• News List

  • Smart Factory Security Part 1: Looking at the impact of poor cybersecurity in factories


Smart Factory Security Part 1: Looking at the impact of poor cybersecurity in factories


Through internet of things (IoT), traditional factories are becoming smart factories. Cybersecurity threats in factories and the necessity of establishing countermeasures will be explained in two parts. This first part explains cybersecurity threats in factories and the necessity of establishing suitable countermeasures.

Smart factories brought by the Fourth Industrial Revolution

The term “Industry 4.0” that originated from Germany is not a new concept. This movement, also called the Fourth Industrial Revolution, began as a German national policy. However, in the US, the same line of thinking has been producing smart factories under the name of “Industrial Internet.”

Until the end of the 20th century, production was automated as a result of the Third Industrial Revolution. Now, the Fourth Industrial Revolution utilizes IT and IoT technologies across a broad range, striving to realize a connected factory—the smart factory.

By handling the machineries that were not managed in the past by IoT technology, smart factories enable the conditions of machines in the factory to be uniformly monitored in real-time. This enables the factory as a whole to run efficiently, which in turn creates an environment that produces maximum profits.

Fig 1: Transition to Industry 4.0

Figure 1. Transition to Industry 4.0

One of the challenges for smart factories is cybersecurity

In smart factories, the system (which was previously in a closed network environment) is connected to other systems, machineries, and networks. Additionally, as standardization continues, the use of open networks is expected to increase. This shift poses a significant challenge to security.

Factories were previously run using a closed network with no external connections. The consensus was that they were sufficiently secure. As such, security measures, particularly within factories, remained mostly underdeveloped. In addition, when it comes to actually rolling out countermeasures, the financial and operational aspects are far from trivial matters, and are believed to be one of the reasons for creating a high hurdle.

Security incidents in factories

So were there no security problems in factories until now?

ICS-CERT in the United States releases security incident reports in the Industrial Control System (ICS) field and they show that the number of reported incidents on critical infrastructures is increasing annually.

Fig. 2: Transition of the number of critical infrastructure incidents in the United States

Figure 2. Annual number of reported critical infrastructure incidents in the United States

Source: ICS-CERT https://ics-cert.us-cert.gov/Other-Reports

Do note that the data presented here only comes from reported security incidents. Considering those that have yet to be reported, it is believed that the actual number of victims is even higher.

Fig. 3: Number of critical infrastructure incidents dealt with in FY 2015 in the United States

Figure 3. Number of critical infrastructure incidents by sector for FY 2015 in the United States

Source: ICS-CERT https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2015_Final_S508C.pdf

Fig. 4: Level of critical infrastructure incidents in FY 2015 in the United States

Figure 4. Depth levels of critical infrastructure incidents for FY 2015 in the United States

Source: ICS-CERT https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2015_Final_S508C.pdf

Figure 3 illustrates the number of reported incidents by sector. A large percentage of security incidents are in the manufacturing- and energy-related sectors; however, it is clear that incidents have occurred across a wide range of sectors.

Figure 4 illustrates the systems attacked, divided into levels. In most cases, the attacks were discovered in demilitarized zones (DMZ) or office networks, where the damages had low impact and were deemed level 1. However, it is worth noting that 22% of security incidents (level 6) occurred in the most critical internal system.

These damages include cases in which malware infiltrated the factory by accident. But there have also been a number of reported cases that systems within a factory were intentionally targeted. For example, the media has reported on significant damages caused by STUXNET in 2014, and attacks on a German iron mill in the same year.

As these reports show, it is necessary to regard security threats to factories as something that is currently happening. According to a Trend Micro research, 23.1% of manufacturers reported that they had experienced a security incident in their manufacturing and production environments between January 2015 and June 2016.

How should the need for security measures be approached?

In the cases Trend Micro studied, it was revealed that many of the computers involved were using old operating systems, since they were still functional and would only be changed unless necessary. It was also revealed that in many cases, information system departments were not involved with machinery in factories. As a result, it was confirmed that vulnerable systems were being used without the requisite security measures.

If measures were not applied and a security incident similar to the examples mentioned above were to occur, a factory’s entire operations could come to a halt and result to serious damages to the business. It is important to recognize that if no security measures are taken, it will take a significant amount of time to recover from such incidents. In addition to recovery costs, the losses suffered during the downtime may also increase.

Predictive maintenance will be further developed in smart factories with the implementation of the IoT. However, just as the conditions of machinery equipment must be monitored and problems be prevented in advance, security measures must also be prepared ahead to prevent security incidents.

The necessity of security measures from a business continuity plan (BCP) perspective

As a traditional factory transitions into a smart one, many of its machines will get connected to different networks. This makes the factory network more open to hacking, information gathering campaigns, and other types of malicious attacks. For that reason, security measures for smart factories should be approached from a business continuity plan (BCP) perspective. Doing so will no longer make attacks unforeseeable. As a first step, factories must take stock of their current security measures and consider if they are satisfactory or not.

Hara Seiki
Hara Seiki

Trend Micro Inc.
Senior Manager

Joined Trend Micro in 2001. After joining the company, as a pre-sales engineer, we mainly propose products for large companies and the public. Also responsible for launching new services for individuals and corporations. Since 2012 I am engaged in security measures for control systems. He is also a member of the Control System Security Center, the Virtual Engineering Community. Currently, IoT Business Promotion Headquarters established since 2016 is working on spreading IoT security from the technical aspect.

Recommended Video

IoT Devices as Jumping-off Points for Cybercrime: Trend Micro Security Predictions for 2018

Company Information

Security Blog