Cybersecurity for smart factories

Next-gen hotel guests have checked in | The changing guest experience

Contents

Introduction 4
Growing cyber threats can be a menace in manufacturing environments 6
Behind the numbers: A proliferation of threats 7
The root cause: IT and OT are out of sync 8
Decoding cyber risk through smart factory use cases 10
Next steps: Where to start building cyber resilience in the smart factory 13

2
 Cybersecurity for smart factories

It is 2025. ManCoInc,1 an industrial

manufacturer, operates through 20 connected
and smart manufacturing facilities around the
globe. The company is also connected digitally
to its suppliers and customers. One day, a key
supplier suffers a cyberattack. The malicious
code enters the supplier’s system of record,
causing production to shut down temporarily.
The code then attempts to propagate to all
partners that are connected to that supplier.
ManCoInc, however, has a mature cybersecurity
program in place that is able to detect, isolate,
and block the code from infecting its network.
Which outcome would you prefer: that of the
supplier, or that of ManCoInc?

Supplier ManCoInc

3
Cybersecurity for smart factories

Introduction
The newest chapter in industrial Deloitte and the Manufacturers Alliance for Productivity and
Innovation (MAPI) have been formally studying cybersecurity and
development, commonly known as the associated risks since 2016. Our joint studies have found that while
Fourth Industrial Revolution, heralds an awareness of the potential cyber threats related to smart factory
initiatives are growing, many manufacturers have had difficulties
era of tremendous potential for innovation advancing their cyber risk management capabilities. The 2016
and growth. It also brings with it new risks Cyber Risk in Advanced Manufacturing Study identified that one
in two manufacturers surveyed were only “somewhat confident”
and challenges. Nowhere might this be with their preparedness to address cyber threats.2 In the 2019
more apparent than in the manufacturing Deloitte and MAPI Smart Factory Study, we found that one in
four manufacturers surveyed have not performed a cyber risk
cyber landscape. The rise of digital assessment in the past year, which means these manufacturers
technologies and global interconnectivity likely do not have visibility to the impact a cyberattack could have on
their organization’s operations.3
marks a new level of complexity. Cyber
is no longer limited to certain aspects of The 2019 Deloitte and MAPI Smart Factory Study revealed a number
of risks relative to smart factory initiatives, spanning enterprise
operations or certain people; rather, it is categories from operational to financial and strategic to compliance
everywhere, likely in places manufacturing (figure 1) 4. Forty-eight percent of manufacturers surveyed identified
operational risks, which include cybersecurity, as the greatest danger
leaders haven’t considered. Every to smart factory initiatives. With the interconnectedness of smart
employee, every partner, every electronic factory technologies, cyber threats are among the most prevalent,
as smart factory environments expose people, technology, physical
device, piece of machinery, or finished processes, and intellectual property to these risks.
product brings with it the potential for
Complicating adoption of smart factory technologies is the reality
cyber risk. And many manufacturers could that management of information technology (IT) is often out
be underprepared for its potential impact. of sync with operational technology (OT) management, which
can further expose companies to cyberattacks resulting from
unknown or underappreciated vulnerabilities.5 The adversaries
often execute attacks through the use of malware, and the results
can be devastating: Several recent notable attacks have affected
manufacturing operations and cost companies $150 million or more.
In one case, the attack even affected safety systems, increasing the
risk of harm to humans.

4
 Cybersecurity for smart factories

Figure 1. The primary risks related to smart factory initiatives

Operational risks 48%

Strategic risks 20%

Financial risks 18%

Compliance risks 14%

Source: 2019 Deloitte and MAPI Smart Factory Study

The current risk landscape seems to raise some

key questions:

•• To what extent are cyber threats affecting manufacturers today?

•• What type and level of risks exist in present-day factories?

•• How do manufacturers address today’s cybersecurity risks? And

how will they address new risks?

•• How do manufacturers build cybersecurity controls into their

smart factory initiatives?

