The push toward Industry 4.0 has introduced interconnectivity to industrial equipment such as computer numerical control (CNC) machines, a staple of factory floors that enables manufacturing companies to mass-produce complex products with great precision and speed. But in doing so, it has also exposed these machines to new potential threats. These threats span a range of attack scenarios, including:
Attacks that could cause damage
Malicious actors could tamper with a CNC machine’s internal configuration state or parameters to influence the machine’s behavior in such a manner as to damage the machine, its parts, or the piece under production.
Cybercriminals looking to sabotage a production site could carry out attacks meant to impede its operations by altering a CNC machine’s functionalities, such as its tool management system, or by triggering alarms.
Attackers could alter the tool compensation parameters of a CNC machine or manipulate the logic of parametric programs to introduce microdefects, creating defective parts or components of interest for the attackers.
Attackers could misuse loose network protocols and functionalities to exfiltrate confidential program code or sensitive production information.
In our five-part video series, titled “Industry 4.0 at Risk,” we take an in-depth look at the security hazards to CNC machines that come with the adoption of the transformative technologies that have been ushered in by Industry 4.0.
Our research paper “The Security Risks Faced by CNC Machines in Industry 4.0” provides an extensive technical analysis of the emerging threats from which manufacturers might have to protect their CNC machines. In response to the findings of our research, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the Cybersecurity and Infrastructure Security Agency (CISA) released advisories to raise awareness of these cyber risks in Haas and Heidenhain CNC controllers.
To shield their CNC machines from attacks, manufacturing companies should take cybersecurity measures such as:
Using context-aware industrial intrusion prevention and detection systems (IPS/IDSs)
These systems can help manufacturers monitor traffic in real time in relation to their CNC machines’ industrial protocols, so that they can better distinguish legitimate work requests from potentially malicious activity.
Architecting their networks properly, along with standard security technologies like virtual local area networks (VLANs) and firewalls, is essential if manufacturers are to limit the exposed interfaces that could be abused by cybercriminals.
Proper patch management
Manufacturers should keep their CNC machines, modern models of which now come with operating systems and use complex software, up to date with patches to deter malicious actors from exploiting critical vulnerabilities.