So That Happened: OT Cybersecurity Threats Abound

Feb. 28, 2024
IndustryWeek editors look into that story, a refurbished Baldrige Award, PPG beautification projects and a future for the Badger EV pickup.

Editor’s note: Welcome to So That Happened, our editors’ takes on things going on in the manufacturing world that deserve some extra attention. This will appear regularly in the Member’s Only section of the site.

A Reinvigorated Approach to the Malcolm Baldrige Award

You may be familiar with the Malcolm Baldrige National Quality Award. Launched in 1988, it was established by the U.S. Congress to identify and recognize national role model businesses in the United States, and to improve U.S. competitiveness by sharing best practices from those role model organizations. The program showcases performance excellence, in short.

Of course, a core concept to any operational excellence effort is continual improvement, and the Baldrige Program itself is no exception. The award program has been refreshed for 2024 to increase its impact “by attracting more high-performing organizations, particularly manufacturers, into the Baldrige process and onto the national stage,” according to Robert Fangmeyer, director of the Baldrige Performance Excellence Program.

What does that mean in practice? The reimagined Baldrige Program retains the award’s rigor but reduces the burden on applicants.

Specifically, the program has streamlined everything from the award criteria and award application to the evaluation process. Information is requested in these areas: leadership and governance, strategy, operations, operational continuity, workforce, customers and markets, community engagement and finance.

In addition to a streamlined process, the program has increased recognition opportunities by announcing not only the Baldrige Award recipients, but also the finalists. Additionally, those finalist organizations will be “eligible for special recognition for having significant impact in an area of importance to their organizations, their key stakeholders, and/or the nation.” An example of a special recognition could be for reshoring high-quality jobs, according to the Baldrige Program website.

All that said, there are deadlines approaching. March 12 is the deadline to complete the eligibility portion of the application process, and the award application deadline is April 2.

—Jill Jusko

PPG Protects and Beautifies

PPG and the PPG Foundation invested over $17.5 million across more than 450 community partners in 2023. This funding, an increase of $1.3 million over 2022, was across nearly 40 countries worldwide.

“With new commitments in environmental sustainability education and workforce development, our priorities and giving centered around creating brighter communities for the future,” says Malesia Dunn, executive director, PPG Foundation and corporate global social responsibility.

$10.3 million was used to advance STEM initiatives in education. Other funding commitments throughout last year included sustainability, DE&I and disaster and humanitarian relief.

“In 2023, our purpose to ‘protect and beautify the world’ came to life across all areas of PPG’s community engagement investments,” says Dunn.

—Anna Smith

Two Big Annual Cybersecurity Reports Bring Usual Doses of Happiness

Cybersecurity firm Dragos published its annual OT Cybersecurity report, highlighting 905 reported ransomware attacks, a 49.5% increase since 2022. Fifty different ransomware groups carried out these attacks with LockBit the most-used ransomware variant (and since taken down by an international cybersecurity operation).

Of the 905 attacks, 638 were launched against manufacturing targets, with another 115 launched against the industrial control systems sector that develops OT equipment and applications.

According to the Dragos report, 80% of manufacturers’ cybersecurity vulnerabilities reside deep within their industrial control systems (ICS), meaning cybercriminals have to penetrate several layers of infrastructure before finding the vulnerabilities. The more access is restricted at all of those levels above the ICS network, the higher the chances of preventing a data breach.

Dragos warns manufacturers to pay particular attention to cellular gateway devices connected directly to OT where wired connects aren’t practical. These devices are tempting points of network access for cybercriminals, especially when attached directly to distributed control systems (DCS) and PLC process control networks (PCN). According to the report asset inventory and visibility (knowing precisely how many devices exist on an IT system) helps mitigate the threat.

The report recognizes the effect of the new SEC cybersecurity risk management rules on business preparedness levels, switching from mitigating damage from attacks to preventing them in the first place. One might argue it’s about time but let’s just be thankful more companies are getting on board with basic cybersecurity hygiene.

IBM also released its annual X-Force Threat Intelligence Index, highlighting a 71% increase in cybercriminals exploiting legitimate credentials (i.e. stealing usernames and passwords) to access and compromise corporate networks. It’s easier to log into someone’s network than to break into the network.

Translation: Teach your employees about phishing. Humans are the weak link in cybersecurity. Although, to be fair, the report cites a 266% increase in malware that steals login credentials so it’s not all on the humans that cybercriminals get their usernames and passwords.

The X-Force report suggests that no one really needs to worry about AI’s effect on cybercrime until AI deployment standardizes. That’s when it’ll be worth cybercriminals’ time to develop AI attack tools, so that they get the most bang for their buck.

Cybercriminals stole and leaked data after breaking into victim’s networks in 32% of cases, up from 19% last year. Credential harvesting rose to 23%, up from 11% last year.

This report also highlights how manufacturing for the third year in a row was the most commonly attacked industry, sitting at 25.7% of attacks in 2023, with finance and insurance coming in second at 18.2%. North American industry was only the third-most targeted region in the world at 12%, however, preceded by Europe at 26% and Asia-Pacific at a whopping 54%.

—Dennis Scimeca

On YouTube, Nikola’s Abandoned Badger Shows Signs of Life

In February 2020, Nikola Corp. unveiled the Nikola Badger, an electric pick-up truck collaboration with General Motors Corp., which planned to invest $2 billion in Nikola to help make it a reality. But soon after landing 6,000 truck reservations, the infamous report about Nikola’s false claims was released—you know, the one about the prototype truck rolling down a hill—and led to a government investigation and the eventual arrest and conviction of Nikola founder Trevor Milton.

The Badger program was subsequently canceled, as was GM’s money, marking the end of that project. Or so everyone thought.

Earlier this month, YouTuber and vehicle builder Dave “Heavy D” Sparks of the Diesel Brothers announced in a video that he had purchased, via his company Embr Motors, the intellectual property rights to the Badger (along with some scrapped off-road and watercraft vehicle plans) as well as the only two existing prototypes.

The announcement from Sparks—who calls Milton a “longtime friend”—led to so much confusion that Britton Worthen, Nikola’s chief legal officer, had to address the topic on the company’s recent Q4 earnings call.

He explained that Milton had originally hired the Diesel Brothers to promote the Badger. After plans were abandoned, Sparks and his business partner Cole Cannon still wanted to bring the Badger to life but lacked the funds to do so. So “a deal was struck” where Nikola loaned Embr money in exchange for 30% stake in the company.

“[The deal] allowed Nikola to retain some value for its shareholders if the assets were ever developed into anything worthwhile and allowed Nikola to claw back 500,000 shares that were given by Mr. Milton to Mr. Sparks as part of Mr. Milton's departure from the company,” Worthen said.

—Jennifer Ramsay

Popular Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!