The rise of robotics, automation, the Industrial Internet of Things (IIoT) and Industry 4.0 enabling technologies are changing the status quo of modern manufacturing systems and global supply chains. These technologies fuel a new wave of productivity and efficiency improvements through a connected mesh of cyber-physical systems. The interconnected nature of these systems also increases the attack surface for potential malicious activity. As cyber-physical systems continue to evolve, the threats associated with malicious attacks are not limited to information technology (IT) resources. Malicious actors are increasingly targeting operational technology (OT) resources with attacks that impact the physical assets of a system.
In recent years, several high-level data breaches involving consumer personal information have marked the headlines. While these cyberattacks are cause for concern, they are only one type of threat that manufacturing systems and supply chains face. More sophisticated threats targeting physical resources pose a risk to assets, infrastructure and the people associated with these systems. In addition, potential attacks could also target the products created through these systems or disrupt these systems through interference at critical points. The variety of attack targets and potential impacts highlight the challenges of protecting cyber-physical systems from malicious activity.
Attacks are no longer targeting just data
The evolution of malicious attacks on modern manufacturing systems and connected supply chains requires recognizing the cyber and physical nature of these systems. Yampolskiy provides a convenient approach to classify attacks targeting cyber-physical systems1. Their approach deconstructs an attack into the domain that an attack targets (what element of a system is influenced) and the domain that an attack affects (what element of a system is victimized). Malicious attacks can target either cyber or physical elements and impact either a cyber or physical resource.
A recent trend in cyberattacks is perpetuating an attack through an entire connected supply chain. The SolarWind’s hack discovered in 2020 was a high-profile example of a supply chain attack targeting a widely used network management system2. Attacks targeting a broader supply chain are expected to increase in frequency as they can leverage a weaker link in a supply chain to gain access to other organizations.
Ransomware attacks continue to disrupt production environments and, in some cases, completely shut down operations for some time. This type of attack does not necessarily need to target a production resource but instead targets the critical data or set-up files that a production resource relies upon. The Wannacry ransomware attacks of 2018 caused multiple major manufacturing companies to temporarily halt production to counter the spread of the worm3-5. More recently, the Colonial Pipeline ransomware attack in 2021 caused a preventative shutdown of essential pipeline resources to contain the spread6. These attacks illustrate the fragility of physical production systems that rely on specific information or resources to maintain operations.
Attacks intending to cause disruption or damage to physical infrastructure pose significant risks. The Stuxnet attack in 2010 that compromised Iranian centrifuges by targeting a Siemens programmable logic controller is one of the first known attacks causing damage to a physical system7. A Saudi Arabian petrochemical plant was targeted in 2018 with an attack intended to sabotage critical operations resulting in an explosion8. Fortunately, the attack was intercepted before any damage was caused. These attacks target cyber assets but victimize a physical resource in a facility and represent a new level of risk for manufacturing systems and supply chains. How organizations think about security must change to combat these evolving cyber threats.
Security challenges of manufacturing systems and supply chains
According to the annual IBM Security report, the manufacturing industry was ranked as the second most attacked industry in 20209. The volume of attacks targeting manufacturing systems and supply chains is only one aspect of the challenge in protecting these systems. The intent of an attack against a cyberphysical system can have various objectives ranging from stealing intellectual property, obtaining information about the production process, disrupting production, affecting product integrity, or even causing damage to resources in the system.
Developing strategies to combat such a large volume and wide range of attacks must involve protecting the traditional IT resources and the OT resources and their supporting systems. The prevalence of legacy systems in manufacturing complicates OT security efforts. Many legacy systems are based on outdated operating systems with known security vulnerabilities. Another common challenge with legacy systems is those built on proprietary software platforms or software versions that cannot be updated without breaking the system’s functionality.