Strengthening Industry 4.0 Automation Security

Summary

The scaling of efficiencies and business value from automation and the Internet of Things (IoT) over the past few years has been transformative. In factories especially, costs drop, waste decreases, and businesses can control and gain insight into their processes like never before.
 
At its most basic level, a great deal of IoT used for automation in factory settings involves collecting data about the physical environment and acting on that data. As explained in a recently published study, combinations of sensors and devices such as actuators have transformed our ability to increase efficiency and reduce costs throughout manufacturing facilities.
 
However, increased connectivity often yields greater security concerns. Many industrial facilities are making use of connected IoT devices to control plant functions like environmental and infrastructure systems. Similarly, many facilities are increasingly benefiting from connected machinery, such as smart conveyance systems, manufacturing equipment, and more. The result is a plant that is increasingly managed remotely and that is capable of some level of autonomous operation, error correction, and self-reporting of functions.
 
IoT, for all the reasons mentioned above, offers tons of upside for manufacturing facilities. Compared to many technology trends over the past two decades, IoT is just as momentous but much less structured. Without standards springing from the use of any one particular networking technology and with rapid extension of functionality based in repurposed software, simple security considerations can be overlooked. Near field communications, proprietary networking protocols, and ubiquitous world standard protocols, such as WiFi, Bluetooth, and cellular communications, all provide ease of connection. Each can, however, be made ‘easy’ and not be implemented using best practices, leading to real vulnerabilities that are well known and easily exploited.

Automated factory vulnerabilities and security strategies

Because many automation IoT applications depend on well-established communications means, many classic networking vulnerabilities apply to Industry 4.0. Some of the most common vulnerabilities are to attack strategies such as Denial of Service, Man in the Middle, and masquerading. While none of the strategies are unique problems for automated systems or Internet of Things devices in general, all these attacks can have grave consequences and are exacerbated by overlooking simple security measures.
 

Denial of service (DoS) attacks

What is a denial of service attack?
Denial of Service attacks reduce a system’s ability to handle legitimate activity by overwhelming the system with illegitimate activity. As an example, the largest recorded DDoS attack ever showed Amazon Web Services’ preparedness for these types of assaults in February of 2020. The attack on a typical AWS customer was an attempted traffic jam of 2.3 Terabits per second.

Impact of denial of service attacks on automated factories
On a smaller scale, abusing the ways machines communicate with one another inside a company network can slow down overall traffic or even interrupt regular operation of connected devices on the network. When looking at a series of sensors and machines set to act in sequence in automated environments, reducing quality of service can slow a factory down or even stop it in its tracks. When automated industrial processes are time sensitive, the consequences could even escalate from slowing a production floor to the total shutdown of operations.

Preventing denial of service attacks
The United States Cybersecurity and Infrastructure Security Agency recommends maintaining firewalls and antivirus across devices. In commercial settings, proactive network monitoring is critical, and this proactive approach is currently experiencing an evolution thanks to artificial intelligence developments.

Man in the middle (MitM) attacks

What is a MitM attack?
Hackers conduct Man-in-the-Middle attacks by observing then simulating a legitimate messaging loop within a network. By intercepting traffic across a network, malicious actors can prevent ‘real’ traffic from arriving at its destination. Simply having free access to communications across a network could result in massive amounts of information leaking. In fact, this subtype of attack where data is siphoned off has its own name — eavesdropping. At its far extreme, MitM attacks can manifest in communications manufactured to alter the actions of a highly automated system. The consequences of manipulating connected devices could impact speed and uptime in automated factories, and it could even endanger employees.

Impact of MitM attacks on automated factories
In the same way that Denial of Service attacks can reduce performance of connected machines, MitM attacks could alter the operation of automated systems at an attacker’s whim. Creating fake network traffic that successfully processes through automated systems could allow for sensor readings to be faked and triggers for actions to be delayed or fired early. It could even insert instructions that may damage operations or machinery within a smart factory.

Preventing MitM attacks
In the case of Man in the Middle attacks, the most commonly exploited gaps in security are the disregard or misuse of network protocol security features, such as certificates that may be usable on networks capable of managing communications with HTTPS or TLS/SSL.
 
Many programs that extend IoT functionality in the factory make the use of these networking technologies easy. In order to reduce the chances of a bad actor succeeding in a MitM attack, automation teams must be thoughtful about what networking protocols are being used. Every means of connecting automation components together have recommended security practices which will significantly improve security. The key is applying the same security rigor to their IoT environments that they do to all other business systems.
 
This application of normal security measures can become an afterthought in IoT system design, however, as the software platforms used to manage devices often abstracts users away from networking minutiae.

Masquerading

What is masquerading?

Beyond MitM approaches, attackers can access privileged data or manipulate the intended operation of systems by impersonating legitimate actors on a network. Most often, this involves stealing usernames and passwords or mimicking the IP address or other authentication details of some known, trusted machine in a network. Once armed with a “normal” set of privileges within the system, one can collect data from the network with all the privileges of the user they’re impersonating.

Impact of masquerading on factory automation systems
When this impersonation takes place, there is a wide variety of possible outcomes. Based on the actor being mimicked, an attack may hold little authority to impact systems, or, conversely, it could wipe entire databases, credential repositories, or sets of process automation instructions. This may mean massive losses of operational data or even worse — manipulating the devices themselves that automate processes within a factory setting. As factories connect and automate functions, such as environmental controls, along with manufacturing and other operational processes, this could mean overriding locks in buildings, manipulating power or water infrastructure, or breaking operational automation processes, such as supply chain automation within a plant.

Preventing masquerading attacks
The simplest of countermeasures against masquerade attacks focus on education and good practices among working teams. Passwords should not be easily guessed, and they should not be shared. Beyond that, the most common exploits available to hackers include attempting to access systems using known default credential schemes or leveraging known gaps in systems. Keeping supporting software up to date and instilling a culture of good password management practices organization-wide can address most forms of masquerade attacks.
 

What’s next for smart factory automation security

While some attack strategies may cause relatively minor disruptions, such as reduced quality of service, automating processes opens the possibility for any automated device or process to be hijacked. For this reason, tightly controlling networks and the actors that use them becomes critical in automated environments.
 
Beyond taking basic security precautions, the future holds many potential advances to improve the security of automation systems in smart factories. Responsibly using the applications available to accelerate the setup and adoption of IoT enabled automation requires Industry 4.0 leaders to ensure that the basics of network and application security aren’t missed along the way.