Why Has Manufacturing Become a Cybersecurity Target?
With software tools to stage a cybersecurity attack becoming more easily available, it is important to know exactly what motivates would-be perpetrators, and what is at stake. The following are typical reasons why the manufacturing industry has become a key target:
- Theft of sensitive / competitive information: This includes information related to business processes, operational data, equipment configurations and capabilities, as well as personal information about employees. Such thefts represent embarrassment to the company, a loss of trust with customers and employees, and may damage business competitiveness, thereby are attractive targets for ransomware.
- Intellectual Property (IP): This includes design information, bill of materials as well as traceability data. Such theft is potentially very concerning, not only as a loss of business and technical advantage, but even a minor breach may represent the first move in a coordinated attack, leading potentially to operational disruption, as well as compromise of shipped products.
- Operational disruption / denial of service: This includes access to key systems that manufacturing are dependent upon, where tampering with data or instructions results in the inability for production to continue, whether being unable to operate machines, move materials, assign jobs, access operator documentation, gather required traceability data, or complete mandatory documentation.
- End-product compromise: In certain cases of breaches occurring, alterations may be made in certain parameters of machines or systems that ultimately manifest as unreliable automation, quality compromises, the occurrence of defects, or even the inclusion of compromised programming into devices. Such attacks also include the ability to change or hide data related to these activities, such that abnormalities go unnoticed. These cases can have a very significant impact on high-reliability connected products, the operation of which could be compromised in the field due to a vulnerability introduced during manufacturing.
The more “digital” the factory becomes, the more significant the consequences of any attack. Most manufacturing operations cannot operate efficiently without a significant degree of software-based automation, associated with machines themselves, as well as MES and other upper-level manufacturing software, as well as local IT and enterprise business systems. In order to maintain security and responsibility, care must be taken not only in the choice of vendors of commercial solutions, but also any additional work that has been required, including third-party middleware or software internally developed without secure development procedures in place.
IT Perspective: Standard Risks
Within any manufacturing company, fully documented IT policies should be in place. These must be managed in real-time, adapting as new threats emerge, with continuous training for employees. These policies should apply to the use of any IT equipment, anything that uses or accesses the associated “intranet” network infrastructure. There are many IT security tools available, such as advanced firewalls, anti-virus software, ransomware detection etc. that help block and identify threats and breaches as they happen. The main threats are caused by deviations from such policies by employees, where private Smart-phones, USB sticks, tablets or laptops may be used that are not secured, or even access to a website with hidden malicious code. Such devices may include hidden software, that appears to be an approved application, but is there to infiltrate paths allowed to that application in order to gain access to additional information. IT Teams are required to assess the cyber-security risk of applications and solutions that operate within the factory, as these often, due to their technical nature, require direct support from vendors. The use of complex solutions that involve third-party dependencies, that the vendor themselves are not in control of, represent a particularly high risk.
IT Perspective: The Shop-Floor
Machines and solutions on the shop-floor itself represent a very high risk for the introduction of breaches into the main intranet. Machines currently in use often have fixed conditions, such as a specific operating system and version, which may no longer be supported by security updates that the IT team can administer. Vendors’ own software is likely to include open interfaces and ports that make connections, for example for remote update, monitoring and maintenance, peer to peer data exchange etc.
On the software solution side, wherever use has been made of middleware, for example, that facilitates data exchange between machines and solutions, additional risks are created. By the nature of middleware, there are many entry and exit points within the software which are there to support a multitude of use-case conditions, many of which are not secured in each specific application. Vendors of such tools may also include remote access, monitoring, configuration and maintenance tools. Internally developed software also represents risk, as “back doors” that offer remote access for monitoring and debugging purposes represent vulnerabilities, especially where the developers of such solutions have left the company, leaving no one internally who can support it or take responsibility.
In a highly secure environment, that is, those operations that need to prevent compromise caused by potential cyberattacks, none of these risks are acceptable when connecting such machines or solutions to the IT network. For this reason, networks provided for the shop-floor are often isolated from the company intranet IT network, and also from the outside world. Only authorized IT team members should perform data transfers between networks. This presents a very significant barrier and challenge for data-driven, Smart manufacturing to be adopted.
Additional Cybersecurity Risks:
- Materials, sub-assemblies and products on the shop-floor can also represent a cybersecurity threat, especially materials and sub-assemblies that contain programming, or goods that are returned to the factory for repurposing, refurbishment or repair (MRO / RMA), as each of these may contain malicious code and connectivity functions.
- CAD & BOM Data: For the preparation of work-orders, paperless work instructions and machine programming data, only files that have been sent securely from a trusted source should be used. This applies to PCB design data as well as 3D-CAD for all mechanical / discrete assembly. Documents, lists, and data in other forms that are derived from the original design data should be avoided, as well as anything that was sent through email between different domains, as in these conditions, there is a significantly increased risk that the data could have been tampered with in order to create a cybersecurity issue either during manufacturing or within the finished product.
Do I Need To Implement A Blockchain Solution?
