The document discusses cybersecurity threats to industrial systems in the context of Industry 4.0. It begins with an overview of Industry 4.0 and smart factories, noting the benefits but also the increased risks due to greater connectivity and automation. Potential threat actors are identified as insiders, hacktivists, cybercriminals, terrorists, and nation-states. Examples are given of past incidents where nuclear facilities and power plants were hacked, in some cases causing physical damage. The presentation concludes with recommendations to adopt a zero-trust model, continually update systems with patches, and implement proactive protections like threat intelligence and IP reputation filtering.
2. Alexandre Darcherif
Holder of a dual qualification (Engineer degree from ENS IIE - Paris,
MBA from Manhattan College, New-York) and a first experience in
research and development on vehicles connected with the MIT
Medialab- Boston, Alexandre DARCHERIF is currently a Solution
Engineer at Akamai Technologies, world leader in Cybersecurity,
Cloud and Web acceleration.
Member of the Akamai IoT Center of Excellence, Alexandre can
exchange with the biggest French and European companies around
major issues related to the city of the future (Energy, e-Mobility,
Habitat, Industry). This allows him to have a 360° view of the
technological challenges of tomorrow, especially those of Industry
4.0. (design, deployment, security).
Alexandre Darcherif - EVF 2019 2
adarcher@akamai.com
Linkedin Profile
Website
4. OBJECTIVE OF THE PRESENTATION
The aim of this presentation is to present the threat landscape for
communication between Smart factories and their cyber system as modeled
in the concept of Industry 4.0
5. Agenda
1. High level overview of Industry
4.0;
2. Industrial Risk;
3. Cyber-security Threat actors;
4. Example of hacked factories;
5. Conclusion and
Recommendations.
Alexandre Darcherif - EVF 2019 5
6. Industry 4.0
One of the many concept of Industry of the Future : European view of the industry
First publicly introduce in 2011 as “Industrie 4.0” in Germany
German Federal government adopted the idea in its High-tech strategy for 2020
New way of organizing the means of production
Hold the promises to repatriate production in the territory and to lower manufacturing cost
Uses of self-optimization, self-cognition, and self-customization into the industry
Smart Factory, Cyber Physical System, Internet of things, Artificial Intelligence
Alexandre Darcherif - EVF 2019 6
8. A predictable
outcome would be
However,
everything will rely on
Near-real-time decision-making
process;
Near-real-time data transmission;
Secure Communication;
Network Availability.
Better factory productivity;
Better product quality;
Better energy efficiency;
More manufacturing jobs (however
different than today).
Alexandre Darcherif - EVF 2019 8
10. Why ensure security of Smart Factories ?
Threat Example Impact on the company Impact on Society
Intellectual Proprietary Theft Leakage of Blueprint, patent,
product pictures
High Low
Disastrous Disaster Explosion, terrorist act High High
Leakage of Information Leakage of Personal Identifiable
Information
Medium-Low High
Product Sabotage Non-authorized modification on
the building process of the
product leading to its non-usability
High Low
Production Sabotage Modification on the number of
product to be built
High Low
….
Alexandre Darcherif - EVF 2019 10
11. Against who ?
Insider
• Discontentment
or corruption
• Low level of
sophistication
• Medium-low
risk
Hacktivist
• Ideological
motivation
• Medium-Low
Level of
sophistication
• Low Level of
risk
CyberCriminals
• Profit motivated
• Medium-high
level of
sophistication
• Medium-low
level of risk
Terrorists
• Ideological
warfare
• Medium level of
sophistication
• Increasingly
high level of
risk
Nation-State
• Geo-political
• High level of
sophistication
• Risk is highly
dependent on
the country
Alexandre Darcherif - EVF 2019 11
12. What are the targets?
Physical Factory
Employees
Suppliers
Customers
Visitors
Datacenter – Brain/AI
13. Frequency of cyber-incident at Nuclear
Facilities
Nuclear and energy facilities are supposed to be the most secure factories because of the risk their
present for the life of citizen. Yet, many of them were hacked or hijacked in the past years.
Alexandre Darcherif - EVF 2019 13
14. Power Plant infected by worm from third
party
SERVICE
PROVIDER
SLAMMER BOT
INFECT
SPDS
FIREWALL
CONNECT
VERIFY
INFECT PROPAGATE
INFECT
(1)
(2)
(3)
(4)
(5) (6)
Slammer is a worm detected in 2003.
It spreads on the Internet exploiting a flaw in Microsoft SQL
servers.
In a few minutes, it infected around 75000 servers including
the Safety parameter display system (SPDS) of David-
Besse power station in the US.
Caused a major denial of service: two critical control
systems unavailable for 6 hours and inoperative safety
systems.
The plant was not targeted specifically but randomly infected
by Slammer.
The company had whitelisted a service provider making a
SPOF (Single Point of Failure)
The firewall successfully blocked the propagation of theAlexandre Darcherif - EVF 2019 14
15. Nation-State takes control of Iranian
Facility
Stuxnet was detected for the first time in 2009. It
remains the most complex and sophisticated
malware
The attack was launched to sabotage the centrifuges of
the uranium enrichment plant in Natanz, Iran.
Via an infected and unchecked USB key, the virus entered
the operational network.
This is the first targeted attack that required upstream
preparation.
Attack complex Siemens WinCC / PCS 7 SCADA software
systems (software for automation control and management, in
this case the speed of centrifuge rotations).
Stuxnet is the first attack that has hindered the functioning
of an infrastructure and damaged industrial facilities.
It is estimated that several hundred centrifuges have
been destroyed or disabled by this process.
USB KEY
LATEST
STUXNET
VERSION
SIEMENS’ ICS
COMPUTER
DECEIVE
&
DESTROY
INFECT(1)
UPDATE
SEARCH
&
COMPROMISE
RECORD
DATA FEED
CONTROL(2)
(3)
(4)
(5)
(6)
Alexandre Darcherif - EVF 2019 15
16. Intentional blackout at Ukrainian High-
voltage station
Industroyer targeted Ukraine in December 2016.
This is the first virus designed specifically to attack power
grids.
Industroyer (aka Crash Override) used
2 backdoors,
a module to launch DDoS attacks,
a wiper and 4 protocol flaws (IEC 60870-5-101, IEC 60870-5-
104, IEC 61850 and OPC DA) allowing communication with
the electricity network.
Its main component, a backdoor, has allowed hackers to
control power grid systems and to open the transformer’
breakers and generate a blackout.
Capable of attacking any network of European power plants
and relays. The biggest threat against industrial control
systems since Stuxnet.Alexandre Darcherif - EVF 2019 16
17. Conclusion & Recommendation
Absolute Security doesn’t exist, don’t assume a system is secure “by default”
Code Decay : A secure system today doesn’t mean that it will always be secure:
Always deploy a security patch when released.
Adopt the concept of Zero Trust :
Companies should stop giving corporate network full access to the employees or devices;
Employees should only be able to access applications that their role need;
Devices should only be able to communicate with specific applications within the cyber-system.
Create proactive protection:
Use Threat Intelligence to continually enhance the security posture of smart factories.
Use live feed of IP Reputation to block malicious request;
Alexandre Darcherif - EVF 2019 20