According to the Department of Homeland Security, “the critical manufacturing sector is crucial to the economic prosperity of the United States.” From producing metals, to machinery, electronics and transportation equipment, critical manufacturers are vital to the survival of the United States. Moreover, smart manufacturing sectors, such as pharmaceutical and food and beverage, are equally critical to the U.S., due to the risk associated with any manipulation to their manufacturing processes.
Manufacturers are becoming “smarter” by connecting their production systems to external environments, meeting the need production plants have for continuous input and feedback. As a result, manufacturers save on costs, improve productivity and expand their markets. The myriad benefits companies gain by adopting smart manufacturing technology is fueling a quick, permanent transition, which many are calling the Fourth Industrial Revolution.
Furthermore, research projects that by 2020, the number of industrial devices connected to the Internet will triple. To illustrate this point, in 2014 Apple invested $10.5 billion into smart manufacturing systems to build and test their devices. This revolution, however, opens gaping holes in security systems, offering hackers the ability to attack in force and creating a tremendous threat for the developed world.
Every industrial device that connects to an external environment or the Internet brings the potential for an attack. Of course, smart manufacturing hinges on connectivity. To implement smart manufacturing, operational technology (OT) systems, such as factory machinery, are connected to companies’ information technology (IT) systems, creating what is known as the Industrial Internet of Things (IIoT). When companies transition to smart manufacturing, they anticipate that their existing, traditional IT security systems will protect their industrial environment. However, OT systems and IT systems use completely different technologies and have very different usage and characteristics. IT security solutions simply do not protect OT networks, neither in theory nor in practice. Essentially, OT networks today are entirely unprotected, providing cybercriminals with the opportunity to damage crucial production capabilities, cause operational downtime, manipulate products and steal sensitive manufacturing information.
Physical Damage and Operational Downtime
OT security flaws recently caused a fire that led to explosions and massive damage in a German steel plant. Although most of the details of the event remain confidential, we do know the attack’s path flowed from the plant’s IT network to its OT system. Once inside an OT system, hackers had the freedom to manipulate machines and cause anything from significant physical damage to expensive machinery to the total shutdown of a production line.
Although some cybercriminals might have more of an appetite for fireworks, others may prefer a much subtler approach. In one case more than a decade ago, baby formula was produced incorrectly. Undetected, the essential vitamin thiamine went missing from the formula, tragically leading to the death of several children and injuring even more. This incident was never proven to be malicious, but imagine if a widespread drug, such as a common over-the-counter pain reliever, was tampered with, or if one of the few insulin factories in the world suddenly went out of commission. The fallout would cost many lives.
Theft of Sensitive Information
According to its own legend, Coca-Cola protects its coveted secret recipe inside a metal box, which stays in a safe inside of a vault. Supposedly, only two unnamed executives know the recipe and are forbidden from traveling together on a plane. Although Coca-Cola takes these pains to protect one piece of paper, how can the company protect nearly 1,000 plants worldwide? By tapping into a company’s OT system, cybercriminals can access sensitive manufacturing information that exists within the industrial environment. By doing so, hackers could get their hands on formulas, recipes or production methods, down to the finest detail.
The manufacturing world is revolutionizing production with smart manufacturing technology, leading to widespread benefits. However, the package of benefits that IIoT provides also holds hidden costs. Cybercriminals are following manufacturers to the world of Internet-connected OT. Soon, these hidden costs are going to become expensive, visible flaws. The smart manufacturing revolution needs a system of self-defense that can maintain the purpose and functional integrity of IIoT systems. Smart manufacturers must find ways to protect themselves and fast.
About The Author: Yoni Shohet is co-founder and CEO of cybersecurity solutions company SCADAfence.