For data that is managed within the trusted intranet environment, protected by IT policies, there should not be the need for the use of blockchain in order to prevent the tampering of key data records. Trusted applications working in the manufacturing environment are time-sensitive, running in the live environment, transferring and processing large amounts of data as it is accrued, on which decision-making is continually based. The application of blockchain in this environment would typically represent a very significant overhead and bottleneck. In any effective blockchain implementation, many independent parties are required to participate, each incurring cost and responsibility, and hence compensation. Financial, as well as performance models, for internal manufacturing data to be protected by blockchain are extremely difficult to justify.
Blockchain is most useful in environments where data is shared with external parties, for example through the internet, or, in cases where third parties are routinely given access to the secure environment. The sole application of blockchain is to ensure that information related to physical items, linked through a specific crypto-anchor, such as an immutable ID of a product, is not tampered with. Significant resource and time are required in order to implement blockchain, which for manufacturing data, requires significant architectural planning and investment in order to be practical and viable.
The use of blockchain would therefore be expected only at the enterprise level, where data is being shared, and not for private data within the secure manufacturing environment.
Cybersecurity Breach Procedures Within Manufacturing
Aegis is working together with, and as part of the IPC-1792 Cybersecurity standard for manufacturing committee, due to be published in late 2021, which provides procedures, techniques and technologies covering what to do in the event of a cybersecurity breach within manufacturing. The focus is to identify and protect any products or materials that may have been affected by a cyberattack, in order to prevent potentially compromised products from reaching the market.
Why Select Aegis As Your Partner In Secure Manufacturing
The following are key reasons why Aegis and FactoryLogix are differentiated from other solutions in the market, from the perspective of security risk:
- Experience: A large proportion of our customer-base are companies who require the highest level of security related to their operations, data and products.
- Core Focus: Aegis Software as a company dedicated to the single core-value of data-driven manufacturing excellence, without conflict of interests or intentions from conflicting corporate divisions.
- Responsibility: Aegis develops all software in-house, within DFARS nations, in a peer-reviewed secure environment, without the use of third-parties or outsourcing.
- Middleware: There is no middleware included or required with Aegis’ software.
- Architecture: FactoryLogix uses the latest software technologies, to create a single IIoT-driven platform. solution, avoiding the need for legacy integrations that duplicate and distribute data internally in unsecure ways.
- Deployment & Support: Aegis uses internal teams for deployments, including installation, testing and commissioning of solutions, as well as training, consultancy and our award-winning customer support program.
- Secure IIoT Data Exchange: FactoryLogix is the first MES solution to include support of the IPC Connected Factory Exchange (CFX) messaging that is encrypted at source using TLS.
- Supply-Chain Authentication, Provenance & Traceability: Aegis is a key leader and contributor of IPC standards relating to traceability and the secure supply-chain (IPC-1782), as adopted by the US DoD, as well as the forthcoming IPC Component Level Authentication standard.
- Technology: Aegis is a Microsoft Certified Gold partner.
- Access Control: FactoryLogix features comprehensive user-access controls throughout the software, enabling key function authorization, audit trails, and isolation of data between customers.
Specific Recommendations For Highly Secure Manufacturing Environments
In operations requiring the highest security requirements, we recommend the following practices:
- FactoryLogix may be run:
- Within the isolated shop-floor network environment:
- Use FactoryLogix secure xTend interfaces to pass data to other secured applications.
- With network segmentation, with multiple separated FactoryLogix instances, to further isolate effects of any cybersecurity breach.
- Within the secure IT network:
- Utilize secure CFX as the only passable connection for data exchange between the shop-floor network and the intranet, using message content filtering applied to a single open port on an otherwise fully locked-down gateway, through which only authenticated CFX messages can pass. A filtering application should be developed by the internal IT team that specifically authenticates each encrypted CFX message. This is made possible by CFX having fully defined and readable message content, an open source SDK, and the use of an open source AMQP broker.
- Within a cloud environment:
- Though the ability exists to securely run FactoryLogix as a cloud-based application, this is not normally recommended in ultra-secure deployments.
- Our cloud hybrid environment, where the cross-factory data is aggregated in a central cloud server and mission-critical factory operations are securely maintained on-site, allows multi-site data analysis while maintaining security of the original data.
- Within the isolated shop-floor network environment:
- Incoming material Inspection:
- The use of FactoryLogix incoming material inspection is encouraged in order to identify any compromised materials as early as possible.
- Design & BOM Files:
- For the preparation of work-orders, paperless work instructions and machine programming, only files that have been sent securely from a trusted source should be used. This applies to all design data and BOM data, including 3D-CAD for all mechanical / discrete assembly. In the case of PCB design, we recommend the use of data sent formatted in the IPC-2581 single file format. The use of documents, lists, and data in other forms that are derived from the original design data should be avoided, as should anything that was sent through email between different domains.
- Sharing Data Between Sites / Instances:
- The data warehouse export facility can be used to securely share contextualized data from multiple instances of FactoryLogix, as well as other data sources.