{"id":16612,"date":"2020-05-12T08:00:00","date_gmt":"2020-05-12T07:00:00","guid":{"rendered":"https:\/\/www.engineernewsnetwork.com\/blog\/?p=16612"},"modified":"2020-05-11T15:28:29","modified_gmt":"2020-05-11T14:28:29","slug":"identifying-critical-industry-4-0-attack-methods","status":"publish","type":"post","link":"https:\/\/www.engineernewsnetwork.com\/blog\/identifying-critical-industry-4-0-attack-methods\/","title":{"rendered":"Identifying critical Industry 4.0 attack methods"},"content":{"rendered":"\n

Smart manufacturing is fast becoming mainstream, offering new levels of efficiency and the potential to add billions to the global economy through productivity gains.\u00a0<\/p>\n\n\n\n

Typically, when traditional attacks such as those involving malware hit a smart manufacturing system, they are visible as unexpected or blacklisted patterns in the network or host. <\/p>\n\n\n\n

But what would happen if an attacker was able to \u2018blend in\u2019 as legitimate network traffic or expected host activity?<\/p>\n\n\n\n

Cybersecurity solutions experts Trend Micro has released research describing how advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments.<\/p>\n\n\n\n

For this report, Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.<\/p>\n\n\n\n

\u201cPast manufacturing cyber attacks have used traditional malware that can be stopped by regular network and endpoint protection. However, advanced attackers are likely to develop Operational Technology (OT) specific attacks designed to fly under the radar,\u201d said Bill Malik, vice president of infrastructure strategies for Trend Micro. \u201cAs our research shows, there are multiple vectors now exposed to such threats, which could result in major financial and reputational damage for Industry 4.0 businesses. The answer is IIoT-specific security designed to root out sophisticated, targeted threats.\u201d<\/p>\n\n\n\n

\u201cPolitecnico di Milano is fully committed to supporting Industry 4.0 in addressing crucial aspects related to security and reliability of automated and advanced controls, especially as they gain relevance in all production sectors and increasingly impact business,\u201d said Giacomo Tavola, Contract Professor in Design and Management of Production Systems and Stefano Zanero, Associate professor in Advanced Cybersecurity Topics for Politecnico di Milano.<\/p>\n\n\n\n

Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. <\/p>\n\n\n\n

The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected.<\/p>\n\n\n\n

Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge. <\/p>\n\n\n\n

Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.<\/p>\n\n\n\n

The systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customisable IIoT devices. These are potential weak links in the security chain and could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.<\/p>\n\n\n\n

The report offers a detailed set of defence and mitigation measures, including:<\/p>\n\n\n\n