Day Pitney remains committed to providing quality legal counsel, while protecting our clients and employees, and transforming our communities into more just, equal and equitable spaces. For more information, please visit our COVID-19 Resource Center | Racial Justice and Equity Task Force.
The Industrial Internet of Things (IIoT) hits center stage again for cybersecurity awareness and protection efforts with many associated legal issues to consider.
Earlier this week, InfraGard[1] distributed a broadcast message titled "Anticipatory Awareness Message: Cyber Security for Smart Manufacturing."[2]
This notification is based on anticipatory analysis of emerging technology vulnerabilities and historical cyber intrusion activities. It is intended for companies and organizations that are using smart manufacturing technologies in their production or research efforts.
The FBI and the National Center for Manufacturing Sciences (NCMS) assess that smart manufacturing technologies and equipment likely are vulnerable to malicious compromise by a variety of cyber intrusion techniques. Such intrusions have the potential to target proprietary design, business, and other manufacturing process information. We have medium confidence in our assessment based on the increasing connectivity of web-based process automation, data analytics, and connected industrial control systems (ICS) involved in modern manufacturing.
Smart manufacturing is often referred to as Industry 4.0 or the Industrial Internet of Things (IIoT) and broadly refers to Web-enabled or networked cyber-physical manufacturing technologies. The integration of network connectivity into manufacturing technologies significantly increases the attack surface for malicious cyber actors, and creates a number of points for penetration or pivoting into other critical network segments.
Production equipment or other advanced technologies associated with smart manufacturing may not necessarily be designed with cyber security in mind. Further, integration of legacy manufacturing equipment into a networked environment may create additional cyber vulnerabilities. As such, security of information technologies (IT) and operational technologies (OT) should be considered in parallel when integrated in a manufacturing setting.
Given the sensitive, proprietary design and process information contained in design and manufacturing process data files, the FBI and NCMS recommend equipment operators and system administrators apply rigorous cyber security practices when incorporating the technologies into their production facilities or hosting the technologies on their networks. Information that transits a manufacturing network should be considered as sensitive as other business-critical information, and should be protected as such.
This assessment follows a highly publicized report in June regarding similar and specific risks involving the electric grid, related to malicious software called "CRASHOVERRIDE."[3]
Companies with strong compliance programs are well-suited for addressing the ever-increasing risks associated with the IIoT. While the IIoT permits industrial, manufacturing and energy companies to realize significant benefits in efficiency and capability, as the two material warnings illustrate, the IIoT also creates new risks that need to be considered. The following assessments may help in defining the risk to your company and identifying appropriate mitigation strategies:
Day Pitney's Cybersecurity practice group has established a working group focused on the IIoT. While this InfraGard and the earlier CRASHOVERRIDE warnings have been of primary interest to technical experts, such as chief information officers and chief information security officers (CISOs), they clearly warrant the attention of in-house counsel as well. While working to stay current on the constantly escalating risks and exposures, Day Pitney's Cybersecurity/IIoT working group has focused particularly on the legal issues implicated by the rapid expansion and significance of the IIoT for our clients. We will continue to provide reports, such as this, regarding the IIoT as appropriate and would be pleased to meet and discuss these issues with you.
[1] InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of critical infrastructure. Day Pitney attorneys participate in InfraGard. More about InfraGard can be found here.
[2] A summary report has been distributed without dissemination restriction.
[3] See Day Pitney Client Alert, CRASHOVERRIDE, The Latest Malware Menacing the Electric Grid; see also US-CERT Alert TA17-163A, June 12, 2017
Day Pitney Cybersecurity and Data Protection Partner William Roberts authored an op-ed for the Connecticut Post titled, "CT's New Data Privacy Law – Need To Get Ready Now."
Day Pitney hosted its annual invitation-only Palm Beach Family Office Forum at the PGA National Resort and Spa.
Day Pitney Alert
Day Pitney Cybersecurity and Data Protection Partner William Roberts was featured in the Hartford Business Journal article, "New Data Privacy Law Will Mean Big Changes For Some CT Businesses."
The arrival of Cybersecurity and Data Protection Partner William J. Roberts was featured in Hartford Business Journal.
Day Pitney Partners William J. Roberts and Christopher F. Droney were both selected as recipients of the Distinguished Leaders Award in the 2022 Connecticut Legal Awards, sponsored by the Connecticut Law Tribune.
The arrival of William J. Roberts was featured in The Valley Press.
Cybersecurity and Data Protection practice chair and Counsel Steven A. Cash was quoted in Above The Law's whitepaper, "The Mega Metaverse Round-Up For Lawyers."
This website may use cookies, pixel tags and other passive tracking technologies, including Google Analytics, to improve functionality and performance. For more information, see our Privacy Policy. By using our website, you are consenting to our use of these tracking technologies. You can alter the configuration of your browser to refuse to accept cookies, but if you do so, it is possible that some areas of web sites that use cookies will not function properly when you view them. To learn more about how to delete and manage cookies, refer to the support instructions for each browser (e.g., see AllAboutCookies.org). You may locate Google Analytics' currently available opt-outs for the web here.
This website may use cookies, pixel tags and other passive tracking technologies, including Google Analytics, to improve functionality and performance. For more information, see our Privacy Policy. By using our website, you are consenting to our use of these tracking technologies. You can alter the configuration of your browser to refuse to accept cookies, but if you do so, it is possible that some areas of web sites that use cookies will not function properly when you view them. To learn more about how to delete and manage cookies, refer to the support instructions for each browser (e.g., see AllAboutCookies.org). You may locate Google Analytics' currently available opt-outs for the web here.