Technological advances in the industrial sector have moved from manual production lines to mass production via assembly lines, and finally to computers and automation. With the constant evolution of work methods, production sites are gradually being transformed into “smart factories”, a concept also called “Industry 4.0″.
Through the Internet of Things, computer systems monitor and control physical processes, and then return data collected in dashboards supervised by humans. When everything is working properly, the savings in time and manpower are huge. But is there a price to pay for such advances?
What is Industry 4.0?
Described as the next step in modern production, Industry 4.0 refers to the integration of physical and software components into OT (Operational Technology) environments. This merger brings together the Industrial Internet of Things (IoT), in real time via the wireless web (Cloud Computing), and IT systems that can monitor the physical processes of factories.
The fields of application are numerous, ranging from the creation of intelligent networks to the introduction of autonomous vehicles and the automation of factories. So many activities requiring little human intervention.
The benefits of Industry 4.0 are appealing.
In hostile work environments (dust, heat, toxic substances, etc.), health and safety risks could be mitigated, if not eradicated, by eliminating human intervention. Similarly, the implementation of continuous monitoring and computer-assisted assessment, which are much more effective than mere human vigilance in identifying problems before they become serious, would result in greater efficiency and greater efficiency. productivity.
Unfortunately, as always, changing the working methods is not without consequences.
Lessons learned from Mirai
A malicious program using IoT as an attack vector, Mirai showed how lax security measures can be detrimental. In October 2016, an attack on DNS services rendered several major websites inaccessible. Consumer IoT devices, including digital recorders, surveillance cameras, and routers, have all been compromised by malicious code that uses unmodified default login credentials (usernames and passwords ) to hijack these devices and create a botnet. This botnet was then used to launch a DDoS attack against the Dyn provider, making Amazon, Twitter, PayPal, Spotify and other major websites inaccessible.
Brickerbot is another example of malware targeting IoT devices. It’s goal: to turn them into unusable “bricks”.
With Industry 4.0, physical input terminals all incorporate IoT technology and are in turn integrated into the login credentials database. It is precisely this integration that is problematic. It leaves the door open to hackers who can then access IoT devices and create a cyberarsenal to attack the network, compromise internal management systems or launch attacks on the Internet.
In 2016, the pirates attacked the control system of a drinking water plant and modified the chemical composition of water. Before that, in late 2015, it was discovered that cyber-hackers had compromised the control system of a dam in the state of New York. Other pirates have used the famous Stuxnet computer worm to sabotage the control systems used by the Iranian nuclear program.
The compromise of computer systems can have disastrous consequences: loss of profits, loss of profits, irreversible damage to the reputation of the brand, potentially devastating threats to people and property.
What are the warning signs to watch for?
Currently, different types of attacks regularly hit businesses in all sectors. Very few are made public, by design or not.
Imagine that a component suddenly stops working for an unexplained reason in a factory. It is likely that one does not immediately think of a cyberattack. Rather, we will look for a malfunction, equipment that has naturally arrived at the end of its life, material of poor quality or even a simple human error. There are nine chances out of ten that the incident is benign. But how can we be sure that this is not a more serious problem? Without the ability to monitor, capture and analyze events to understand exactly what happened, it’s impossible to dismiss the trail of a cyberattack.
The problem is that it is extremely difficult to identify an attack within an OT environment. Why ? Because few monitoring services comparable to those offered to modern businesses are available for OT environments. There is also a certain lack of rigor, even in environments where network traffic is captured. Many companies are completely focused on restarting systems and do not bother to explore the vast amounts of data they have to determine the exact cause of the problem.
Best practices in cybersecurity
With the advent of Industry 4.0 working methods, cybersecurity is becoming increasingly important. As cybercriminals continue their activities and seek to compromise connected IIoT devices, condemning these backdoors becomes the priority.
Here are the top four cybersecurity best practices to reduce the risk of hacking IoT devices:
- Default login credentials: Mirai and Brickerbot viruses are the perfect illustrations of the dangers of using default usernames and passwords. Before connecting a device, be sure to reset the login credentials.
- Application of patches: When vulnerabilities (Zero day) are identified in the code of a software, updates are published. Businesses need to determine how to implement and deploy them on the affected devices within the environment.
- Network Mapping: You must establish a complete mapping of the network. This includes defining the links between the OT and the IoT, as well as the risks inherent in the processes.
- Resource Identification: Identify processes and resources critical to the operation of the business, as well as potential threat vectors.
- Draw a map detailing the processes and correlate it with the network mapping for a complete view. You can not manage the risks to resources you do not know about.
- Upgrading skills: You need to understand the changes in the working methods of ” blue collar workers “. Many of these people now use technology to do their jobs. It is therefore important to make them aware of the cyber threats they are exposed to. For example, technicians working on heating, ventilation and air conditioning systems should not insert a USB key without first ensuring that it does not contain any malware and that its operating system is up-to-date.
Cyberwar is not just a fight on a battlefield : it attacks a country’s power grid, its production sites, and its utilities. Threat writers constantly test the reactions of their targets and perfect their attacking techniques to break through the defenses set up. It is an ongoing process of intelligence gathering, and an endless cycle of attack and defense.
Piracy of a country’s key resources can significantly hinder its operation. Companies must absolutely fight against the compromise of their IoT devices to prevent them from becoming cyberarsenal.