This report addresses the above questions and presents a closer

look at the risk profiles of six of the most active smart factory use
cases the 2019 Deloitte and MAPI Smart Factory Study identified.
Armed with this information, manufacturers can make informed
decisions to better manage cyber risk as part of a broader strategy
to manage operational risk.

5
Cybersecurity for smart factories

Growing cyber threats can be a menace

in manufacturing environments
Cyber threats: By the numbers

The 2019 Deloitte and MAPI Smart Factory Study identified that However, industry-wide cyber-related incident data suggests this
more than 8 in 10 manufacturers surveyed have at least some may be overstated (figure 2).
capabilities to detect and respond to cyber threats.6

Figure 2. Cyber-related manufacturing incidents

4 in 10
manufacturers
$330,000
surveyed indicated that their
operations were affected by a cyber
incident in the past 12 months average financial impact
Manufacturing from an IoT-focused
industry consistently cyber incident
featured among
the most frequently
targeted industries
Average financial
impact from a data
breach in 2018
Between 2017 and 2018, cyber
incidents increased by: $7.5M
3.5x Ransomware
2.5x Spoofing
0.7x Spear-phishing

Major cyber
risks
87%
Unauthorized
86%
Operational
85%
Intellectual
access disruption property theft

Source: Multiple news articles and press releases 7,8,9,10,11,12,13,14

6
 Cybersecurity for smart factories

Behind the numbers: A proliferation

of threats
Many manufacturing companies are seeing an increase in cyber- While the advantages of connectivity include increased levels of
related incidents associated with the control systems used to productivity, faster identification and remediation of quality defects,
manage industrial operations. These systems can range from and better collaboration across functional areas, they can also
programmable logic controllers and distributed control systems to multiply the potential vulnerabilities of the smart factory. In fact,
embedded systems; special-purpose systems; industrial IoT devices; the Cybersecurity and Infrastructure Security Agency lists 1,200+
those systems that manage quality; health, and safety; and even the known OT system–related security issues, vulnerabilities, and
building or facility management systems. Collectively, these control exploits from more than 300 OEMs and system providers.15 These
systems make up the operational technologies that allow facilities cyber issues can interrupt operations or compromise safety. The
to operate. methods include denial-of-service attacks or adversaries using
administrative privileges to execute new code. In short, the threat
Today, these OT systems are being integrated with advanced landscape for the systems that control operations of a production
technologies such as sensors and aggregation platforms. These facility has proliferated rapidly with the increase in digitization and
systems now have the ability to remotely track and control advanced technologies. The 2019 Deloitte and MAPI Smart Factory
production in real time, plan resources, and diagnose and minimize Study identified that manufacturers seem most concerned with
production errors. The number and variety of employees that have risks related to unauthorized access, intellectual property theft, and
access to these connected OT systems has expanded beyond the operational disruption (figure 3).
shop floor to include vendors, suppliers, and business users, who
are often spread across factories and geographies.

Figure 3. Cyber risks in the OT environment

Unauthorized access 54% 33% 9% 4%

Intellectual property theft 50% 35% 10% 3%

Operational disruption 49% 37% 9% 4%

Safety/safety system compromised 38% 35% 18% 8%

Product quality compromised 35% 38% 18% 7%

Insider threat 31% 43% 17% 8%

Collateral damage 24% 47% 20% 8%

State-sponsored terrorism 23% 25% 26% 19% 7%

Strongly agree Agree somewhat Neither agree or disagree Disagree somewhat Strongly disagree

N=209
(Q19-Q32) What risk(s) are you concerned about in your OT environment? For the following potential risks, rate from a scale of 1 to 5,
with 1= “strongly disagree that we are concerned” to 5 = “strongly agree that we are concerned”

Source: 2019 Deloitte and MAPI Smart Factory Study

7
Cybersecurity for smart factories

The root cause: IT and OT are out of sync

To gain operational efficiency and assure better customer service, IT and security departments. This can lead to a myriad of different
many manufacturing companies are looking to converge IT and technologies, often with different security control capabilities, that
OT across their operations. As figure 4 suggests, there are many will likely need to be integrated to and then managed using existing
areas where people, process, and technology overlap between the IT network infrastructures. The convergence of IT and OT security
IT and OT ecosystems―areas where respective strategies need can be a challenging task, since routine IT procedures, such as
to be in sync. The reality of these technologies and how they are antivirus software updates or even patching, can lead to significant
used, however, is often markedly different. OT system–related production disruptions, even potentially shutting down entire
investment decisions are often made on the factory floor by production lines.
leaders within operations, with less involvement from corporate

Figure 4. Operational technology ecosystem driving cyber concerns

OT system characteristics Cyber concerns
The complexity of IT and OT convergence •• OT is typically managed by engineering, automation, and operations rather than IT.
•• There is generally no single team responsible for all OT systems and underlying security.
•• Traditional application of security controls such as patching or vulnerability scanning cannot usually occur without
detailed evaluation due to potential effects.
•• Deep knowledge of the industrial processes, technology assets, network architectures, risks, and security
approaches are often essential, leading to the need for integrated teams across both IT and OT working together.
Update paradox •• Traditional application of security controls such as patching or vulnerability scanning cannot usually occur without
detailed evaluation due to potential effects.
•• No single approach for patching or updating systems is possible. This can make it difficult to be responsive when
vulnerabilities are detected, often driving the need for defense-in-depth approaches to be adopted.
Legacy system setbacks •• Many systems have long life cycles (10+ years) and were not built to be externally connected. With the increase in
edge computing, cloud platforms, and the adoption of other smart factory technologies, air gapping is no longer a
viable option.
Destabilized infrastructure •• Older equipment often uses proprietary communication protocols that can be easily disrupted if data
communication within the network segments increases.
•• Existing networks and associated architectures were not designed to handle the data flows required for the
adoption of these new technologies.
•• There are limited vetting processes to understand the security risks associated with new technologies being
acquired and deployed―increasing the risk of an attack affecting both this new technology and other legacy
technologies on the same networks.
Operational constraints •• Real-time capabilities are typically essential; introducing additional security controls could introduce latency.
•• Making network or other changes could require downtime or an outage. Downtime due to maintenance should be
limited to absolute minimums.
•• Software updates are often not possible due to the proprietary nature of products or contracts or equipment age.
•• Establishment of clear responsibilities across functions (IT and OT) can be crucial. It is important to approach
addressing cybersecurity risks using cross-functional teams, considering what each group does well.

Today’s IT departments are often being tasked with managing Aspects of security can be overlooked when implementing advanced
security for these heterogeneous OT environments and coordinating technologies and smart factory initiatives. Ongoing OT system
the new generation of operational technologies alongside existing security is not typically covered in the service-level agreements
IT-managed systems, such as enterprise resource planning (ERP) and contracts with system integrators and equipment vendors.
packages. Our recent Smart Factory Survey reveals that IT leaders Even when covered, these contracts rarely include statements
surveyed were more confident than their OT counterparts (detecting for maintaining security controls, which by default makes it the
threats 41 percent for IT vs. 33 percent for OT; responding 34 responsibility of the business process owners. As a result, some
percent for IT vs. 29 percent for OT)―indicating a gap between the large capital projects may omit any budget for ongoing security
two groups in having visibility to the risk profile of the organization. management of OT systems that could critically affect operations if
they were targeted by an attack.

