Sunday, November 13, 2016

Latest manufacturing advances create new vulnerability to cyber threats

A number of recent reports have pointed out the vulnerability of manufacturers to cyber threats. Small manufacturers are an important part of the manufacturing supply chain and simply do not have expertise and resources to take proactive preventive actions against sophisticated cyber threats. These vulnerabilities can be exploited to cause disruptions to the supply chain. 

The introduction of advanced manufacturing technologies is expected to revolutionize manufacturing, enable innovation, and create new businesses. However, emerging manufacturing technologies will create new vulnerabilities from the cyberattack perspective. Here are representative examples of vulnerabilities created by the introduction of new manufacturing technologies.
  • Digital Manufacturing: The manufacturing sector has moved away from paper–based blueprints and has embraced digital models. 3D models are being used to manage design and manufacturing processes and speed up the product development process. However, the reliance on digital data and models creates new vulnerabilities during cyberattacks.
  • Network-Connected Machines: The Internet of the Things is revolutionizing manufacturing by finding applications in prognostics and health management, on-line process monitoring, and process optimization. It is expected to increase manufacturing resource availability, reduce energy and water consumption, and fundamentally alter the ways manufacturing equipment gets maintained and serviced. However, a machine connected on the Internet can be a target for a hacker.
  • Cloud-Based Services: Cloud based services are increasingly being used to exploit big data related technologies to make sense of the data being generated by manufacturing enterprises. It can be leveraged to make smart decisions and improve the operational performance of the organization. However, the need to transfer data back and forth between the cloud and the manufacturing equipment creates new vulnerabilities.
  • Automation: The use of robotic manipulators, 3D printers, and automated guided vehicles is expected to increase productivity in the manufacturing sector. These technologies can be run untended for days at a time. These technologies can not only reduce operational cost, but also offer new functional capabilities. For example, 3D printers can be used to fabricate designs that would have been impossible to make using traditional manufacturing methods. The absence of human operators means that tempering of the machine by a hacker is likely to go unnoticed for a considerable period of time and can cause serious problems.
  • Miniaturization: Modern products increasingly use miniaturized subsystems. This delivers improved performance and packs many functions in a single product (e.g., smart phones). To meet this need, today’s manufacturing technology is able to create very small features. This also means that malicious tampering is very hard to detect. For example, a hacker can insert small features in a part being built on a high resolution 3D printer. Such features will be very difficult detect.
  • Complexity: Modern manufacturing is a complex network consisting of hardware, software, and people connected over the network. This complexity will make it difficult to secure manufacturing enterprises from cyberattacks and detect an attack in progress in a timely manner.
Cyberattacks on a manufacturing enterprise can cause serious problems. The following list presents representative examples:
  • Cyberattacks can be used to steal proprietary information and product designs.
  • Activities in a factory can be monitored to develop reconnaissance on planned future missions and capabilities without even the need for stealing the product data.
  • The digital data being used by the factory can be altered to make subtle changes in the products. These changes can sabotage the products or provide backdoor entry into the product.
  • A hacked robot or automated guided vehicles can simply run around on the factory floor at a high speed and cause major damage to the expensive equipment on the shop floor in a matter of few minutes. A sensor reading can be modified during the process control loop execution and can be used to cause serious damage to the equipment and the product being made.
  • A critical machine can be simply shut off by a hacker and cause major production disruptions. This can have a significant crippling impact on the downstream supply chain.
  • Critical information and data stored on a computer can be corrupted and rendered useless. This can lead to the loss of critical knowledge and trade secrets.
  • Infected machines and robots can cause physical injuries to people in the factories.
  • Infected machines can trigger fire and other environmental hazards for the nearby residential communities.
  • Shutting down of a factory by a cyberattack can have significant economic impact on the local community as many members of the community (e.g., food vendors, retailers) rely on the factory workers for their livelihood.
Significant progress has been made in the field of Cyber Security for Information Technology based systems. Securing manufacturing enterprise from cyberattacks presents many new challenges. Machines and equipment used on factories have a long life (e.g., 20 to 30 years). They have limited memory and computing power and often unable to run the latest security software. Upgrading them frequently is economically not viable. The strategy of simply shutting down a machine in the middle of an expensive build is also not practical as it will lead to significant waste. Most small manufacturing companies do have people with the right expertise to monitor and recognize cyber threats. The physical aspect of a manufacturing enterprise means that simply taking a machine off the network will not contain the damage. The robot may continue to move and keep causing physical damage despite being off the network.

Making manufacturing enterprises safe from cyberattacks is a challenging task. It will require developing new cyber-physical security technologies and training people to combat cyberattacks and take proactive measures to secure the equipment. Manufacturing companies will need to build a culture that ensures that people take appropriate preventive measures to reduce vulnerability to cyberattacks. The presence of WiFi-connected smart phones and smart watches on the factory floors poses a major challenge to securing the factory network.