524,330 active members*
3,002 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Cyber-Security 4.0

September 2018
28
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Cyber-Security 4.0

Much has been written about the unbridled optimism brought on by the so called 4th Industrial Revolution (a.k.a. Industry 4.0) and the unprecedented cyber-related risks facing manufacturers given the increasing digitization of industry. The story was reported once again as a result of a recent survey conducted by EEF, a trade organization representing the manufacturing and engineering sectors in the UK and the EU, in partnership with AIG and conducted by The Royal United Services Institute (RUSI).

According to the report, nearly half of manufacturers surveyed have been victims of cyber-crime, with the manufacturing sector now being the third most targeted for attack after the government and financial sectors. The report revealed that 41% of companies do not believe they have access to enough information to even assess their true cyber risk, and 45% feel that they do not have access to the right tools for the job.  Furthermore, 12% of manufacturers admitted that they have no technical or managerial processes in place to even start assessing the true risks.

Manufacturing is considered to be an attractive target as there are vulnerabilities in both operating systems and industrial control systems that can be easily exploited. The report cited two well publicized breaches where production systems were infiltrated and severely disrupted after hackers gained access to their IT systems via unprotected office software.

The first incident cited occurred in August 2017, when a petrochemical manufacturer in Saudi Arabia was infected with malware that investigators believe was not simply designed to steal data or shut down operations but potentially to cause a catastrophic explosion. The attacker targeted operational technology in the form of industrial control systems rather than the more traditional focus on information technology. The malware overrided the facility’s safety system that was designed to stop automated equipment from going beyond safe operating conditions. The attack was not intercepted by the existing cyber security measures and failed only because the developers of the malware had made an error in the code that caused the systems to simply shut down safely.

The second representative incident occurred in late 2014 when an attacker used sophisticated social engineering and spear-phishing tactics to hack into a German steel mill’s office computer network. Attackers took control of production software and made it impossible to turn off a blast furnace, resulting in massive damage to the foundry. The attacker, who is believed to be an industry insider or someone working with an insider, had specific knowledge of the production processes involved so that maximum damage could be done to the mill. The company’s systems were specifically vulnerable because the office network was connected to the industrial control system, allowing the attackers to effectively take control of production.

Statistics brought forth in EEF’s report, like many others before it, continue to raise awareness of vulnerabilities inherent in the Internet-connect Industry 4.0 environment and the need for manufacturers to put cyber-security measures in place.

An interesting side-note in the report was the recognition that stakeholders along the supply chain as well as end users are becoming increasingly aware of cyber-risks as well. 59% of manufacturers reported that they have already been asked by a customer to demonstrate or guarantee the robustness of their cyber-security processes, and 58% have asked the same of a business within their own supply chain. Increasingly, the report notes that cyber-protection measures are becoming part of contractual arrangements. That doesn’t bode well for the 37% of manufacturers who reported that – as of today - they could not demonstrate good cyber-hygiene to arm themselves with the tools necessary to provide such assurances.

One of those tools, however, is readily available today. Wibu-Systems’ CodeMeter technology provides protective measures for software-driven industrial controllers. Manufacturing equipment, from entire plants to individual machines, rely on the use of individual or multiple integrated control systems, typically including a combination of both hardware and software that plant engineers use to program the desired application. You can learn more about these industrial controllers and mechanisms to protect them in our white paper, CodeMeter in the Automation Industry: A Win-Win Opportunity for Producers of Machinery and Control Systems.

0 comments

Blog Archiv

July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016