- By Mars Cheng
- October 27, 2023
- TXOne Networks
- Feature
Summary
As IT and OT systems converge, attackers have more factory OT network entry points. This feature originally appeared in the AUTOMATION 2023: Cybersecurity & Connectivity ebook published in September.
Automated manufacturing is growing fast. Along with greater efficiency comes greater risk. Four automated factory technologies in particular warrant focused cybersecurity attention: the Industrial Internet of Things (IIoT), industrial robots, augmented reality (AR) devices and additive manufacturing (AM).
What these four technology areas have in common is the need to process large amounts of data, forcing more interaction and integration between information technology (IT) and operational technology (OT) networks. As IT and OT continue to converge, attackers have more factory OT network entry points, which means more vulnerabilities of concern.
According to the Trend Micro Security Predictions For 2023 report in collaboration with TXOne Networks, the authors foresee an upward trend in IT-based cyberattacks inadvertently affecting OT systems that are connected to IT networks—and worse, revealing OT systems as an underutilized attack vector through which malicious actors can move laterally between OT and IT environments.
In 2021, Trend Micro also revealed that 61% of automated manufacturers have experienced cybersecurity incidents, many causing downtime. To protect automated manufacturers, TXOne Networks analyzes the global trend of automated factories to identify the following potential threats and to propose an adaptive cybersecurity solution for shop floor industrial control systems (ICS).
IIoT, industrial robots, augmented reality and additive manufacturing pose real threats to automated factories.
1. The Industrial Internet of Things
As large numbers of machines are introduced to the network in this era of digital transformation, factory environments can be vulnerable to initial access cyberattack techniques. Fully entrenched in the realities of Industry 4.0, smart manufacturing is deploying IIoT technologies to improve operational efficiency and reduce operating costs. The adoption of IIoT technologies was expedited during the pandemic to keep operators safe while maintaining production. However, this brings the potential to expose vulnerabilities—especially in OT environments— that were once truly air gapped.
Commonly used IIoT protocols can provide more attack vectors to connected devices. Wireless is also a problem, as endpoint devices use WirelessHART or BLE to upload endpoint information to the cloud via a network gateway, creating entry points.
Protection requires network defenses to limit trusted data sources supported by a visualization solution to manage the server. Network defense solutions can learn the trusted behavior of each piece of equipment. When users know the trusted behaviors of each device, they can prevent attackers from carrying out further attacks.
2. Industrial robots
Malware can be introduced to the development environment of industrial robots, enabling highly privileged workstations to execute malicious behaviors.
Industrial robots (Figure 1) are autonomous and mobile, collaborating with each other to perform physical operations in many large-scale manufacturing factories. These industrial robots generally consist of a controller, robot and workpiece. Engineers often upload or download extension kits from an app storelike service. If the content is not inspected, the engineer may unintentionally download infected kits, execute them and threaten the factory network.
Some industrial robots don’t authenticate the access control by default. If the equipment is exposed to the public network, attackers can exploit vulnerable but common network protocols. In some cases, public downloadable off-line programming (OLP) software can modify controller parameters, production logic, or robot status to tamper with factory production outcomes. To understand the potential for danger, in 2021 a cyber intruder penetrated a Florida water treatment facility twice in one day and was attempting to poison the supply when detected.
3. Augmented reality
Improperly stored augmented reality (AR) devices may allow the theft of factory data and the destruction of cloud data.
Wearable or handheld devices with AR technology are used to enhance the interaction between engineers and machines and access cloud data. When suppliers or technicians are required to enter the factory area, any AR devices that are not adequately protected by physical security can be and have been stolen, along with confidential factory information.
Information may include anything from production processes to pharmaceutical or food ingredients. AR devices used by engineers are considered trusted sources. In the wrong hands, they can be used to access enterprise cloud data and expand the impact throughout the factories.
4. Additive manufacturing
If the configuration files in additive manufacturing (AM) equipment are tampered with, the equipment can overheat, leading to largescale disasters.
Many manufacturing plants are introducing additive manufacturing (AM) technology to manage supply chain issues, particularly in automated factories related to aerospace, automotive, or medical industries. In essence, AM technology is a computercontrolled process of creating a three-dimensional object by depositing materials one layer at a time. SANS researchers have found that thousands of insecure AM devices are exposed to the public network and the devices can be controlled without authorization.
When most AM devices used unencrypted files (G-code format) to control printing, attackers have the opportunity to steal confidential product information. Certain malicious firmware can make the device persistent, where excessive heating can cause large-scale disasters in factories.
Four pillars of OT zero trust TXOne Networks believes that effective cybersecurity solutions that ensure the operation reliability and digital safety of ICS and OT environments are best achieved through the OT zero trust methodology and its four pillars:
- Inspect: Conducting a security inspection before any new equipment enters the shop floor is necessary to prevent insiders from intentionally or unintentionally bringing malware into the factory environment.
- Lock down: Stop malicious behavior and unintended operation by implementing OT protocol command-specific allow lists at both the endpoint (machine) and OT network level.
- Segment: Network segmentation is vital. By arranging enterprise assets into isolated groups based on their purpose, users sharply limit options for attack and restrict those attacks to a specific area to contain the damage.
- Reinforce: Virtual patching is strongly recommended to block loopholes on the manufacturing execution system (MES) and shield vulnerabilities of legacy or unpatchable systems protecting sensitive, critical assets.
To learn more about effectively protecting automated factories across the entire lifecycle of factory machines, download TXOne Networks’ “OT Zero Trust Handbook.”
This feature originally appeared in the AUTOMATION 2023: Cybersecurity & Connectivity ebook published in September.
About The Author
Mars Cheng is threat research manager and YenTing Lee is a threat researcher within PSIRT and Threat Research at TXOne Networks. TXOne Network’s Threat Research Team performs a variety of vulnerability research on industrial control system (ICS) devices and protocols, as well as analyzes potential threats, malware and ransomware related to OT environments. Mars Cheng and YenTing Lee share the team’s findings at top security conferences around the world including Black Hat, DEFCON, RSA Conference, and FIRST.
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..
Subscribe