Long before the Internet age began, security flaws were discovered and exploited in computers. First the data within the computer itself was attacked, and soon computers connected to the network were attacked. Historically, cybersecurity threats have existed in tandem with advances in information technology and cybersecurity defenses such as antivirus software. Once computers were connected to the Internet and started exchanging data, cybercrime and the mechanisms to prevent it changed significantly.
In 1988, a computer science graduate student at Cornell University released an Internet-based computer worm that infected approximately 6,000 Internet-connected mainframes, minicomputers, and workstations with malicious code that affected computer performance. was reduced to its lowest level. His motive, he later admitted, was “to prove that the current security measures on his network of computers were insufficient by exploiting the security flaws he had discovered.”[1]
In retrospect, this relatively innocuous cybercrime served as a precursor to the larger-scale cybercrime operations that followed. The digital transformation taking place on the internet and in all areas of life has given rise to well-conceived cyberattacks in the form of malicious viruses, network intrusions, malware, and ransomware. , data breaches, etc.
In the early days of the connected world, cybercriminals targeted computer information systems, networks, and personal computing devices to steal data such as passwords and login credentials, credit card and financial data, and even personal medical information. It was. A more publicized incident is Stuxnet. [2} in 2010, which was the first cyberweapon meant to cause physical damage. In this case, Stuxnet was thought to have destroyed 20 percent of the centrifuges used in Iran for creating its nuclear arsenal.
The 2017 WannaCry [3} ransomware attack affected approximately 200,000 computers in 150 countries, while the NotPetya [4] The attack occurred in Ukraine and destroyed thousands of computers in 60 countries. Manufacturing was also influenced by NotPetya. [5]a multinational food and beverage company, lost thousands of computers as a result of the attack, impacting its production facilities around the world as well as its ability to complete customer orders.
Impact on manufacturing
Although cyber-attacks are prevalent in almost every industry, manufacturing processes in particular stand out as a prime target for such threats, making it important for manufacturers to understand the risks posed by cyber-attacks and implement available protection measures. It has become essential to understand.
According to a 2022 study conducted by Barracuda Networks. [6]More than 90% admit to experiencing a security incident that had a significant impact on their organization in the past year. Reported incidents included a wide range of attacks, with web applications, malicious external hardware/removable media, and distributed denial of service attacks occurring most frequently.
With the massive digital transformation taking place in the manufacturing sector, the attack surface for cyber threats has expanded exponentially. This makes cybersecurity of paramount importance to manufacturers of all sizes, regardless of the level of digital transformation their companies are undergoing.
The explosive growth of digital transformation in the industrial sector, characterized by the term Industry 4.0, is at the heart of the cybersecurity debate regarding connected and smart manufacturers and digital supply networks. These smart systems are programmed to collect and share data, make decisions that trigger actions, and independently control processes. Additionally, new integration of artificial intelligence and machine learning technologies in industrial IoT applications such as machine vision, robotics, and predictive maintenance are making ever-growing amounts of critical data vulnerable and exposing industrial processes to further risks.
For example, additive manufacturing processes are beginning to integrate various AI and machine learning-based algorithms to exploit the full potential of 3D technology. The trained print model that grows from the machine learning process becomes the intellectual property of the manufacturer and must be protected from inadvertent modification or deliberate attack. There may be counterfeiters attempting to build similar systems by exploiting the original manufacturer's property. Or there may even be outright saboteurs trying to manipulate what the system can actually produce. [7]
A more egregious attack on continuous production lines is the manipulation of the output itself. For example, remote hacking could manipulate the settings of a robotic production process, leaving some bolts loose and others overtightened in the finished product. As a result, unsafe products can enter the market with the threat of costly recalls and lawsuits.
As Industry 4.0 technologies continue to evolve, the lines between operational technology and information technology will also blur. As critical manufacturing data moves outside the boundaries of the traditional factory, access rights and policies must be managed across the organization, inevitably leading to more closely aligned IT and OT environments.
The integration of IT/OT systems and processes enables new levels of manufacturing efficiency and productivity on the factory floor and adds new stakeholders to the security landscape. IT security teams and processes must incorporate the diverse real-time demands of a distributed industrial environment.
As IT/OT technology continues to evolve, so too will the nature and mechanisms of cybercrime that steal intellectual property, disrupt business operations, and otherwise wreak havoc. Cybersecurity technologies and preventive measures need to evolve as well, with cybersecurity design approaches built into new Industry 4.0 innovations, rather than just reacting to problems as they occur.
Marcellus Buchheit is co-founder and Chairman of the Board of WIBU-SYSTEMS AG in Karlsruhe, Germany. He currently resides in Edmonds, Washington and serves as President and CEO of Wibu-Systems USA, Inc.
Quote
- Morris Worm, Cornell University Committee Findings https://www.cs.cornell.edu/courses/cs1110/2009sp/assignments/a1/p706-eisenberg.pdf
- Stuxnet document https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf
- WannaCry ransomware attack https://www.vox.com/new-money/2017/5/15/15641196/wannacry-ransomware-windows-xp
- NotPeyta Attack https://www.wired.com/story/notpetya-cyber Attack-ukraine-russia-code-crashed-the-world/
- Attack on Mondelez by NotPeyta https://www.industrialcybersecuritypulse.com/facilities/throwback- Attack-the-notpetya-malware-causes-serious-damage-to-snack-giant-mondelez/
- The State of Industrial Security in 2022 https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf
- Software Turn: Improving 3D Printing Reliability, Industrial Print Magazine, April 2023 https://industrialprintmagazine.com/softwares-turn/
