New ways to attack Industry 4.0

Researchers warn smart manufacturing users and security professionals to be aware of advanced hackers.

By Gregory Hale June 9, 2020

With the movement now to jump on the smart manufacturing bandwagon, users – and security professionals alike – should be aware advanced hackers can leverage unconventional, new attack vectors to sabotage these new environments, researchers said.

That is not to say manufacturers should not move forward with any plans, rather just a warning to be aware. Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage or financial gain.

“Past manufacturing cyber attacks have used traditional malware that can be stopped by regular network and endpoint protection. However, advanced attackers are likely to develop operational technology (OT) specific attacks designed to fly under the radar,” said Bill Malik, vice president of infrastructure strategies for Trend Micro. “As our research shows, there are multiple vectors now exposed to such threats, which could result in major financial and reputational damage for Industry 4.0 businesses. The answer is IIoT-specific security designed to root out sophisticated, targeted threats.”

“Politecnico di Milano is fully committed to supporting Industry 4.0 in addressing crucial aspects related to security and reliability of automated and advanced controls, especially as they gain relevance in all production sectors and increasingly impact business,” said Giacomo Tavola, contract professor in design and management of production systems and Stefano Zanero, associate professor in advanced cybersecurity topics for Politecnico di Milano.

Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can end up used to input malicious code, traverse through the network, or steal confidential information without detection.

Though the design and deployment of smart manufacturing systems are meant for isolation, seclusion is eroding as IT and OT converge. Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.

The systems and machines that could end up taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customizable IIoT devices. These are potential weak links in the security chain that could end up exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.

There has been an increasing shift among organizations in the manufacturing industry from static deployments toward connected and dynamic setups using reconfigurable modular plants. In line with this, there is a need for them to adjust their security policies away from the assumption that endpoints or machines within a manufacturing plant should automatically be trusted, and to opt for a more granular approach instead.

With this in mind, researchers said organizations should take concrete steps toward protecting their systems:

  • At the network level, there should be deep packet inspection that supports the relevant OT protocols for spotting anomalous payloads.
  • For endpoints, there should be periodic integrity checks in order to receive alerts for any altered software components.
  • For IIoT devices, code signing should be required. However, it should not be limited to the final firmware alone but should also include any other dependencies to protect them from third-party libraries that could be hiding malicious functions.
  • Risk analysis for automation software should be tailored as needed. In systems where collaborative robots work side by side with humans, for example, safety should be implemented at the firmware level.

This article originally appeared on ISSSource. ISSSource is a CFE Media content partner.

Original content can be found at Control Engineering.

Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector.