The ransomware attack crippling one of the world’s top aluminium makers is exposing how crucial sophisticated digital systems have become in the centuries-old industry of turning mined rock into metal products.
Following a “severe” cyberattack on Norsk Hydro ASA’s operations in the US and Europe late on March 18, the company has been forced to shut down several automated product lines and is keeping its smelters running using manual production processes. While the company said it’s still able continue its deliveries to customers, that could change if the stoppages last a long time.
The critical issue for Hydro is to now find specific customer orders and the recipe for how to fulfil them, chief financial officer Eivind Kallevik said in an interview in Oslo.
“We can get that either through cleaning the systems and restoring the backups and in some cases, we are able to go back into the backup systems and pull data more manually,” he said. “That is a big task at all the plants.”
The threat of a supply disruption at Hydro is being keenly felt in the aluminium industry, where there are only a handful of companies in the world that can make the technical products required by companies like Daimler AG and Ford Motor Co.
That means when there’s a problem, the effects can be far reaching, as consumers learned last year when the US unexpectedly sanctioned United Co Rusal, the world’s largest aluminium producer outside of China.
The Hydro incident and other recent attacks show how central technology and automation have become in the metals and mining industry. As part of its push into the European automotive market, Norsk Hydro in 2015 invested in automated ultrasonic testing systems to precisely scan its products for impurities, responding to the exacting needs of customers in the transport sector.
Without that automated certification, automakers would be unable to use the parts, according to Colin Hamilton, managing director for commodities research at BMO Capital Markets Ltd.
More than other base metals, aluminium production is dominated by a handful of companies, meaning there’s more risk that supply chains will be disrupted if there’s a production problem, according to Michael Widmer, head of metals research at Bank of America Merrill Lynch in London.
The interconnected nature of supply chains isn’t unique to the metals industry. As manufacturing processes becoming increasingly complex and spread out around the world, more companies will have to navigate the risk of a disruption from cyberattacks.
“The more automation you introduce into your systems, the more you need to protect them,” said Widmer. “Along with other industries, you may potentially start to see a much stronger emphasis on cybersecurity.” – Bloomberg