Cybersecurity is not an IT issue any more. It has grown into a corporate issue, and that applies to the manufacturing sector also.
In an Industry 4.0 environment, the factory’s machinery is linked to its information system in order to monitor current stock levels, problems or faults, manage changes in orders or demand levels. The physical world is duplicated in computer-driven systems that manage in real time the value chain – from the moment an order is placed to the finish product and even its distribution. This smart factory model increases the plant’s productivity and agility – but in counterpart, it creates new vulnerabilities.
Once the smart factory is operated by cyber-physical systems, it is subject to the same threats as services companies: fraud, privacy invasion, stealing corporate or personal data, etc. But there is a difference. In a cyber-physical environment, the whole operating process can be disrupted and, in some cases destroyed.
The most famous example of that sort of cyberwarfare is the Stuxnet worm, a specially made computer virus attributed to the US and Israel, which in 2010 was deliberately designed to infect, and damage Iranian high-speed centrifuges used for uranium enrichment.
Another example is the electrical outage in Ukraine that left 230,000 people in the dark for six hours after hackers compromised several power distribution centres. The attackers used spear phishing emails and variants of the BlackEnergy 3 malware to gain a foothold into the IT networks of the electricity companies and knock real-world systems offline.
SMBs are the Next Victims
Cyber-physical attacks also target private-owned infrastructure. One has only to look to the example of a disgruntled employee of Hunter Wartech, a disgruntled installer of computerised waste management system, who remotely took unauthorized control of the valve network, spilling over 800,000 liters of raw sewage into area parks, rivers, and businesses. As a result, marine life died, the creek water turned black and the stench was unbearable for residents.
Likewise, the hacks can include ordinary factories to produce defective products as well as not meeting required design specifications. In addition, the financial consequences of such an attack could be devastating due to delaying a product’s launch, ruining equipment, increasing warranty costs, losing customer trust, or causing physical harm to an employee or end user.
With the Internet of things (IoT), this threat will spread towards all activities of daily life: flying a commercial airline, driving a connected car, using an insulin pump, etc. Once the physical integrity of a product can be affected remotely, there is no limit to the scope of damage that can be done. The impact on cybersecurity is direct since it must focus on both the cyber and physical space. The pioneers of cyber-physical crime are the critical infrastructures: power and water utilities, public transportation systems, etc. Even banks share this cyber-physical issue since they must protect their automatic tellers’ networks.
Defining a model of Cyber-Physical Security
These large organizations have long been deploying highly specialized resources to deal with cyber-physical crime. In a recent report, the Department of Homeland Security states that manufacturers represent more than 30 percent of all attacks against United States critical infrastructure and critical manufacturing. The ratio must be similar in other industrialized countries including Canada.
SMBs do not have the human and monetary resources of utilities but it can adapt some of its measures and tools. This is why CATAAlliance is launching an initiative on cyber-physical security in the manufacturing sector with the objective of contributing to a necessary knowledge transfer.
Out of the results, best practices will be defined in collaboration with research institutes and industrialists. We will show how industry pioneers have incorporated these best practices into their standard procedures and processes.
What are your thoughts and guidance to help advance our Cybersecurity mission?
Jean-Guy Rens is Senior Partner, Sciencetech.com and serves as CATA VP (Quebec) helping to advance Canadian innovation and enterpreneurship research studies and advocacy.
Interact with your Innovation Peer Group Now
The Canadian Advanced Technology Alliance (CATAAlliance) is Canada’s One Voice for Innovation Lobby Group, and is crowdsourcing ideas and guidance from thousands of opt in members in moderated social networks in Canada and key global markets. (No Tech Firm Left Behind)