Security Threats and Risks in Smart Factories
Smart factories are manifestations of how the industrial internet of things (IIoT) is changing traditional manufacturing. Organizations in the manufacturing sector already have a basic understanding of what smart factories are as well as their capabilities and the advantages and challenges of building them. A pivotal change to adapt to technological advances like smart factories requires a huge budget, and one critical consideration is how to get the most value out of that investment. Integrators can begin by reevaluating their security.
A single cyberattack can negate the benefits derived from a smart factory, like real-time data monitoring, supply chain management, and predictive maintenance. That’s why security must not be left behind as organizations move forward with their “smart” agendas. A survey of reported cyberattacks in the past and a review of common network attack scenarios can help pinpoint areas where IIoT security could be falling behind — and where security should be enhanced.
Past attacks on connected industrial systems
Reported attacks on IIoT systems do not only serve as a reminder of how real threats are in this field — they also serve as case studies to further understand the nature of threats against the IIoT. Outlined in the figure below are the attacks on IIoT systems dating back to more than a decade ago.
These incidents demonstrate the potential damage of an attack to smart factory systems like industrial control systems (ICSs), specifically supervisory control and data acquisition (SCADA) systems. Depending on the target, large-scale effects are plausible given the attacks on critical infrastructures in the past. Even now, threat actors that target such systems continue to improve their tools for future campaigns.
Many of the reported incidents involved familiar cyberattack methods. Because of the nature of smart factories, the effect of such threats could easily go beyond the network and translate to physical scenarios. It is thus critical for organizations to be familiar with threat scenarios and common cyberattack methods against networks to further help improve their security.
A smart factory’s system includes countless equipment and devices that are connected to a single network. Vulnerabilities in any one of those devices could open up the system to any form of attack. In fact, this was exemplified by the worm Stuxnet, which used certain vulnerabilities to propagate. Stuxnet attracted attention because it targeted critical infrastructures. Successful campaigns that used vulnerabilities emphasize the significance of good security practices like regular patching.
Past attacks show that malware deployment is the most common method used by threat actors. Malware installed on the industrial network can compromise industrial control systems (ICS), like in the case of BlackEnergy and Killdisk. The trojan Triton was notable because it was tailored to manipulate industrial safety systems, subsequently shutting down an industrial plant’s operations. Recently, threat actors were found using cryptocurrency-mining malware to attack a water facility in Europe.
Threat actors use different kinds of malware for attacks, for example, rootkits, ransomware, and trojans. They also consider how to effectively deploy malware, meaning a delivery method that could cause the most damage or penetrate their target’s defenses unnoticed. They could utilize techniques like social engineering, spear-phishing attacks, watering hole attacks, among others. That is why manufacturers should implement cybersecurity awareness not just for smart factory operators but for all employees.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
DoS is a type of cyberattack whose goal is to disable or shutdown a network, device, or resource. DDoS is a type of DoS that uses a large number of compromised devices (bots) — a botnet — to attack a target system’s connection or processor. For example, the IoT botnet Mirai took down several well-known websites and online services. While it was not known for its effect on the industrial sector, it still demonstrates the potential effectiveness and consequences of a DDoS attack. With its source code published and DDoS-as-a-serviceproviders popping up, an increase in DDoS attacks on smart factories and other IIoT infrastructure in the future is not implausible. Likewise, compromised ICSs could end up being harnessed by a botnet for attacks against other organizations.
Man-in-the-middle (MitM) attack
An MitM attack involves a threat actor going in between communication channels that companies are using. A smart factory system requires several communication channels to facilitate its processes, for example, between a control system and a device. Aside from information being relayed to malicious third parties, this attack could also enable attackers to input their own code or data. Unsecure communication protocols, for example, could enable attackers to modify firmware upgrades in-transit. MitM attacks highlight that aside from device and network security, ensuring communication channels are secure is also critical to the entire system’s security.
Surveillance and information theft
Attackers can also take a more subtle approach in their campaigns by stealing information or monitoring exposed systems. Exposed human machine interfaces (HMI), for example, could expose customer databases and an attacker could steal personally identifiable information (PII). This threat — along with cascading consequences — are possible for exposed ICS in critical sectors and other industries. Gaining unauthorized access on a network, threat actors can also steal information on equipment behavior from measurements and data usually collected by their sensors necessary for the factory’s automatic functions. Such attacks on networks show the importance of apt intrusion detection and prevention systems.
The number of connected devices on or outside the factory floor does not dilute the importance of each to the overall security. Attackers can use a single hacked device to spread malware or access the entire industrial network. They can even tamper with actual devices should they gain physical access. They could then make the tampered devices send the wrong information to the rest of the network or to simply malfunction and affect the rest of the production line.
Changing security outlook for manufacturing
All the above-mentioned threats are common attack methods which any network could face. However, these threats now work on an entirely new level with the dawn of the IoT. Their cyber origins can now translate directly to tangible and physical consequences, especially in the realm of the IIoT, with its convergence of IT and OT. The smart factory’s combination of virtual and physical systems makes interoperability and real-time capability possible. But it comes with the cost of an expanded attack surface.
Organizations should therefore match this convergence with a security that combines both IT and OT defenses. This could mean reevaluating existing security measures and elevating the defenses for those that may be lagging behind. On an operational level, organizations could start by examining equipment on the factory floor, from robot arms to their HMIs, to make sure that each device is not exposed online or has weak or disabled authentication.
The smart factory’s extended attack surface makes it a challenge for manufacturers to detect and defend cyberattacks against it. Allowing IT and OT departments to share their knowledge with each other and the whole company can help more personnel deal with factory failures coming from cyberattacks. In addition, organizations can employ a layered security approach such as Connected Threat Defense, which enables solutions across networks, endpoints, and cloud environments to share information to quickly defend each component of IT and OT systems.
Security for smart factories takes a great deal of planning that is best started from the design phase. Integrators must be prepared from the outset for the extensive amount of data that smart factories entail. This means planning ahead the kind of equipment to use, assessing the communication protocol to adopt, and even preparing breach-related standard operating procedures (SOPs) to follow, among other considerations.
Organizations in the industrial sector are responsible for the new kind of space smart factories operate in, both virtual and physical. Although it might pose challenges to design and implementation, cybersecurity is part of the process of adapting to the changes in the world of manufacturing and protects the value created by the industry’s recent innovations.
Originally this article was published here.
For over 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. Security is our entire focus, and it shows. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats.