Arming smart factories with the right tools to keep threats at bay

Cybersecurity is a must for any smart factory set up, by ignoring the issue you could leave your company exposed to threats.

A common problem cybersecurity professionals have when talking about online threats is making the listener care. Things that happen in the cyber world — lines of code, complex machinery, virtual systems — often don’t have the required impact because of their abstraction from everyday reality. The more technical the discussion gets, the more difficult it is to make it relevant.

However, when we talk about smart factories the risks are very real. Malicious code could shut down production lines, sabotage facilities and even put factory floor workers in physical danger. Tackling these challenges will require a new focus on co-operation between IT and OT teams.

Patching problems

In fact, it is IT-OT convergence in the modern manufacturing facility that has precipitated the cybersecurity crisis currently facing the industry. Before the Internet of Things (IoT) started to bring connectivity and computing power to operational technologies, manufacturing systems were arguably more secure. They ran on obscure proprietary software which made attacks often too expensive to research and carry out and, most importantly, were not internet-connected, making it extremely difficult for remote attackers to reach.

That has largely changed as systems were modernised, with internet-connectivity everywhere and many systems running Windows: one of the most popular and most targeted operating systems in the world. Yet while the sector has changed, cybersecurity in many cases has not kept pace.

Take industrial robots: the backbone of the modern factory and the driving force behind Industry 4.0 digital transformation. They typically run on proprietary programming languages, some of which will be out-of-date now and therefore can’t be patched. Elsewhere, patches may not be applied because mission critical systems can’t be taken offline to test them, or else because of non-security priorities. This is where OT and IT teams clash: OT’s priority is usually uptime and safety, while IT will focus more on patching a known vulnerability to mitigate risk going forward.

Smart Factory Best Practices image - Trend Micro

Robots exposed

Many of the robotic machines on which smart factories rely have extensive access to resources on the shop floor—and it’s often important that they do. File shares, industrial control systems (ICS), human machine interfaces (HMIs) and other elements also have a critical part to play in driving productivity and Industry 4.0 success. However, often there’s no access control or isolation between these discrete parts of the manufacturing OT-IT environment. This matters, as it could enable attackers to compromise one part and then move laterally to another. Trend Micro’s Zero Day Initiative saw a 16% year-on-year increase in the number of disclosed ICS vulnerabilities in the first half of 2020.

That’s not all, sometimes the programming languages used in robots don’t have any security validation checking. In fact, secure coding techniques are rarely used, as most of those writing the programmes themselves are process control engineers rather than developers. Code is frequently reused from public repositories rather than designed from scratch, which further exposes manufacturing organisations to cyber-risk. It’s claimed that vulnerabilities in open source code libraries have doubled in nearly two years.

Vendor-backed app stores are another potential source of compromise. Until recently these haven’t applied the same efforts as Apple and Google in validating applications to check if they are malicious. That means malware could find its way onto the platforms, hidden in legitimate-looking software. With this entry point into the smart factory, attackers could carry out a range of theoretical campaigns ranging from theft of sensitive IP and employee/customer data to sabotage of production systems, denial of service and ransomware. Some unauthorised commands may even cause robots to move in such a way as to endanger their operators.

Online Data cybersecure Security Concept CyberAttack CyberCrime CyberSecurity - Stock.

A unified response

It’s vital that IT and OT security teams work hard at breaking down the traditional siloes that have kept them apart for so long. There needs to be a unified approach to securing these systems to ensure issues don’t fall between the cracks until it’s too late. Start by conducting an asset inventory and then map data flows and risk scores to it.

Patching is essential for any internet-connected systems. For those on unsupported operating systems or which can’t be updated for other reasons, consider virtual patching to keep them protected from threats without the need to take systems offline for testing. Next, it’s steps like network segmentation to isolate machines that process data from other networks, to minimise the chances of information theft. It goes without saying that protection from a reputable provider, at the endpoint, network and server layers, is vital, as is implementation of a Secure Software Development Lifecycle (SSDLC).

As an industry which employs nearly three million in the UK and accounts for hundreds of billions in exports, manufacturing is very much in the sights of the cybercrime community. As factories become increasingly packed with hi-tech components, it’s critical that security doesn’t remain an afterthought.