Cybersecurity in Factory Automation
Published on : Friday 10-03-2023
Cybersecurity is an important component of the process of responding to the changes in the manufacturing sector, says Dr Shekhar Pawar.
The Industrial Internet of Things (IIoT) is transforming traditional production, and smart factories are examples of this change. Manufacturing companies already have a fundamental concept of what smart factories are, what they can do, and what the benefits and difficulties of creating them are. A significant expenditure is needed for a major shift to be made in order to accommodate technological advancements like smart factories, and getting the most value out of that investment is crucial. Reassessing their security, vulnerabilities, and other risks and threats to digital data can be a good place to start for integrators. In many aspects of their operations, many traditional manufacturers use automated devices like barcode scanners, cameras, and digital manufacturing equipment. Yet there is no connection between those gadgets. In a traditional factory, each of the components – people, assets, and data management systems – operates independently of the others and requires continual manual coordination and integration. Machines, humans, and Big Data are all incorporated into a single, digitally connected ecosystem in a smart digital factory. A smart factory genuinely gains knowledge from experience in addition to collecting and analysing data. It analyses data sets to foresee trends and occurrences, recommend and put into practice automated manufacturing workflows, and gather insights from them. In order to self-correct and self-optimise, a smart factory continuously improves its operating procedures. In this way, it may teach humans and itself to be more durable, efficient, and safe.
A smart factory's fundamental design can be distilled into three steps:
Data acquisition: The curation and acquisition of various sets of usable data across the business, supply chain, and the globe is made possible by artificial intelligence and contemporary database technologies. The Industrial Internet of Things (IIoT) enables linked equipment to collect data into the system using sensors and gateways. AI-powered systems can gather data sets on performance, market trends, logistics, or any other possibly relevant source through a plethora of other data portals.
Data analysis: To make sense of the diverse data obtained, machine learning and intelligent business systems use advanced analytics and cutting-edge data management techniques. IIoT sensors can alert when a machine needs maintenance or repair. To identify opportunities and dangers, one might assemble market and operational data. It is possible to analyse workflow efficiency over time to improve performance and auto-correct as necessary. In reality, the data sets that can be compared and analysed offer an almost unlimited number of possible combinations to guide supply chain forecasting and digital factory optimisation.
Intelligent factory automation: Following data collection and analysis, processes are set up and commands are issued to the system's equipment and devices. These devices could be found inside the factory's walls or much further away in the logistics or production connections of the supply chain. Intelligent processes and workflows are continuously monitored and improved. Workflows for 3D printers can be directed to increase production priority for a particular item if a news story foresees a spike in demand for it. Inventory buffers can be rotated to prevent any interruption if a raw material shipment is delayed.
In these three fundamental designs, the system of a smart factory consists of a vast array of items connected to a single network. Every one of those devices' flaws might expose the system to a variety of attacks.
Various cyber-threats on Factory Automation
Here are a few current cyber-threats trends for factory automation.
The value of each linked device to overall security is not diminished by the quantity of connected devices inside or outside the factory floor. One compromised device can be used by an attacker to distribute malware or gain access to the entire industrial network. If they have physical access, they can even tamper with the critical assets. The tampered devices might then be made to transmit inaccurate data to the rest of the network or simply malfunction, affecting the remainder of the production line.
As of this month's most recent news, wireless industrial internet of things (IIoT) devices from four separate vendors has a set of 38 security flaws that could provide a sizable attack surface for threat actors trying to target operational technology (OT) systems. According to Israeli industrial cybersecurity company Otorio, "threat actors can exploit vulnerabilities in Wireless IIoT devices to obtain first access to corporate OT networks." "They can infiltrate target networks using these flaws to get past security measures, endangering key infrastructure or disrupting production." The flaws, in a nutshell, offer a remote entry point for attack, enabling unauthenticated adversaries to gain a foothold and subsequently use it as leverage to spread to other hosts, thereby causing serious damage. Some of the identified shortcomings could be chained to give an external actor direct access to thousands of internal OT networks over the internet, security researcher said. Of the 38 defects, three affect ETIC Telecom's Remote Access Server (RAS) – CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981 – and could be abused to completely seize control of susceptible devices. In a nutshell, the holes present a remote access point for attack, allowing unauthenticated adversaries to establish a foothold and use it as leverage to spread to other systems and wreak havoc. According to a security researcher, some of the found flaws may be linked together to grant an outside actor direct internet access to thousands of internal OT networks. Three of the 38 flaws – CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981 –affect ETIC Telecom's Remote Access Server (RAS) and may be exploited to take complete control of vulnerable devices.