8
 Cybersecurity for smart factories

Confidence in cyber detection may create a false

sense of security

Adding advanced technologies to OT networks requires equally These responses indicate that surveyed manufacturers seem
sophisticated cybersecurity standards. A significant share of more confident in their cyber preparedness than the maturity
manufacturers, however, have yet to build the cyber capabilities and capabilities they may have to respond to and recover from
to secure some of these business-critical systems. Given the rapid a cyberattack, especially when new technologies come online
pace at which new technologies are added to factories via smart in periods between risk assessments. It is likely that some
factory use cases, IT and OT leaders may be unprepared to respond manufacturers are not aware of the new threats they face when
to new threats that arise. While 90 percent of manufacturers leveraging IoT devices and other emerging technologies in a smart
surveyed in the study report capabilities to detect cyber events, factory environment. Even if they know that something bad could
very few companies today have extended monitoring into their OT happen, often they do not understand how.
environments, and fewer than half of manufacturers surveyed have
performed cybersecurity assessments within the past six months
(figure 5).16 Additionally, it could often prove difficult to identify an
attack if it originates within the OT environments unless there is a
negative effect on operations (because monitoring capabilities have
not been extended).

Figure 5. Capabilities to detect cyber events vs. recent cybersecurity assessments

Capabilities to detect cyber events Most recent cyber risk maturity assessment

Use a mix of internal

and external 37% 4% 2%
resources
18%
Use internal
34%
resources Within past 6 months
6 months to 1 year ago
Use external 1 to 2 years ago
(contracted) 19% 42% More than 2 years ago
resources
Never or none performed

None 10% 34%

Source: 2019 Deloitte and MAPI Smart Factory Study

9
Cybersecurity for smart factories

Decoding cyber risk through smart

factory use cases
Smart factory initiatives are commonly approached from a One way manufacturers can understand the cyber risks
use-case perspective, in which advanced technologies are that smart factory initiatives could introduce is through
combined with process innovation to address a specific business these use cases. Identifying the data types and owners,
challenge or opportunity. For example, quality sensing and error along with the entry point(s), can help to clarify threats and
detecting is a use case that incorporates vision systems, edge vulnerabilities. Below, we highlight six use cases (figure 6).
computing, and artificial intelligence (AI)–based analytics to reduce
defect rates on a production line.

Figure 6. Six smart factory use cases

Quality sensing and Plant consumption Factory

detecting and energy synchronization
Real-time equipment management and real-time
monitoring, visual analytics, Sensor-based waste, scrap, asset tracking
in-line quality testing and utility consumption Tracking sensors to
tracking; energy, water, dynamically adjust
waste optimization schedules
platform

Factory asset Command center Smart conveyance

intelligence Using data, analytics Automated guided vehicles,
Predictive maintenance, and visualization, and automated conveyance
augmented reality (AR) user-based insights to ensure continuous
to assist maintenance material flow
personnel, sensor-enabled
asset monitoring

Source: Deloitte analysis of the 2019 Deloitte and MAPI Smart Factory Study data

10
 Cybersecurity for smart factories

Figure 7. Cybersecurity considerations for six smart factory use cases

1 Engineering collaboration/digital
twin–enabled product design 2 Risk-adjusted material requirement planning
(MRP)
Virtual models of a physical product (or assembly) MRP involves estimating the required volume
Capability to run simulations, predict product performance, of materials at the respective locations at the
and make iterative design modifications right time. Risk-adjusted MRP makes use of both
Capability
production and demand data–driven insights
Product configurations, materials, other
and stochastic algorithms to optimize the flow of
Data types intellectual property (IP), customer usage data,
materials in a manufacturing process.
repair and warranty data, quality data
Bills of material, customer order/demand
Engineering and design department, product
data, planning data (routing, labor, machine
Data owners management, after-market service, quality control, Data types
availability, quality standards, scrap percentages),
suppliers
supplier information
Hardware including AR glasses, laptops, VR caves;
Procurement department, production
Entry points software applications, databases, and analytics Data owners
department, supplier network
tools; network and cloud
Company intranet, software programs, data that
Network-enabled engineering software could be Entry points
resides at suppliers
accessed by others with access to that software.
Hardware (e.g., AR glasses) could be taken by Risks of phishing and cyberattacks can cause data
Threats/ someone and used to view sensitive product or Threats/ loss and system failures. Data compromise could
vulnerabilities vulnerabilities
customer data. The data uploaded to a cloud affect material replenishment or delay production.
platform for analysis and simulation could be
•• Control and manage access of users to systems
compromised.
and from one system to another system. This
•• Restrict device and system access to authorized includes identity and access management,
personnel only and follow a least-privilege remote access, and privileged access
approach. management.
•• Ensure cloud access and storage follows access •• Define company-wide policy for secure remote
control protocols―confirm that secure network access, managing connectivity for both
architectures are applied to control system and employees and third parties.
data connections. •• Establish or join trusted exchange centers that
Cybersecurity
•• Apply defense-in-depth strategies: Detect, plot, are focused on sharing cyber intelligence.
considerations Cybersecurity
and translate the cyber threat landscape. •• Use simulations like wargames and tabletops to
considerations
•• Use threat intelligence specific to OT rehearse responses.
environments with a monitoring capability that •• Build muscle memory in employees around
can identify abnormal behavior. how to react/respond to phishing attempts
•• Develop a documented response plan for a (e.g., through establishing phishing campaigns).
cyberattack that could affect physical processes •• NOTE: Email and Internet access should not be
or one that results in a data breach. allowed within OT environments. If required,
such connectivity should be tightly controlled
and monitored. Instead, this type of access
should be restricted to business networks
where possible.

11
Cybersecurity for smart factories

3 Advanced manufacturing
4 Robotics and cognitive process automation

Technologies such as additive manufacturing Robotic process automation (RPA), machine

Capability (3D printing) with advanced materials for parts/ learning, natural language processing, and AI.
assemblies and for prototyping Capability These technologies can automate repetitive
and time-intensive tasks, especially on the
CAD/CAM files, material-specific data, material
Data types production floor.
requirements, 3D printer specifications
Performance data, rules-based data, data
Production department, engineering and design Data types
Data owners captured from computer vision, asset data
team, procurement
Production department, data analytics team,
Entry points Shop floor Data owners
robotics team

A cyberattack could result in confidential product HMI (human-machine interface), robotic arms,
Entry points
Threats/ composition or design-related data loss, as well software programs
vulnerabilities as bring down a production line or facility through Unauthorized access, unwarranted bot programs,
access to the networked 3D printer(s). Threats/ and denial-of-service attacks that could lead to
vulnerabilities
•• Protect critical infrastructure and OT network disruption of a production line
to defend the processes, communications, and •• Employ application whitelisting, source code
assets. review, and file integrity monitoring to minimize
•• Confirm that 3D printers are appropriately the risk of malicious code being installed
segmented within the network. and executed.
•• Perform cyber compromise assessments, •• Correlate internal events with external
Cybersecurity Cybersecurity
security evaluations of new technologies, and threat intelligence to enhance organization’s
considerations considerations
threat modeling and simulation exercises. capabilities and tailor risk responses in
•• Develop a process to provide timely notification alignment with criticality and likelihood.
and response to cyber incident. A focus should •• Confirm there is an accurate inventory of all
be on confirming an organization’s ability to technology assets, along with a process for
restore operations to normal state quickly―this assessing potential business impact.
includes backing up systems and configurations.

5 Factory asset intelligence and performance

management 6 Plant consumption and energy management

Predictive maintenance, AR to assist maintenance Sensor-based waste, scrap, and utility

