.0 progress over the next 5 years, 51% of survey respondents said that cyber is now just part of doing business. Thirty-four percent said they are concerned but only 11% saw cyber as a major threat.
As an industry, we can’t allow ourselves to think about cybersecurity as just another business issue. The consequences of a massive cyber attack on industry, should one occur on the scale of 9/11, would be devastating not only to the manufacturing industry, but to society as a whole. We must take steps to ensure that we do not become lulled into a false sense of security and that we are prepared for a cyber future that most expect will become more dangerous than it is today.
And I think it all begins with imagination. As hard as it may be, we must imagine worst-case scenarios and prepare to deal with them. Companies need more comprehensive and holistic plans for defense. We need better technology tools. And we must raise cybersecurity to a pre-eminent status level in our companies, just like we do with physical safety, and keep it there.
Cybersecurity is a war. It’s time to get on a war-footing about it.