The warehouse is integral to the manufacturing supply chain. As such, with cybersecurity threats on the rise, there’s an urgent need to adopt best practices that will ensure the warehouse doesn’t become the weakest link in the supply chain.
As more automation makes its way into the warehouse and more assets are integrated, there is a pressing need to safeguard the digital and physical infrastructure. This is especially urgent since cybercriminals are crafty and could use an opening in a warehouse as a backdoor into a partner’s network.
For example, in February 2023, Applied Materials, a semiconductor technology supplier, was reportedly the victim of a cybersecurity incident that originated from a ransomware attack on one of its suppliers. That incident cost Applied Materials $250 million in its second quarter that year.
New cybersecurity threats emerge
No warehouse or fulfillment center wants to be a catalyst for cyber catastrophe. Yet, staying safe is not easy, as bad actors are finding new ways to infiltrate organizations.
McKinsey has identified three cybersecurity trends that represent the biggest threat now and in the future:
- On-demand access to ubiquitous data and information platforms. Recent shifts toward mobile platforms and remote work require high-speed access to ubiquitous, large data sets. This dependency exacerbates the likelihood of a breach. And since organizations collect more data about their customers, such a breach could be costly.
- Hackers use artificial intelligence to launch sophisticated attacks. Attackers using advanced tools such as AI, automation, and machine learning will cut the end-to-end life cycle of an attack from weeks to days or even hours.
- The growing regulatory landscape and continued gaps in resources, knowledge, and talent. Many organizations don’t have enough cybersecurity expertise. The shortfall is growing as regulators increase their monitoring of cybersecurity in corporations.
With these trends in mind, it’s important to understand how to mitigate risks, and that starts with implementing best practices.
To get a better understanding of the actions needed to protect the automated warehouse. Locus Robotics, which received the 2024 Fortress Cybersecurity Award in the Compliance category by the Business Intelligence Group in June, outlined some strategies.
The maker of autonomous mobile robots (AMR) for fulfillment specified three priorities: understanding the threats, capturing the data, and training the workforce.
Bad actors vs. bad decisions
Cybercrime is growing and is descending upon unsuspecting businesses from all directions. There are nation-state adversaries that pose a national security risk in the form of advanced persistent threat activity (APT), aimed at targeted and prolonged network intrusion.
Then there are malware, phishing, and ransomware, which are the most common forms of attacks on business. As seen in the Applied Materials example this can be costly in both fortune and reputation.
And then there are the employees that make mistakes – such as plugging a virus-infected USB drive into a system. Or simply taking a call from the wrong person.
The data breach at MGM Resorts in September 2023 that shut down electronic payments and casino machines was initiated by a hacker group impersonating the IT staff, gaining access to systems via a call to an employee.
Fouad Khalil, senior director for enterprise security, risk, and compliance at Locus Robotics, is a member of a group called InfraGard, a national non-profit organization that has formed a partnership between the Federal Bureau of Investigation and the private sector to educate and share information on security threats and risks.
As an InfraGard member, Khalil has access to timely insight on threats to critical infrastructure, providing the knowledge and resources to protect Locus Robotics and its customers.
However, other threats are already penetrating the plant and warehouse. “Artificial intelligence, I think, is a big security risk,” Khalil said.
The cybersecurity risks associated with generative AI (GenAI) in warehouses can be broadly categorized into data breaches, system vulnerabilities, and compliance challenges.
While GenAI may boost productivity and enhance decision-making, its integration into robotics and other systems exposes new potential attack vectors for cybercriminals.
“The data that powers GenAI — often sensitive and proprietary — can become a target,” said Khalil. “Moreover, the interconnected nature of modern warehouses means a breach in one area can have cascading effects throughout the entire operation.”
To that end, the cybersecurity risks associated with this technology should be considered and steps taken to mitigate risk.
Follow the data to cybersecurity
While GenAI uses data, robots generate it. To secure that data throughout the warehouse, it must be tracked.
“When you follow the data, you understand where it is stored, how is it transmitted, how it is processed, and you have sufficient controls over those data elements to make sure that it’s protected,” said Khalil. “And if it’s not protected, then [you have to figure out] what action you can take to mitigate the risk.”
One way to mitigate the risk is to create a barrier, which is what Locus Robotics does with its secure tunnel of encrypted data used to share information. But there are constant infrastructure changes in a warehouse that can impact the environment.
Adding a network node or allowing an OEM access into the network, for example, could open the door to unauthorized network access. “It sounds simple, but it’s a lot of complexity that comes into play,” Khalil said.
While Locus Robotics does build AMRs, they are just one piece of the solution. According to the Wilmington, Mass.-based company, the navigation software is designed with sophisticated security for customers’ proprietary data.
“It’s a one-stop shop ‘black box’ secure solution that gets deployed to a warehouse that offers the cloud reporting, the on-premises reporting, the robotics, services, operational efficiencies, connectivity for the network, and everything else that comes into play to make it effective and more productive,” Khalil explained.
“That black box approach is what we deliver, and security comes through that entire lifecycle from start to end,” he told Automated Warehouse.
Security awareness is everyone’s responsibility
Khalil emphasized that security is everyone’s responsibility – from the robot provider to the management team to the engineers and the operators in the warehouse. With all these different people in the mix, education is imperative.
“The first challenge that you find in our industry is awareness and acceptance that there is a risk,” he said, noting the shared responsibility model is important to understand. “Every time we deploy our solution to a warehouse, we are accepting the risks that they’re experiencing.”
Shared responsibility should be reflected throughout the ranks of an organization, as well. Security awareness training is a critical part of keeping the warehouse safe from cyber threats.
“Especially given the fact that employees are your front line of defense, and they must be always kept up to date on all things security,” Khalil said.
And it’s not just about training your employees to be cybersecurity-aware but training everyone in the partner ecosystem, said Locus Robotics. To ensure a safe environment in the warehouse and beyond, cybersecurity best practices should be embraced across the entire supply chain.