Facebook icon Twitter icon Forward icon

Cybersecurity Exposure

Cybersecurity Exposure

by Bill Virgin
It might be tempting for those in manufacturing to read about the latest cyberheist, involving the theft of millions of data records such as credit card numbers, and think, “That’s a problem for the banks and retailers.” They should resist temptation—and quickly.

Cybersecurity’s most prominent breaches, in the commercial realm, have indeed come in retailing and banking. But lots of other industries are learning just how vulnerable they are and how much they have to lose . Electric utilities are the latest sector about which troubling reports are surfacing about incursions into their computer systems.

Manufacturers have lots to lose already–intellectual property concerning products and processes, as well as sensitive information about suppliers and customers. All of that has value to someone; anything with value is automatically a target for theft. But manufacturers’ exposure to cyber- security incidents and what they have to lose are about to go up. Way up.

To explain why, we first need to discuss another trend coming at manufacturing – the Internet of Things.

For all the jokes about smart toasters and refrigerators that know to order milk from the grocery store before you even know you’ve run out, the Internet of Things is serious, real and in many cases practical, even at the consumer and household level. Devices that can be monitored or controlled remotely, that can use their connection to a wireless information grid to perform routine tasks, are not just the stuff of gee-whiz and “maybe someday” displays at trade shows. They’re here already, in such forms as home thermostats that can be operated from your smart phone.

The applications and usefulness are even greater on the manufacturing shop floor and up and down the supply chain. Managers can get real-time data not just on how much is being produced but how the products meet quality and tolerance parameters. Is a crucial piece of machinery running hotter than normal? Is another overdue for maintenance? IoT-capable devices equipped with the necessary sensors, software and wireless communication connections can tell managers now, before potential problems become real and expensive problems.

Nor is it the manufacturer itself that can make use of the Internet of Things’ potential. Suppliers can get alerts in advance about raw material and parts inventories that need to be reordered (and those systems can be programmed to place and fill those orders automatically). Customers can get information on the status of the orders as well as real-time inspection data of what they’ve ordered (a Seattle startup is working on that specific application).

That’s a lot of potential. The potential for trouble is also big.

“Manufacturing is a highly sensitive process and any disruption could not only cost millions of dollars, but also be a serious risk to the lives of thousands of consumers,” wrote Peter Koen and Christian Strömsdörfer in an article for Architecture Journal, a Microsoft publication. “Just imagine what would happen if a hacker got access to the process that controls the recipes for production of food... Although security and safety are extremely important almost everywhere, manufacturing always adds life-threatening features such as exploding oil refineries or failing brakes in cars. If a computer virus sneaks into a chemical plant undetected, everything and anything might happen, not the worst of which were depredating the company’s accounts.”

If that sounds a bit hyperbolic, consider the report from a German government agency on a 2014 attack on a steel mill in which hackers worked their way through several systems to gain control of a blast furnace, preventing its normal shutdown. The result, the report says, was “massive damage.”

The problem is not just the degree and extent of damage but the number of points of vulnerability. It’s not just the manufacturer’s own points of access that have to be worried about. If suppliers and customers are all connected, then their vulnerabilities provide gateways to the manufacturer’s own systems.

A lot of people up to no good are going to be exploring those gateways and testing just how well they’re secured. IID, a Tacoma-based cybersecurity firm, warns in its annual threat- assessment report (looking out two years instead of the conventional one) that “by the end of 2017, botnet operators seeking new frontiers will execute a full-scale invasion of compromised Internet of Things (IoT) devices such as wearables and connected home products. A botnet is a collective of private computers, infected with malware, that are controlled by cybercriminals to launch mass attacks, unbeknownst to their owners.”

Such “zombified” IoT devices could be used in coordinated denial-of- service attacks to overwhelm systems with traffic or spying, among various nefarious purposes.

“The increasingly advanced technical capabilities of IoT devices such as autonomous consumer-grade drones and smart appliances will not be able to keep pace with security and privacy requirements,” says Sean Tierney, IID’s vice president of threat intelligence. “This will drive large- scale compromises of IoT devices.”

The only reason the threat is likely to come first to consumer IoT devices is that deployment of the technology is much slower in manufacturing. The systems are far more expensive and complex, and standards and protocols are scant.

That means that manufacturing actually has a little time to figure out the security aspect. Some, like Peter Koen and Christian Strömsdörfer, argue that “manufacturing applications must not be exposed to the outside world (i.e. the Internet) such that anyone could penetrate the system,” adding that “it is pretty much unthinkable to ever have a manufacturing environment connected to the cloud.”

In fact cloud-based services are what some providers will offer, and that will in turn prompt some manufacturers to worry that the threats and risks are not worth whatever benefits derive from IoT connections.

