In the era of Industry 4.0, there has been increasing adoption of smart manufacturing technologies by organizations looking to improve their manufacturing efficiency. While this has provided plenty of benefits, such as enhanced productivity at lower costs, it has also introduced new attack vectors that can be exploited by threat actors looking to gain a foothold in or move laterally across smart manufacturing facilities.
Smart manufacturing systems are designed to be isolated from the corporate network and the outside world. Nevertheless, there is the possibility that attackers will use other, more unconventional methods to compromise systems. The feasibility of attacks that use these methods and their repercussions for targeted organizations were what we sought to determine in our research.
Given that a smart manufacturing setup can be incredibly complex and involve a large array of technologies and disciplines, we decided to focus on a specific aspect of security: attack models wherein threat actors who have gained access to different parts of the system use these entry points and targets to expand their reach.
To do this, we needed to get up close to an actual smart manufacturing environment. This allowed us not only to study the inner workings of the production process, but also to simulate the production of goods so as to see where the weak points lay. For our analysis, we partnered with Politecnico di Milano, the largest technical university in Italy, to gain access to the Industry 4.0 Lab, a research laboratory that manufactures toy cell phones using the same fundamental principles as full-fledged production floors.
A photo of Industry 4.0 Lab, the system that we analyzed during this research
What we found confirmed many of our theories on how attackers might remotely or indirectly compromise smart manufacturing systems.
The modular smart manufacturing system that we analyzed is made up of stations, each comprising at least three key components:
At the heart of the smart manufacturing system lies the manufacturing execution system (MES), a complex logic layer on top of a database that acts as the interface between the enterprise resource planning (ERP) system and the physical plant.
Threat actors can target a combination of these parts (or their own components) by taking advantage of the trust relations that they have within the smart manufacturing system.
The MES database stores sensitive data from the MES such as work orders and work templates. An MES database is implicitly trusted by the rest of the system, meaning that an attacker with access to either the network or an unauthenticated MES database can alter production by forging or changing the records within the database.
Data and software dependencies in the context of a smart manufacturing system
There has been an increasing shift among organizations in the manufacturing industry from static deployments toward connected and dynamic setups using reconfigurable modular plants. In line with this, there is a need for them to adjust their security policies away from the assumption that endpoints or machines within a manufacturing plant should automatically be trusted, and to opt for a more granular approach instead.
With this in mind, we enjoin organizations to take concrete steps toward protecting their systems:
At the network level, there should be deep packet inspection that supports the relevant operational technology (OT) protocols for spotting anomalous payloads.
For endpoints, there should be periodic integrity checks in order to receive alerts for any altered software components.
For IIoT devices, code signing should be required. However, it should not be limited to the final firmware alone but should also include any other dependencies to protect them from third-party libraries that could be hiding malicious functions.
Risk analysis for automation software should be tailored as needed. In systems where collaborative robots work side by side with humans, for example, safety should be implemented at the firmware level.
In addition, we believe that organizations should protect themselves not only from current threats but also from possible future threats by following the same levels of security implementation found in the secure coding practices and defenses of non-OT software such as mobile apps, web apps, and cloud environments. Organizations should focus their attention on improving their products and embedding them with secure functionalities. These include a full chain of trust for data and software within the smart manufacturing environment, detection mechanisms for recognizing vulnerable or malicious logic in complex manufacturing machines, and sandboxing and privilege separation mechanisms for software running on industrial machines and development environments.
In our research paper, “Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis,” we provide an in-depth discussion of the different entry points, targets, and attacks that threat actors could use against smart manufacturing systems, and of the consequences should these attacks be successful. Ultimately, we aim to provide insights to organizations that use — or plan to use — smart manufacturing technologies about how they can protect their current smart manufacturing systems and prime themselves for future threats.
Smart manufacturing systems are typically isolated from both the outside world and the corporate network. This means that attackers have to take unconventional approaches to be able to compromise these systems. In collaboration with Politecnico di Milano, Trend Micro Research explores the feasibility of a number of attacks and the impact they could have on affected systems.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.