The smart factory concept, enabled with IIoT, has in many ways transformed manufacturing. Yet with so many connected devices in place, they introduce cybersecurity risks.
The smart factory concept,
enabled with IIoT, has in many ways transformed manufacturing. Yet with so many
connected devices in place, they introduce cybersecurity risks, which need to be protected against via better security measures.
“A single cyberattack can negate the benefits derived from a smart factory, like real-time data monitoring, supply chain management, and predictive maintenance,” said a recent
blog post by Tend Micro. “That’s why security must not be left behind as organizations move forward with their ‘smart’ agendas.”
According to the company, a survey of reported cyberattacks in the past and a review of common network attack scenarios can help pinpoint areas where IIoT security could be falling behind. These are summarized as follows.
Vulnerability exploitation
A smart factory’s system includes countless equipment and devices that are connected to a single network, and vulnerabilities in any one of those devices could open up the system to any form of attack, the post said. “In fact, this was exemplified by the worm Stuxnet, which used certain vulnerabilities to propagate. Stuxnet attracted attention because it targeted critical infrastructures. Successful campaigns that used vulnerabilities emphasize the significance of good security practices like regular patching,” it said.
Deploying malware
According to the post, past attacks show that malware deployment is the most common method used by threat actors. “Malware installed on the industrial network can compromise industrial control systems (ICS), like in the case of BlackEnergy and Killdisk. The trojan Triton was notable because it was tailored to manipulate industrial safety systems, subsequently shutting down an industrial plant’s operations,” it said. “Recently, threat actors were found using cryptocurrency-mining malware to attack a water facility in Europe.”
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
According to the post, with its source code published and DDoS-as-a-service providers popping up, an increase in
DDoS attacks on smart factories and other IIoT infrastructure in the future is not implausible. Likewise, compromised ICSs could end up being harnessed by a botnet for attacks against other organizations, it added.
Man-in-the-middle (MitM) attack
A MitM attack involves a threat actor going in between communication channels that companies are using, the post said. “Unsecure communication protocols could enable attackers to modify firmware upgrades in-transit. MitM attacks highlight that aside from device and network security, ensuring communication channels are secure is also critical to the entire system’s security,” it said.
Surveillance and information theft
Attackers can also take a more subtle approach in their campaigns by stealing information or monitoring exposed systems, the post said. “Gaining unauthorized access on a network, threat actors can steal information on equipment behavior from measurements and data usually collected by their sensors necessary for the factory’s automatic functions. Such attacks on networks show the importance of apt intrusion detection and prevention systems,” it said.
Device hacking
According to the post, attackers can use a single hacked device to spread malware or access the entire industrial network. “They can even tamper with actual devices should they gain physical access. They could then make the tampered devices send the wrong information to the rest of the network or to simply malfunction and affect the rest of the production line,” it said.
The post concluded by saying with the convergence of IT and OT, the smart factory’s combination of virtual and physical systems makes interoperability and real-time capability possible, yet it comes with the cost of an expanded attack surface. “Organizations should therefore match this convergence with a security that combines both IT and OT defenses. This could mean reevaluating existing security measures and elevating the defenses for those that may be lagging behind,” it said.