“Everybody involved in IoT understands that without security,
it dies,” said William Hill, president of Western Integrated Technologies in Bellevue, in a presentation at a manufacturing conference las year. “They’re pretty committed to staying alive. I think we’re going to see some wholesale changes and upgrades
to security in the next five years. Because without that, none of this works.”

How and how extensively IoT proponents and services address those concerns is something manufacturers will want to watch
as closely as they do the rollout of Internet of Things technology
for industrial technology. They’d certainly never tolerate uninvited
and unwelcome strangers hanging out around their physical premises, rifling through files and loitering in the vicinity of the machinery. That ought to go quadruple for those who enter via an Internet connection, unseen but all too real.

BILL VIRGIN is a veteran business journalist and the founder of the newsletters Washington Manufacturing Alert and Pacific Northwest Rail News. He is also a columnist for The News Tribune, Seattle Business Magazine, and the energy newsletter Clearing Up, He and his wife own Page 2 Books, a retail store in Burien.

California Tax Rush

California Tax Rush

by David Volkert
If California was a country, it would be the 8th biggest economy in the world. In all likelihood, every company in Washington manufacturing and distributing industry has some sort of contact with California’s economy either through a vendor or a customer. California’s importance to the national economy makes it an interesting barometer for the future of tax law.

In recent years, California tax law has been in the news, mostly for its “Amazon Laws.” However, the changes go beyond internet retail commerce. These changes reflect some major shifts in the taxation of interstate business. With California being the barometer of interstate taxation, it’s important to take note of some of these changes and how they could affect your business in the future. One of the key changes has been the shift to single-factor sales apportionment for income tax returns.

What is Single-Factor Apportionment and Why do I Care?

Single-factor apportionment is a relatively new invention in the
tax world. For those familiar with Washington’s gross receipts
based taxation system, we’re really not concerned with the idea of apportionment. We determine the taxability of a transaction at the transaction level, i.e., a sale to a Washington customer is taxed in Washington, a sale to an Oregon customer is not taxed unless it was manufactured in Washington as well. For states with income taxes, the amount of income taxed in a state is a little more complicated. In most circumstances, taxpayers determine how much income is taxable in a state using a variety of apportionment methods which for most of the last 60 years has been the three-factor method. This three-factor method took an average of the ratio of your sales, property and payroll in the state to outside of that state. Imagine two distributors with $50k of payroll and $500k of property, one is in California, one is in Washington. Both have $500k of sales to California customers and $1m sales elsewhere. Under the old three-factor apportionment:

  • WA company: $500/$1,500 = 33%, $0/$50 = 0%, $0/$500 = 0%. Average factor 11%
  • CA company: $500/$1,500 = 33%, $50/$50 = 100%, $500/$500 = 100%. Average factor 78%

The newer single-factor method only looks to your sales ratio to determine your apportionment. Under the new single-factor apportionment:

  • WA company: $500/$1,500 = 33%
  • CA company: $500/$1,500 = 33%

The single-factor approach presents the best of both worlds
to state legislators; it gives in-state companies a tax break while pulling more tax out of the pockets of those who don’t get to vote in their elections.

For businesses based in Washington State, there’s a lot of pessimistic thinking about these new single sales factor approaches as it generally will increase income tax bills in California and other states as they make the switch as well. However, there are some upsides. Prior to the single-factor approach, you were effectively penalized by operating in a 3-factor state as it would increase your income tax more than just selling from outside of the state. With the new single-factor approach, opening a sales office to generate more sales in a state will only affect your income tax bill based on the sales generated as the payroll and property factors no longer affect your tax bill.

As the tax world evolves, it’s important to remember that taxes are inevitable, but in these changes are opportunities to improve and expand your business. Understanding state taxation and seizing on these opportunities can have a positive effect on your bottom line while minimizing taxes paid to other states.

DAVID VOLKERT, Senior Accountant at Shannon & Associates, is a state and local tax expert. David has been in public accounting since 2007. Over time David has developed into our State and Local tax expert, talking with clients about such things as proactive methods of avoiding Nexus, to when should you file payroll taxes in a state. Keeping the best interests of the client in mind in a practical, cost-effective manner, while also remaining compliant is his goal. While in public accounting, he has worked in both tax and financial reporting for a variety of industries; however, the majority of his focus has been on construction contractors, manufacturers and service businesses. His experience in these industries has given him invaluable insight into common concerns and issues his clients frequently encounter.

Red Flag Reporting

Red Flag Reporting

Contact Us

For your state and local tax needs.
Risk Assessment | Compliance | Audit
(253) 852-8500