12 Jul 2024

Safeguarding legacy equipment: Addressing cybersecurity challenges for manufacturers


In the fast-evolving digital landscape, manufacturers face unique cybersecurity challenges, with IoT devices experiencing an average of 5,200 attacks per month. Add in ageing equipment, and the challenge to maintain operational resilience increases exponentially. Jeremy Whittingham, industry consultant and member of the Advanced Engineering team highlights the vulnerabilities associated with outdated technology and provides manufacturers with insights on mitigating risks.

By understanding the implications and proactive steps that can be taken, manufacturers can protect their critical assets and ensure the integrity of their production processes.

Manufacturers frequently face a significant reliance on legacy systems and aging equipment. This dependency stems from various factors, including limited budgets, compatibility challenges and vendor lock-in. These constraints often hinder the adoption of modern technologies. However, this reliance on outdated equipment puts organisations at risk of cybersecurity vulnerabilities. The need for technological advancements becomes evident, yet many manufacturers continue to operate with ageing infrastructure. This situation leaves them susceptible to potential breaches and cyber threats. Finding a balance between cost-effective solutions and the necessity to upgrade is a critical challenge that manufacturers must navigate to enhance their cybersecurity posture and safeguard their operations against evolving risks.

Legacy equipment frequently relies on outdated operating systems and software that have reached the end of their vendor support. Consequently, manufacturers using such equipment face a significant challenge in terms of security. Without vendor support, critical security updates and patches are no longer provided, leaving the equipment exposed to known vulnerabilities. This creates an attractive target for hackers who actively exploit these weaknesses to gain unauthorised access or disrupt manufacturing processes. The absence of security updates increases the risk of successful cyberattacks, potentially resulting in data breaches, production disruptions, or even physical harm to workers.

However, the limitations of ageing equipment extend beyond the lack of vendor support. Another challenge arises from their limited processing power, which can impede the implementation of modern security measures. Advanced encryption algorithms, robust threat detection systems and other sophisticated security technologies often demand substantial computing resources that older equipment may struggle to provide — hampering the ability to fortify systems against evolving cyber threats. Furthermore, older hardware may lack built-in security features that are now commonplace in newer devices. These features, such as secure boot mechanisms or hardware-level firewalls, provide an added layer of protection against unauthorised access and data theft.

Manufacturers can address cybersecurity challenges related to aging equipment by conducting regular risk assessments and maintaining an updated inventory. These assessments help identify vulnerabilities and prioritise necessary upgrades or replacements based on criticality. By understanding the security risks associated with specific systems and equipment, manufacturers can allocate resources effectively and focus on addressing the most critical areas.

Developing a well-defined plan for phasing out legacy systems and upgrading to modern technology is also crucial. Businesses need to consider the cost-benefit analysis of investing in newer equipment versus the potential risks and impact of a security breach on production processes — especially when the average cost of data breaches in the industrial sector was £3.5 million in 2022. By strategically prioritising upgrades, manufacturers can minimise disruption while gradually enhancing their cybersecurity posture.

Strengthening the overall cybersecurity approach involves implementing robust security measures. Regular patch management is essential to ensure that ageing equipment receives necessary updates. Strong access controls, including strong passwords and multi-factor authentication help protect against unauthorised access. Encryption can be applied to sensitive data and communications, adding an additional layer of protection and network segmentation helps to isolate critical systems, limiting the potential damage of a breach. Manufacturers should also explore modern security solutions specifically designed to protect legacy systems if available, further enhancing their cybersecurity defences.

Educating employees about the risks associated with ageing equipment and promoting adherence to security protocols is crucial. Training and awareness programs should emphasise the importance of cybersecurity practices, such as recognising phishing attempts, reporting suspicious activities and regularly updating passwords. By fostering a culture of cybersecurity awareness throughout the organisation, manufacturers can empower employees to remain vigilant against potential threats and actively contribute to maintaining a secure environment.

By taking these proactive steps, manufacturers can protect their critical assets, maintain operational resilience and ensure the integrity of their production processes. Embracing technological advancements while addressing the challenges of aging equipment will enable manufacturers to navigate the evolving cybersecurity landscape and safeguard their operations against potential breaches and cyber threats.

Advanced Engineering took place at the NEC, Birmingham between November 1-2.