A network, device, or resource is intended to be disabled or shut down by a denial-of-service (DoS) cyberattack. A botnet of numerous hacked devices (bots) is used in a distributed denial-of-service (DDoS) attack to target the connection or processor of the target system. For instance, several well-known websites and online services were shut down by the IoT botnet Mirai. We have seen cyber-attack news about this in February 2023, where according to experts at Palo Alto Networks' Unit 42 cybersecurity team, a new strain of Mirai, the botnet virus used to launch powerful DDoS assaults, has been targeting 13 vulnerabilities in IoT devices connected to Linux servers. Once the vulnerable devices have been taken over by the variation, known as V3G4, they can be completely controlled by attackers and join a botnet that can be used to launch other campaigns, such as DDoS attacks.
Threat actors carry out attacks using a variety of malware, including trojans, rootkits, and ransomware. Also, they think about the best way to send malware so that it may do the greatest harm or get past the defenses of its victim. They might use methods like spear-phishing, watering holes, and social engineering, among others.
Attacks in the past demonstrate that threat actors most frequently employ malware deployment. Industrial control systems (ICS) can be compromised by malware deployed on the industrial network, as was the case with BlackEnergy and Killdisk. BlackEnergy is Trojan software that was discovered several years ago that is intended to carry out distributed denial-of-service (DDoS) attacks, download personalised spam, and add banking information-stealing plugins. KillDisk, a capability that might render systems inoperable and destroy crucial components on an infected system, was known to have been delivered by BlackEnergy virus. It was claimed to have exceptional capabilities that could endanger Industrial Control Systems (ICS). A target receives an email with a malicious attachment in an attack scenario. Yet for the first time, the TRITON malware targets safety controllers, or so-called "safety instrumented systems" (SIS). A highly targeted piece of malware is TRITON/TRISIS. Given that every SIS is specific to the company and industry it is utilised in, it cannot be scaled up to attack multiple targets at once. The variants that have currently been found are created specifically to interfere with Triconex products. Because it was designed to trick industrial safety systems and shut down an industrial plant's activities, the Trojan Triton was notable. Recently, it was discovered that threat actors had attacked a water plant in Europe using software that mined cryptocurrencies.
A threat actor inserts himself into business communication channels during a Man-in-the-Middle (MitM) attack. To streamline its operations, a smart manufacturing system needs multiple communication channels, such as those between a control system and a device. This technique could allow attackers to insert their own code or data in addition to relaying information to malicious third parties. For instance, insecure communication protocols could provide attackers the ability to change firmware updates as they are being sent. MitM attacks show how important it is to have secure communication routes in addition to having secure devices, networks, and systems overall.
How to reduce the risk of cyber-threat?
It is important for organisations to build skills to prevent cyber attacks on their assets; otherwise they can take consulting from cybersecurity domain experts in the market. Also, especially for small and medium enterprises there is BDSLCCI.
Here are a few important areas which will reduce cyber-attack risks.
Never postpone cybersecurity training for employees:
The expanded attack surface of the smart factory makes it difficult for organisations to identify and stop assaults against it. More employees will be able to handle industrial failures brought on by cyberattacks if IT and OT departments are allowed to share their knowledge with each other and the entire organisation. Cybersecurity awareness training for employees is a must.
Security as part of multiple layers:
Additionally, organisations should use defense in depth which is also known as layered security strategies like Linked Threat Defense, which enables solutions on networks, endpoints, and cloud environments to exchange information and swiftly defend every part of IT and OT systems.
Security consideration from design phase:
Security for smart factories requires extensive preparation, which is best done from the design stage. The vast volume of data that smart factories imply must be anticipated by integrators at the outset. This entails, among other things, making advance plans for the equipment to use, evaluating the communication protocol to employ, and even creating breach-related standard operating procedures (SOPs) to adhere to.
Skilled management for Governance of cybersecurity:
The new type of physical and virtual environment in which smart factories work is created by businesses in the industrial sector. Cybersecurity is an important component of the process of responding to the changes in the manufacturing sector and safeguards the value produced by the industry's recent developments, even though its design and implementation may present difficulties. Top management must invest in governance of the cybersecurity posture for the organisation.
Dr Shekhar Pawar is a DBA in the cybersecurity domain at SSBM, Switzerland. He has completed his executive management degree from SJMSOM, IIT Bombay, and engineering in electronics and telecommunications from Mumbai University. Some of his skills and certifications include Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), ISO 27001 – Lead Auditor, PCI DSS Implementer, Diploma in Cyber Laws, Microsoft Certified Professional (MCP), Certified Blockchain Developer, Certified ATM for CMMi Assessment, DSP & Applications – IIT Madras, and Diploma in Industrial Electronics. He is also the author of the nonfiction book ‘Air Team Theory: Understanding 10 Types of Team Mates and Best Practices to Succeed’. Currently he is working as Founder and CEO of SecureClaw Inc., USA, and GrassDew IT Solutions Pvt Ltd, Mumbai.