To announce the theme for the CyberCenturion VI National Final, Daniel Barker, Senior Cyber Engineer at Northrop Grumman, has written a guest blog post. Keep reading to find out how Industry 4.0 can increase security risks and how the cyber security industry is helping manufacturers protect exposed systems.
What is Industry 4.0?
The manufacturing industry has evolved through four major phases. The first phase was mechanisation (the use of machinery in manufacture) using steam power. An example from this era is the mechanised weaving loom. Following this was Industry 2.0: the introduction of electrical power and the assembly line.
The next revision – Industry 3.0 – was where computers and automated electronics would build the products we use every day, such as robots working together in car factories, further reducing the amount of manual labour used. Finally Industry 4.0 has made the systems responsible for the production of items “smart”, which means connecting them to the internet, mainly for remote updates and monitoring.
What are the risks of Industry 4.0?
Due to Industry 4.0 exposing these automated production machines to the internet, they become a target to attack in various ways. An example of an attack on industry is the use of malware: malicious software that can be run alongside or instead of the proper programs.
A particularly damaging type of malware is ransomware. This is a type of software that blocks access to data, with its creators demanding money in order to restore access. A famous recent example of ransomware was the WannaCry epidemic which occurred in May 2017. You may have heard of this malware as it also severely affected the IT systems of the NHS in the UK. WannaCry crippled several factories and production stopped as the files used for control were encrypted.
Ransomware can have a huge financial cost, as if a production halts even for just a few minutes it can cost large sums of money, such as Samsung’s 30 minute power outage back in 2018 which cost approximately $43.3 million. An additional cost is if the production plant has to pay the criminals who encrypted the data to retrieve it. As well as being expensive, this payment is risky; there is no certainty that they will in fact get their data back, such as is the case of Ryuk.
The risk of ransomware attacks is increased in manufacturing machinery controlled by older programs, something which is surprisingly common. For example, one of the reasons WannaCry was so damaging was that so many organisations (including the NHS) were using the outdated operating system Windows XP. Because this software is so old, the manufacturer no longer checks for, or patches (fixes), security issues. This practice is common, simply because of the cost of upgrading the software systems. The potential for the newer systems to be incompatible or break also puts people off upgrading.
How is industry attempting to reduce these risks?
The security industry has attempted to assist the manufacturing industry in several ways. One example is the use of honeypots. A honeypot is a simulation of a factory connected to the internet. To an attacker it looks like the real thing, however any attempts to access or infiltrate the system will be recorded. This can provide information to defenders on who is attacking the system, and how. This information can be used to build stronger defences.
Another technique is the use of penetration testing, or ethical hacking. This is where a security expert attempts to penetrate the defences of the industrial system. If they are successful, information on how they gained access is passed to the organisation so they can block these entry points and methods. In some cases, the vulnerability is so severe that the developers of the software are informed so that they can create an emergency fix, even if the product is older and no longer supported.
Additionally, there has been work by the US to create an emergency response team (known as ICS-CERT) for security breaches in industrial control systems (systems controlling things like factories and power stations). This team provides support if an industrial network is found to be easily accessible from the internet as well as supplying advice on how to better secure systems against attack.