Mitigate Four Significant Cyber Threats Facing Automated Factories

Mitigate Four Significant Cyber Threats Facing Automated Factories
Mitigate Four Significant Cyber Threats Facing Automated Factories

Automated manufacturing is growing fast. As always, along with greater efficiency comes greater risk. Four automated factory situations in particular warrant focused cybersecurity attention: the Industrial Internet of Things (IIoT); industrial robots; augmented reality (AR) devices; and additive manufacturing (AM).
What these four trends have in common is the need to process large amounts of data, forcing more and more interaction and integration between IT and OT networks. As IT and OT continue to converge, attackers have more factory OT network entry points, which means more vulnerabilities  to be on the watch for. According to the Trend Micro Security Predictions For 2023 report in collaboration with TXOne Networks, we foresee an upward trend in IT-based cyberattacks inadvertently affecting OT systems that are connected to IT networks–and worse, revealing OT systems as an underutilized attack vector through which malicious actors can move laterally between OT and IT environments.
In 2021, Trend Micro also revealed that 61% of automated manufacturers have experienced cybersecurity incidents, many causing downtime. To protect automated manufacturers, TXOne Networks analyzes the global trend of automated factories to identify the following potential threats and to propose an adaptive cybersecurity solution for shop floor industrial control systems (ICS).

Threats faced by the automated factory

1. The Industrial Internet of Things

As large numbers of machines are introduced to the network in this era of digital transformation, factory environments can be vulnerable to initial access cyberattack techniques.

Fully entrenched in the realities of Industry 4.0, smart manufacturing is deploying Industrial Internet of Things (IIoT) technologies to improve operational efficiency and reduce operating costs. We saw the adoption of IIoT technologies expedite during the pandemic to keep operators safe while maintaining production. However, this brings the potential to expose vulnerabilities, especially in OT environments that were once truly air-gapped.

Commonly used IIoT protocols can provide more attack vectors to connected devices. Wireless is also a problem, as endpoint devices use WirelessHART or BLE to upload endpoint information to the cloud via a network gateway, creating entry points.
Protection requires network defenses to limit trusted data sources supported by a visualization solution to manage the server. Network defense solutions can learn the trusted behavior of each piece of equipment. When you know the trusted behaviors of each device, you can prevent attackers from carrying out further attacks.

2. Industrial robots

Malware can be introduced to the development environment of industrial robots, enabling highly privileged workstations to execute malicious behaviors.
It is amazing to see what robotics can do these days! They are autonomous and mobile, collaborating with each other to perform physical operations in many large-scale manufacturing factories.
These industrial robots generally consist of a controller, robot, and workpiece. Engineers often upload or download extension kits from an app store-like service. If the content is not inspected, the engineer may unintentionally download infected kits, execute them, and threaten the factory network.
Some industrial robots don’t authenticate the access control by default; if the equipment is exposed to the public network, attackers can exploit vulnerable but common network protocols. In some cases, public downloadable OLP software can modify controller parameters, production logic, or robot status to tamper with factory production outcomes. To understand the potential for danger, in 2021 a cyber intruder penetrated a Florida water treatment facility twice in one day, and was attempting to poison the supply when detected.  

3. Augmented reality

Improperly stored Augmented Reality (AR) devices may allow the theft of factory data and the destruction of cloud data.
Wearable or handheld devices with AR technology are used to enhance the interaction between engineers and machines and access cloud data. When suppliers or technicians are required to enter the factory area, any AR devices that are not adequately protected by physical security can be and have been stolen, along with confidential factory information.
Information may include anything from production processes to pharmaceutical or food ingredients. AR devices used by engineers are considered trusted sources; in the wrong hands, they can be used to access enterprise cloud data and expand the impact throughout the factories.

4. Additive manufacturing

If the configuration files in additive manufacturing (AM) equipment are tampered with, the equipment can overheat, leading to large-scale disasters.
Many manufacturing plants are introducing additive manufacturing (AM) technology to manage supply chain issues, particularly in automated factories related to aerospace, automotive, or medical industries. In essence, additive manufacturing technology is a computer-controlled process of creating a three-dimensional object by depositing materials one layer at a time. SANS researchers have found that thousands of insecure AM devices are exposed to the public network and the devices can be controlled without authorization.
When most AM devices used unencrypted files (G-code format) to control printing, attackers had the opportunity to steal confidential product information. Certain malicious firmware can make the device persistent, where excessive heating can cause large-scale disasters in factories.

The four pillars of OT zero trust to mitigate threats to automated factories

TXOne Networks believes that effective cybersecurity solutions that ensure the operation reliability and digital safety of ICS and OT environments are best achieved through the OT zero trust methodology and its four pillars:

  • Inspect: Conducting a security inspection before any new equipment enters the shop floor is necessary in order to prevent insiders from intentionally or unintentionally bringing malware into the factory environment.
  • Lock Down: Stop malicious behavior and unintended operation by implementing OT protocol command-specific allow lists at both the endpoint (machine) and OT network level.
  • Segment: Network segmentation is vital. By arranging enterprise assets into isolated groups based on their purpose, you sharply limit options for attack, and you restrict those attacks to a specific area to contain the damage.
  • Reinforce: Virtual patching is strongly recommended to block loopholes on the MES and shield vulnerabilities of legacy or unpatchable systems protecting sensitive, critical assets.

To learn more about effectively protecting automated factories across the entire lifecycle of your machines, download TXOne Networks’ OT Zero Trust Handbook.

About The Author

Mars Cheng is Threat Research Manager, PSIRT and Threat Research, at TXOne NetworksYenTing Lee 
is Threat Researcher, PSIRT and Threat Research, at TXOne Networks.

TXOne Network’s Threat Research Team, led by Mars Cheng, performs a variety of vulnerability research on ICS devices and protocols as well as analyzes potential threats, malware and ransomware related to OT environments. Dedicated to providing the industrial and cybersecurity communities with the most real-time threat intelligence, Mars Cheng and YenTing Lee share the team's findings at top security conferences around the world including Black Hat, DEFCON, RSA Conference and FIRST.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..