top of page

Cyber Risks on Supply Chain

On 4 March 2019, we advocated that the Government should incentivise SMEs in building and maintaining cyber resilicency as we are of the view that cyber criminals are increasingly targeting the supply chains populated by the SMEs instead of the large organisations as they know that these SMEs placed low priority on building their cyber resilience. The supply chain provides almost 'instantaneous' access for the cyber criminals to 'go into' the larger organisations with lesser difficulties.

Following our article, one of the world’s top aluminium makers Norsk Hydro from Norway was hit with a severe cyber attack that crippled its operations on 18 March 2019. The attack exposed how crucial sophisticated digital systems have become in the centuries-old industry of turning mined rock into metal products. The company was forced to shut down several automated product lines and is keeping its smelters running using manual production processes. While the company said it’s still able continue its deliveries to customers, that could change if the stoppages last a long time.

The critical issue for Hydro hereinafter now is to find specific customer orders and the recipe for how to fulfil them according to their Chief Financial Officer Eivind Kallevik. The CFO also said it will be a big task at all the plants as they either going through cleaning the systems and restoring the backups and in some cases, or go back into the backup systems and pull data more manually.

The Hydro incident show how central technology and automation have become in the metals and mining industry. As part of its push into the European automotive market, Norsk Hydro in 2015 invested in automated ultrasonic testing systems to precisely scan its products for impurities, responding to the exacting needs of customers in the transport sector. Without that automated certification, automakers would be unable to use the parts. 

Aluminium production is dominated by a handful of companies, meaning there’s more risk that supply chains will be disrupted if there’s a production problem. The interconnected nature of supply chains isn’t unique to the metals industry due to manufacturing processes becoming increasingly complex and spread out around the world.

The attack on Norsk Hydro also demonstrate that the more automation you introduce into your systems, the more you need to protect them, a situation applicable and now played out for all to see, for manufacturing plants that are migrating their processes to IR4.0.


bottom of page