Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis
Smart manufacturing systems can be seen as the modern implementation of the totally integrated automation (TIA) concept that has been developed by Siemens since 1996. But such is the complexity of smart manufacturing systems that it is difficult, if not futile, to provide any “crisp” definition of them. From a security research standpoint, it is challenging to obtain access to a sufficiently generic, fully functioning system, deployed within realistic conditions, because the concept of a “generic” or “reference” smart manufacturing system does not really exist. Therefore, any security analysis — including this one — must be interpreted with a grain of salt: It is easy to jump to conclusions such as, “All smart manufacturing systems are unsecure,” or, worse, to view attack scenarios as ready-to-use best practices on “how to secure smart manufacturing systems.” In this research, our aim is to provide food-for-thought examples and use cases intended for concerned organizations and individuals to carefully contextualize in their specific settings.
Defending a smart manufacturing system is challenging because the environment itself is complex. Focusing on “keeping attackers out” is clearly important, but this has been the usual advice for decades, regardless of the system. Such an approach is not future-proof because there is a tendency toward increased connectivity and dynamic setups with modular plants that can be reconfigured as needed, as opposed to the classic, static deployments. This has an impact on security policies, which should be moving away from the assumption that every endpoint or machine within a manufacturing plant is trusted, leaving the floor open to a more granular approach. As we will show, network traffic coming from an industrial robot — to take just one example — may not be coming from trustworthy software because it might be malicious or it could have been exploited. The challenge is that there are currently no simple ways of authenticating and signing the software and data flowing into these complex systems, essentially because not all systems support such security requirements.
We will describe the scope of our analysis (an actual smart manufacturing system deployed in an Industry 4.0 research laboratory), the methodology we used during our research (a holistic, hands- on driven approach), the research angle we employed (focusing on concrete attack vectors in the hands of a forward-looking attacker), and some background concepts needed throughout this research paper.
Sponsored by Trend Micro
More resources by Trend Micro on our website here.
With more than a decade of research experience in the cybersecurity field, Federico Maggi is specialized in doing threat and security analysis on virtually any system. Federico has analyzed web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots security, cars, and mobile devices.He also has experience on defensive technology and research, through building machine learning-based tools for intrusion and fraud detection. He’s applied data visualization techniques for analyzing botnets, and has gained basic malware analysis and reverse-engineering on Android-based platforms. Currently employed as a Senior Researcher with security giant Trend Micro, Federico was an assistant professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known conferences.
Marcello Pogliani holds a PhD in Information Technology from Politecnico di Milano with a dissertation on the security of manufacturing systems. He is affiliated with the NECST Laboratory of the same university, where he works with the Computer Security group. Marcello’s current research interests revolve around the security of cyber-physical systems. He is also generally interested in broader system-, web- and network- security issues.