Capability
personnel, sensor-enabled asset monitoring Capability consumption tracking; energy, water, and waste
optimization platform
Machine-specific performance data, OEE data,
Data types
maintenance scheduling and repair history Facility-related for climate control, energy usage,
Data types
factory asset energy consumption
Operations and production team; maintenance
Data owners
and repair team Facility management, operations
Data owners
Assets on production lines; maintenance staff and
Entry points
third parties HMI, building control systems, asset-based
Entry points
software
Access to OT environment via software that
may have been developed without considering Unauthorized access could lead to disruptions in
Threats/ security needs. AR glasses could be compromised. Threats/ energy flow to the plant, damaging equipment
vulnerabilities Cyberattackers could gain visibility to factory asset vulnerabilities and materials while also having the potential to
data, including product and client information, or injure people.
could disrupt production and damage assets.
•• Patch and update these systems where it is
•• Adopt a risk-based approach rather than possible. A robust vulnerability management
compliance-based approach. and patching program is needed.
•• Approach security considering defense-in-depth •• Continuously assess entry points and detect
needs with a consistent program and structure malicious activities through 24x7 monitoring of
—educating personnel, gaining visibility across environments. Activity monitoring should occur
the sites, segmenting the network, monitoring in a central location and be extended across
for abnormal behavior, and having a capability to both IT and OT. Responsibilities for key contacts
Cybersecurity
respond/recover. should be assigned across manufacturing plants
considerations
•• Continuously assess entry points, motivation, to personnel who will provide support when
Cybersecurity
and vehicles to execute an attack to enable research or triage is required.
considerations
the organization’s technical teams to build •• Create cross-disciplinary playbooks to manage
operational response capabilities. communications and actions during an incident.
•• Perform simulation exercises and workshops These playbooks should cover both IT and OT
to stress-test existing plans in a controlled and be updated based on lessons learned
environment. Involvement of key personnel (i.e., through testing activities and responding to
across departments should be considered actual events).
during these simulations, from the analysts with
hands on the keyboard to the executives who
would have ultimate decision-making power.

12
 Cybersecurity for smart factories

Next steps: Where to start building cyber

resilience in the smart factory
As smart factory initiatives continue to proliferate across the global 4. Build in security. Since many smart factory use cases are still
footprint of manufacturers, cyber risks are expected to continue to in planning and early stages, now is the time to harmonize these
increase. As the 2019 Deloitte and MAPI Smart Factory Study reveals, projects with your cyber risk program. Design and include the
the cyber preparedness of many manufacturers is less mature appropriate security controls at the front end of these projects.
than likely necessary to protect against not only current threats, Important controls to consider include use of secure network
but also new threats and vulnerabilities that digital technologies segmentation models, deployment of passive monitoring
create. Manufacturing organizations should invest in a holistic cyber solutions (to provide visibility of networked assets and activity
management program that extends across the enterprise (IT and while minimizing the risk of disruption), secure remote access,
OT) to identify, protect, respond to and recover from cyberattacks. control of removable media, improved management of privileged
Specifically, the following four steps should be considered when access, and executing consistent backup processes (especially
starting the process of building an effective manufacturing for critical systems and configurations).
cybersecurity program:
The breadth and depth of potential threats and vulnerabilities in
1. Perform a cybersecurity maturity assessment. If your a connected smart factory environment remind us of the reality
organization has not done this in the past year, consider making that cyber risk is everywhere today. Strong cybersecurity is the
this a priority, as with every new use case in pilot or production foundation for a resilient company. This requires that all employees
within the smart factory, there come new exposures to threats. are front-line defenders of your organization’s security. Make
The assessment should include OT environments; business sure your employees are aware of their responsibilities, and give
networks; and advanced manufacturing cyber risks such as IP them tools to be cyber-resilient citizens. With effective cyber risk
protection, control systems, connected products, and third-party management for smart factory initiatives, manufacturers can
risks related to industrial ecosystem relationships (for example, capitalize on the upside potential the Fourth Industrial Revolution
vendors, suppliers, or partners). brings and prevent themselves from becoming a victim of a
future cyberattack.
2. Establish a formal cybersecurity governance program
that considers OT. The program should provide consistency
and roll out to manufacturing locations globally. Business-centric
representation in these governance structures is important
to allow IT and OT teams to collaborate where practical and
manage the business. The manufacturing security teams should
work closely with the site to consider the risks and appropriate
mitigation strategies. Consider using a steering committee to
assign decision-making authority to further deliver consistency
within the program.
3. Prioritize actions based on risk profiles. Use the results
of the cybersecurity maturity assessment to create a strategy
and roadmap that can be shared with executive leadership
and, where appropriate, the board to address risks that are
commensurate with your organization’s risk tolerance and
capabilities. It is important to understand your manufacturing
environments and the assets that comprise them so tailored
mitigating controls can be designed and implemented.

