Manufacturers with no history of cybersecurity prowess are now launching products that connect to the Internet and the cloud. It’s time to define this new category of manufacturing, because it will soon cover a good portion of the industry.
Whether they like it or not, many manufacturers are now in the business of cybersecurity. Increasingly, their products are identified not just by serial numbers but by IP addresses. And as any home computer user knows, anything with an IP address must be secured, lest the cyber-prowlers break in. The world of cloud computing is a scary place, rife with dark alleys and unsavory actors. It’s a new world for most of these manufacturers, and it raises the stakes on their liability.
Sure, some of the nameplate brands in this new world of cloud-connected products have experience with cybersecurity: BlackBerry, Dell, Apple, to name just a few. These companies have the knowledge and infrastructure to support security efforts for connected products, since protection of digital information is in their DNA. (That doesn’t necessarily mean they’re good at it—see articles here and here—it just means they have a head start and need not fund entirely new security operations within their organizations.)
Other manufacturers with no cloud computing experience must now wade through a morass of cybersecurity and product protection concerns. Needless to say, this is not their core competency.
Take Sony. The maker of the popular PlayStation gaming console operates the PlayStation Network, which allows a gamer in Omaha to play Final Fantasy against a fellow gamer in San Diego. Earlier this year, the PlayStation Network suffered a mind-boggling cyber-attack that exposed the personal information of more than 70 million users, including, in some instances, their credit card details. Not two weeks ago, Sony endured another hacking attempt, though this one was more limited in scope.
The company no longer makes innovative, isolated electronics; it makes products that connect to the cloud, and that makes them vulnerable.
Soon enough, many more manufacturers will confront this new world of cybersecurity challenges. Carmakers may be next. Automobiles are more communicative than ever these days, and that chattiness—through Bluetooth transmissions, GPS calls, and services such as OnStar—makes them vulnerable to digital intrusion. Check out Businessweek’s recent article on researchers who successfully hacked a car and gained control of functions such as braking.
Or consider something even more intimate: a medical device that lives in your body—a pacemaker or artificial limb, for instance—and connects to the cloud to report its status and the status of its patient. The Food and Drug Administration recently issued guidelines to such manufacturers to help them secure the devices they sell. On the organization’s FAQ page, one finds the question, “Why is FDA concerned about security of networks?” Its answer:
FDA is concerned about the security of networks because vulnerable OTS software can allow an attacker to get unauthorized access to a network or medical device and reduce the safety and effectiveness of devices that connect to those networks.
This new world of connected-product development demands adjustments by manufacturers. They must develop new competencies in cloud security or partner with trusted parties with the needed expertise. They must create a new sort of disaster-recovery plan that defines effective responses to cyber-attacks and the loss of customer information—and even the potential for customer harm. They must adjust their concept of liability, too. Warranty management must be understood in the context of all possible threats against a connected product and its owner.
This emerging world also demands that we categorize manufacturers in new ways. Discrete and process labels were easy to understand, and “hybrid” captured those companies that combined elements of the two. Now we have what we might call “connected manufacturing.” This combines the traditional skill set of the manufacturer with new competencies born of the cloud.
You may not be a connected manufacturer today, but five years from now you might be. Consider the ramifications now and plan for a future in which you manage product lifecycles further into the field than ever before.