Create a free Manufacturing.net account to continue

Cybersecurity-by-Design for Industry 4.0

A look at the early stages of cybersecurity and how it will continue to evolve.

Marcellus Bucheit
Mar 21, 2024
Manufacturing Infrastructure Cyber

Well before the dawn of the Internet age, security flaws were discovered in computers and exploited - first with attacks on data within the computer itself and soon after on computers connected to a network. Historically, cybersecurity threats have kept pace with the advancements in information technology and cybersecurity defenses, like antivirus software. Once computers were connected to the Internet and began exchanging data, cybercrimes substantially changed, along with the mechanisms to prevent it.

In 1988, a Cornell University computer science graduate student unleashed an Internet-based computer worm, infecting approximately 6,000 mainframes, mini-computers, and workstations connected to the Internet with a malicious code that brought computer performance down to a crawl. His motive, he later admitted, was "to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects he had discovered.”[1]

This relatively innocuous cybercrime, in retrospect, was a forebearer of the extensive cybercriminal activity to come, as the Internet and digital transformations occurring in all sectors of life gave rise to cleverly conceived cyberattacks in the form of malicious viruses, network intrusions, malware, ransomware, data breaches, and the like.

Early in the connected world, cybercriminals targeted computer information systems, networks, and personal computer devices looking to steal data like passwords and login credentials, credit card and financial data, and even private medical information. A few of the more publicized incidents include Stuxnet [2} in 2010, which was the first cyberweapon meant to cause physical damage. In this case, Stuxnet was thought to have destroyed 20 percent of the centrifuges used in Iran for creating its nuclear arsenal.

The 2017 WannaCry [3} ransomware attack affected approximately 200,000 computers in 150 countries, while the NotPetya [4] attack, which originated in Ukraine, destroyed thousands of computers across 60 countries. The manufacturing industry was touched by NotPetya as well, when Mondelez [5], a multination food and beverage company, lost thousands of computers as a result of the attack - impacting production facilities around the globe, aswell as the company’s ability to complete customer orders.

The Manufacturing Impact

While cyberattacks are pervasive across most every industry, manufacturing processes, in particular, stand out as prime targets for such threats, making it imperative for manufacturers to grasp the risks posed by cyberattacks and understand the protective measures available.

According to a 2022 survey conducted by Barracuda Networks [6], more than 90 percent acknowledged they experienced a security incident in the past year that had a significant impact on their organization.  The reported incidents involved a wide range of attacks, with web application, malicious external hardware/removable media, and distributed denial of service attacks being the most frequent

With the extensive digital transformations occurring in the manufacturing sector, the cyberthreat attack surface has expanded exponentially. This makes cybersecurity of paramount importance to manufacturers of all sizes, regardless of the level of digital transformation undergone by the company.

The explosive growth of digital transformation in the industrial sector, characterized by the term Industry 4.0, is at the core of the cybersecurity discussion for connected, smart manufacturers and digital supply networks. These smart systems are programmed to collect and share data, make decisions that trigger actions, and independently control processes. Moreover, the newfound integration of artificial intelligence and machine learning technologies in Industrial IoT applications like machine vision, robotics, and predictive maintenance, makes an ever-increasing amount of critical data vulnerable, and puts industrial processes at further risk.

For example, additive manufacturing processes are beginning to integrate various AI and machine learning-based algorithms to exploit the full potential of the 3D technology. The trained printing model that grows from the machine learning process becomes the intellectual property of the manufacturer and must be protected from inadvertent modifications, or even intentional attacks. There could be counterfeiters trying to build similar systems by abusing the property of the original maker, or there might even be outright saboteurs who want to manipulate what the system can produce in practice. [7]

An even more malicious attack to a serial production line is the manipulation of the output itself. For example, a remote hack could manipulate the settings in a robotic production process to keep some bolts loose while overtightening others in a finished product. As a result, unsafe products could enter the market with the need for expensive recalls and threats of litigation.

As Industry 4.0 technologies continue to evolve, so will the blurring of the boundaries between operational technology and information technology. As critical manufacturing data travels outside the boundaries of the traditional factory, access rights and policies will need to be managed across the entire organization, which will necessarily lead to a more closely aligned IT and OT environment.

The convergence of IT/OT systems and processes, while enabling new levels of manufacturing efficiencies and productivity to the factory floor, will bring new stakeholders into the security environment. IT security teams and processes must now incorporate the diverse real-time demands of distributed industrial environments.

There is no doubt that IT/OT technologies will continue to evolve, as will the nature and mechanisms for cybercrimes, whether it will be to steal IP, disrupt operations, or wreak havoc in other ways. Cybersecurity technologies and preventive measures will need to evolve as well, beyond simply reacting to issues as they occur, but rather enabled by a built-in cybersecurity-by-design approach to new Industry 4.0 innovations.

Marcellus Buchheit is co-founder and Chairman of the Board of WIBU-SYSTEMS AG in Karlsruhe, Germany. He currently serves as the President and CEO of Wibu-Systems USA, Inc., located in Edmonds, WA where he resides.

Citations

  1. Morris Worm, Cornell Commission Findings https://www.cs.cornell.edu/courses/cs1110/2009sp/assignments/a1/p706-eisenberg.pdf
  2. Stuxnet Dossier https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf
  3. WannaCry Ransomware Attack https://www.vox.com/new-money/2017/5/15/15641196/wannacry-ransomware-windows-xp
  4. NotPeyta Attack https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
  5. NotPeyta Attack on Mondelez https://www.industrialcybersecuritypulse.com/facilities/throwback-attack-the-notpetya-malware-causes-serious-damage-to-snack-giant-mondelez/
  6. The State of Industrial Security 2022 https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf
  7. Software’s Turn: Increasing the Dependability of 3D Printing, Industrial Print Magazine, April 2023 https://industrialprintmagazine.com/softwares-turn/
Latest in Cybersecurity
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsored
Specialty Food Producer Achieves Growth and Traceability with MRP Software
April 5, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Transportation and Logistics Under Siege
April 24, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Related Stories
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsor Content
Specialty Food Producer Achieves Growth and Traceability with MRP Software
More in Cybersecurity
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsored
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sales Manager Karen Addenbrook: "It has been terrific for our business and made us enormously more efficient."
April 5, 2024
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Ap24114558425503
Cybersecurity
UnitedHealth Says Wide Swath of Patient Files May Have Been Taken in Cyberattack
Screen shots containing protected health information or personally identifiable information were posted.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Cybersecurity
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Ap24107471702533
Cybersecurity
Cyberattack Costs Hit UnitedHealth in Q1 That Still Turns Out Better than Expected
UnitedHealth is still restoring several services from the February attack.
April 16, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024