Why Industry 4.0 Will Challenge Manufacturing Security

Bringing together operational and information technologies in manufacturing environments not only presents innovative opportunities but also poses new security challenges in the highly connected Industry 4.0 era.

As companies continue down the path of Industry 4.0, adding intelligent devices and software to gather detailed business intelligence, they are coming face to face with the challenge of securing the networks that connect all these devices. Perhaps nowhere is the challenge greater than in the manufacturing industry, where potentially decades-old machines and software must be upgraded or instrumented to participate in the Internet of Things and Industry 4.0.

It’s a sea change for manufacturers, who are used to having two distinct, separate networks: one for operational technology (OT) and another, entirely separate IT network. The OT network-connected machines on the manufacturing floor, for example, but had no need to talk to the IT network, which supported typical business functions.

All that is changing as Industry 4.0 requires manufacturers to gather data from those OT networks and feed it to the IT systems that can apply business intelligence applications to drive operational efficiencies and cost savings. That means the once-isolated OT networks are now connected, opening up numerous potential new attack vectors and cyber threats.

“Big data generated through the IoT can give useful information regarding how things work and what can be improved,” notes the research paper, “Network and information security challenges within Industry 4.0 paradigm,” published by Procedia Manufacturing. “However new ‘things’ usually bring unexpected security vulnerabilities and threats to exploit, and the attackers are actively working to ensure they get their share of Industry 4.0.”

OT Network Threats

Connecting OT networks to the IT side introduces threats having to do with the industrial control systems (ICS) used to manage various machines and processes. These include programmable logic controllers (PLC), supervisory control and data acquisition (SCADA) systems as well as the human-machine interfaces (HMI) that enable operators to control the equipment.

All of these ICS components have vulnerabilities, notes Trend Micro Research in its paper “Securing Smart Factories.” Even worse, of the 343 ICS and SCADA vulnerabilities reported to the ICS Computer Emergency Response Team (ICS-CERT), exploits were available for 132 of them on a publicly available database, Trend Micro found.

“Having a vulnerability is one thing, but having an actual exploit against that vulnerability makes attacks much easier,” the Trend Micro Research report says.

The company also found cases where HMIs were directly exposed to the Internet, with no authentication required. While some of these HMIs are read-only, others also allow control.  “This basically allows anyone to tamper with values and issue commands on manufacturing machinery if the HMI is not read-only,” the Trend Micro report says.

Long Machine Lifecycles, Outdated Software

Another challenge manufacturers face is their equipment tends to have long lifecycles, 25 to 30 years or more. It will take years for companies to replace or upgrade all these machines to participate in an IoT environment.

“We see an industry that is at a crossroads—moving away from the current status, yet not fully into Industry 4.0,” according to the Trend Micro paper. “Consequently, such an intermediate state poses its own set of threats and risks.”

Among them is the use of old, outdated software such as Windows XP, for which support ended in 2014. Trend Micro studied some 750,000 systems in a range of industries. In manufacturing environments, 4.4% were using Windows XP, nearly double the rate of 2.5% for all industries.

Old, unsupported operating systems are more likely to have unpatched vulnerabilities that can be exploited, even by old variants of network malware. The 10-year-old worm Downad, for example, was found by Trend Micro on 2.9% of systems in manufacturing environments, but on just 1.2% in all others.

Vulnerabilities Present Real Risks

All of these vulnerabilities present a real risk of exploitation, including:

Distributed denial of service (DDoS) attacks, in which a server is bombarded with enough requests to crash a process, disable sensors or cause them to malfunction, resulting in service interruptions. In an environment that relies on interconnected systems, DDoS attacks are a significant threat, the Procedia Manufacturing paper says. What’s more, as cloud computing gains in popularity, including in smart factories, “it is likely that more criminals find new ways to exploit system vulnerabilities like applying Denial-of-Service,” the Trend Micro paper says.

Distributed denial of service (DDoS) attacks, in which a server is bombarded with enough requests to crash a process, disable sensors or cause them to malfunction, resulting in service interruptions. In an environment that relies on interconnected systems, DDoS attacks are a significant threat, the Procedia Manufacturing paper says. What’s more, as cloud computing gains in popularity, including in smart factories, “it is likely that more criminals find new ways to exploit system vulnerabilities like applying Denial-of-Service,” the Trend Micro paper says.

Ransomware attacks, which Trend Micro says, “can cause far more damage than in other industries if the manufacturing line is affected.” It notes a “at least a couple” of car manufacturers fell victim to Ransomware attacks during the WannaCry outbreak in May 2017. In 2018, the chipmaker Taiwan Semiconductor Manufacturing Co. (TSMC) was hit by a WannaCry infection targeting unpatched Windows 7 systems, “leaving multiple factories crippled” and costing the company an estimated $170 million.

Intellectual property theft, which Trend Micro Research notes is a risk when transferring data between IT and OT networks, as well as when sharing information with external partners, suppliers, and vendors.

A 5-point Protection Plan

In its “Framework for Improving Critical Infrastructure Cybersecurity,” the National Institute of Standards and Technology recommends companies adopt five core functions to protect against cyber threats:

1. Identify: Develop an understanding of the cybersecurity risks to systems, people, assets, data, and capabilities. This includes understanding the business context for each risk and the resources that support critical functions, so you can prioritize accordingly.
2. Protect: Develop and implement safeguards to protect systems and processes against risks, including the ability to limit or contain the impact of a breach. Safeguards may include identity management and access control, awareness and training, processes, and procedures that address information protection and maintenance.
3. Detect: The detect function involves developing activities to enable the “timely discovery of cybersecurity events,” through security continuous monitoring and detection processes.
4. Respond: Develop and implement appropriate activities to take action when a cybersecurity incident is detected and contain its impact. This involves response planning, communications, analysis, and mitigation.
5. Recover: The recover function includes the implementation of resiliency plans, to support the timely recovery to normal operations from a cybersecurity incident.

“The functions should be performed concurrently and continuously to form an operational culture that addresses the dynamic cybersecurity risk,” NIST says.

Obviously, there’s a lot more to implementing a sound cybersecurity defense for manufacturing environments than can be outlined in a blog post. To learn more, the NIST framework is a good place to start.