• January 19, 2022
CISA Warns Critical Manufacturing Sector that RPA Could Present Cybersecurity Challenges

The U.S. Department of Homeland Security’s cybersecurity agency has issued a warning to U.S. businesses in the Critical Manufacturing Sector alerting them to threats stemming from increased attack surfaces that include RPA.

The DHS’s Cybersecurity & Infrastructure Security Agency (CISA) specifically called out the increased use of RPA in the Critical Manufacturing Sector (producers of control systems that manage industrial processes) as one way cybercriminals are gaining access to companies’ networks to engage in things like ransomware attacks.

CISA notes in its alert that one of the effects of Covid-19 was an increased reliance on RPA, notably in areas where it was not utilized in the past, including in labor-intensive manufacturing environments. In the manufacture of critical control systems, this took the form of automating the process of managing production facilities remotely.

“Industry adoption of RPA helps ensure business continuity during the ongoing pandemic, yet cybersecurity threats identified by CISA complicate RPA uptake,” the agency said in the warning. “Shifts to automation and advancements in remote control, validation, and monitoring may be able to increase productivity. These improvements in productivity and manufacturing resiliency could reduce essential critical infrastructure workforce exposure and increase critical infrastructure and community resilience. The uptake of improvements is determined in part by the perceived costs of transitioning manual systems, which can appear artificially high due to cybersecurity costs. Without developing secure automation, the benefits of RPA on future scenarios may be negated by increased vulnerability to cyber-attacks.”

Read the entire CISA alert here.