13
Cybersecurity for smart factories

Endnotes
1. ManCoInc is a hypothetical company for illustrative purposes.

2. Ibid.

3. Deloitte, 2019 Deloitte and MAPI Smart Factory Study.

4. Ibid.

5. Deloitte, “Cyber risk in advanced manufacturing: Getting ahead of cyber risk,” 2016, https://www2.deloitte.com/us/en/pages/manufacturing/articles/cyber-risk-
in-advanced-manufacturing.html.

6. Deloitte, 2019 Deloitte and MAPI Smart Factory Study.

7. IoT Business News, “New 2019 Global Survey: IoT-Focused Cyberattacks are the New Normal,” May 29, 2019, https://iotbusinessnews.com/2019/05/29/94747-
new-2019-global-survey-iot-focused-cyberattacks-are-the-new-normal.

8. Infosec, “Which Industries Are The Biggest Security Targets?”, https://resources.infosecinstitute.com/category/enterprise/securityawareness/security-threats-

by-industry/#gref.

9. Ethan Bresnahan, “Carbon Black Report Indicates Industries Most Targeted for Cyber Attack, Security Boulevard, April 2, 2019, https://securityboulevard.
com/2019/04/carbon-black-report-indicates-industries-most-targeted-for-cyber-attack.

10. Deloitte, “Cyber risk in advanced manufacturing.”

11. Gregory Garrett, “Cyberattacks Skyrocketed in 2018. Are You Ready for 2019?”, IndustryWeek, https://www.industryweek.com/technology-and-iiot/
cyberattacks-skyrocketed-2018-are-you-ready-2019.

12. IoT Business News, “IoT-Focused Cyberattacks are the New Normal.”

13. Garrett, “Cyberattacks Skyrocketed in 2018.”

14. Deloitte, 2019 Deloitte and MAPI Smart Factory Study.

15. US Cybersecurity and Infrastructure Security Agency, “ICS-CERT Advisories,” https://www.us-cert.gov/ics/advisories.

16. Deloitte, 2019 Deloitte and MAPI Smart Factory Study.

14
 Cybersecurity for smart factories

Authors
Ramsey Hajj
Advisory Principal
Deloitte & Touche LLP
+1 561 962 7843
rhajj@deloitte.com

Sean Peasley
Advisory Partner
Deloitte & Touche LLP
+1 714 334 6600
speasley@deloitte.com

Jason Hunt
Advisory Senior Manager
Deloitte & Touche LLP
+1 901 322 6804
jashunt@deloitte.com

Heather Ashton Manolian

US Industrial Products & Construction
Research Leader
Deloitte Services LP
+1 617 437 2120
hashtonmanolian@deloitte.com

David Beckoff
VP, Product Development & Insights
MAPI
+1 703 647 5153
dbeckoff@mapi.net

15
About Deloitte
As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary
of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description
of our legal structure. Certain services may not be available to attest clients
under the rules and regulations of public accounting.

About MAPI
Founded in 1933, the Manufacturers Alliance for Productivity and Innovation is a
nonprofit organization that connects manufacturing leaders with the ideas they
need to make smarter decisions. As the manufacturing leadership network, its
mission is to build strong leadership within manufacturing to drive the growth,
profitability, and stature of global manufacturers. For more information, visit
mapi.net.

This publication contains general information only and Deloitte is not, by means
of this publication, rendering accounting, business, financial, investment, legal,
tax, or other professional advice or services. This publication is not a substitute
for such professional advice or services, nor should it be used as a basis for any
decision or action that may affect your business. Before making any decision or
taking any action that may affect your business, you should consult a qualified
professional adviser. Deloitte shall not be responsible for any loss sustained by
any person who relies on this publication.

Copyright © 2020 Deloitte Development LLC. All rights reserved.