Hacking the factory floor: Cybersecurity in smart manufacturing
When you think of hacking, you might think of viruses or ransomware attacks where computers are unable to operate unless a bitcoin is paid to an anonymous cybercriminal. In the manufacturing sector, the reality isn’t quite so public.
First, the practical physical realities of the industrial landscape are challenging. With industrial devices, an exploit of a single, simple software vulnerability can have serious consequences. Depending on the actual setup and security posture of the target, smart factory attacks could severely affect critical goods, risk lives on the factory floor and generate massive financial damage.
Second, 2017 research by Verizon revealed that while across all industries most cyberattacks are opportunistic, 86% of attacks in manufacturing are targeted. Almost half (47%) of breaches involve theft of intellectual property (IP) to gain competitive advantage, with trade secrets the most common data type breached in manufacturing companies.
Of course, it’s hard to get accurate figures about the incidence of such attacks, as few companies are willing to disclose breaches on public record. In 2016, the European steel conglomerate ThyssenKrupp confirmed it was the victim of a significant cyberattack that the company believes was carried out in connection with industrial espionage, with the attackers were reportedly looking to steal trade secrets from the company. ThyssenKrupp stated on its website, “According to our analyses, the aim was essentially to steal technological know-how and research from some areas of business area industrial solutions. There have been no signs of sabotage and no signs of manipulation of data and applications or other sabotage.”
The robots revolt
As well as the risk of stealing company IP, last year Trend Micro security researchers released research showing how easily factory and industrial robots could be hacked and used for malicious purposes. Industrial robots are mechanical multi-axis “arms” used in modern industries for automating operations such as welding, packaging, food processing or die casting. They consequently play a key role in Industry 4.0 initiatives focused on automation and smart factories. Many robots from manufacturers including Kawasaki, Fanuc and Yaskawa were found to vulnerable to enabling hackers to make changes that alter the way they operate. The researchers explained:
By leveraging the remote code execution vulnerability, we modified the control loop configuration files, which are naively obfuscated and thus easily modifiable. In particular, we changed the proportional gain of the first joint’s PID controller, setting it to 50% of its original value. Then we programmed the robot to perform a straight horizontal movement. The trajectory of the end effector projected on the horizontal plane was notably altered. Although the maximum difference between the position under normal conditions and under attack is small (less than 2mm), according to the specific machining that the robot is performing, it can be enough to destroy the workpiece.
Beyond simply altering machines, researchers were also able to inject faults and micro-defects into the workpiece with the potential to control a robot, damage its parts or even cause injuries to people who work in close collaboration with it by disabling or substantially altering safety devices. Additionally, the Trend Micro Forward-Looking Threat Research Team found tens of thousands of industrial devices residing on public IP addresses which could include exposed industrial robots, further increasing the risk that an attacker can access and hack them. Trend Micro has duly contacted manufacturers in response to its findings.
How to keep factories safe
It’s easy to forget that even the most automated factories are still managed by (often fallible) human beings.
Organizations can mitigate potential vulnerabilities by:
- Educating staff members on the basics of cybersecurity and risk management, including how to identify suspicious emails and what to do if they receive one;
- Maintaining a complete asset inventory. You can’t protect what you don’t know about, so collecting a complete and accurate inventory of all systems, software and critical assets within your environment is critical;
- Implementing multifactor access controls, data security, intrusion prevention, firewall and spam filtering from respected and established vendors.
- Having a clear policy and practice on BYOD. At a recent Berlin conference, a speaker recounted a virus that infected connected machinery and brought the factory floor to a standstill, resulting from a virus introduced by an intern’s BYOD USB stick. It’s not uncommon for virus-infected USB sticks to be distributed at tech events, even dropped strategically at bars and coffee shops frequented by factory staff as a means to gain access;
- Knowing where data is stored. Most organizations have an incomplete understanding of where their sensitive data resides. Security teams need to ensure sensitive data is not stored in unauthorized locations, with policies implemented to ensure maximum protections for the most critical systems and information;
- Employing services such as Shodan, a search engine for IoT that allows users to find devices that are publicly accessible on the internet, and those which may be vulnerable to hackers; and
- Maintaining validated, tested, reliable backups that include off-site and off-line copies.
Ultimately, for security to be robust, reliable and effective, it needs appropriate investment in time, money and energy, appropriate skilling and training of staff, and an effective action plan in place if and when an attack occurs. Attacks are inevitable and now a matter of when, not if. However, their severity, frequency and impact can be greatly reduced through good workplace practices.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.