The next thing the world's cyber attackers target may be factory security. With the spread of IoT, factories are also changing to an environment connected to the outside world. What is the current state of factory cybersecurity? Here are some examples and countermeasures.
Unleash Your Potential - Namagunga Girls Coding Club
Will factory cybersecurity keep up with the accelerating IoT.docx
1. Will factory cybersecurity keep up with the
accelerating IoT?
Factory cybersecurity has never been so important. However, in recent years, the attack on this "hole"
has become prominent,anditsimportance hasrapidlyincreased.Whatare the connectionsbetweenthe
two that have not beenthoughtabout inthe past,such as manufacturingsitesandcybersecurity?Learn
why factory cybersecurity has become so important and what to do.
Whyfactory cybersecuritybecame so important
Why is factory cybersecurity so important now? There is a reason why the world's flow is making a big
difference even in the manufacturing industry.
The changing state of a "factory"
Many factorieshave made "makinggoodthings"atoppriorityasamanufacturingsite.The mainpurpose
of the PCs used in the factory site was to use parts lists and in-house software, and in many cases, the
companyusedapersonal computerinthe officeforexternal interactions.Inthisway,factorieshavebeen
in a closed environment in a network.
However, IoT has changed this dramatically. The global trend of IoT introduction is also pouring into
manufacturing sites, and information obtained from all devices and sensors is becoming involved in
environments connected to the Internet.
For example, visualization using IoT and smart factories that convert the entire factory into IoT are
representative examples of factories using IoT. Nowadays, many factories are aware of IoT, and it is
natural to connect with the outside world.
Awareness of cybersecurity
Evenbefore the factorywasconnectedtothe outside world,itwasnatural thatthe officehadanexternal
connection.That'swhy awarenessof cybersecuritywasingrainedearlyonin the office.However,unlike
such an office environment, factoriesthathave operatedonthe assumptionthattheyare not connected
tend to have a weak perception of cybersecurity.
A PLC (programmable logic controller), also known as sequencer, has been a central part of factory
automation(FA).Itcanbe said thatthe ideathatPLCisacontrol-onlymachinethatonlysendsinstructions
to the equipment is deep-rooted, and the idea that security is necessary for PLC is not pervasive.
In addition,inthe fieldwhere thereisnomechanismtograspandrecordthe overall configurationdue to
frequent line changes, there are cases where security awareness has not reached. In order to prioritize
continued operation, the strong sense of refusal to stop is also considered to be a weakness.
What happenswhen cybersecurityistargeted?
Asit is,ioThasspreadandcybersecurityissueshave surfacedasitpermeatesvariouspartsof the factory.
Here are some examples that actually existed.
In-time investigation by Trend Micro
How many cybersecurity measures do you actually need in today's world?
2. To find out the answer, trend micro, a leading security product company, investigated factory
cyberattacks.The investigationistocreate a"decoyfactory"thatappearstoexist,andtoinvestigatehow
often and what kind of attacks are being carried out there.
We used actual equipment such as Siemens, Rockwell Automation, and Omron for the "ottori factory",
and prepared a website as a company and a list of employees. It also reproduces the condition that the
PLC remains in its default settings and allows external connections for remote support, as is common in
real factories.
When the "manri factory" was put into operation, there were 30 attacks in 240 days, six of which were
similar to affecting the productivity of the factory. The study found that factories can also be
cyberattacked and their production activities themselves can be damaged.
Global metals giant infected
There have been cases where cyberattacks have impacted productivity on a global scale.
In March 2019, a production facility management system was infected with malware at Norsk Hydro, a
leadingglobalaluminumcompany,affectinglocationsaroundthe world. Massive damageandshutdowns
occurred at 170 locations in 40 countries around the world.
It is estimated that this caused about 8.25 billion yen. This attack is called ransom-driven ransomware.
The companyannouncedthat it didnot intendto complywiththe ransomdemand,and the systemwas
restored by backup, and some of the damage was filled with the insurance it had subscribed to.
11 factories suspended production, in-house systems disabled
OnJune 8, 2020, a cyberattackonHonda'sinternal networksystemcausedextensivedamage.Production
was halteddue tofailuresat11 plantsin the U.S.,Turkey,India,Brazil,andotherplants. More than 30%
of the world's 30 factories have been shut down.
The company has announced that it has also affected its internal and e-mail systems for inspecting
finishedvehicles. In the 2010s, the insulity of working from home has spread even greaterly due to the
inehestible access to files and the ine available emails.
Ransomware, designed to pinpoint the company's core systems, is also attracting attention for the
possibilitythatthere maybe agroupof ransomtargetsdirectlyatcompanies.The incidentalsohighlighted
the increased cyber risk as remote work increases.
Many companies do not have cybersecurity departments
In2019, A U.S.-JapanconsultingfirmandITcompanyjointlyresearchedthe cybersecuritydepartmentsof
control systems.Accordingto thisreport,26% of listedcompaniesinJapanandunlistedcompanieswith
sales of 40 billion yen or more do not have jurisdiction.
Before cybersecurity measures were taken, the reality that large companies often did not even have
departments that take cybersecurity measures came to light.
To increase security
In this way, cyberattacks on factories are actually occurring, and cybersecurity measures are urgently
needed. We must catch up and overtake ioT, which is already widespread to some extent. What is
necessary as a cybersecurity measure for factories?
Recognize the difference between security importance and the office
Keepinganideaof the statusquo isa veryimportantgatewaytoaddressingsecurityissues.Inparticular,
you should be aware that factory and office security measures must be done in different processes.
Infactoriesthatcannotbe stoppedfromoperation,itisverydifficulttoimmediatelydisconnectterminals
that are likely to be problematic, which is very different from the measures taken in the office. By
3. understandingwhichpartsare detachable,whatosisintroducedinwhichparts,andwhatkindof network
is built, it is possible to take measures from another direction.
Understand and manage external connection points
Banning the bringing of personal computers and connecting USB memory sticks is common sense
measures that are natural for IT companies that are always conscious of cybersecurity. However, these
basic measures may not be pervasive in factories.
It is important to manage these external connection points and to have a firm understanding of the
environment in which you can connect to the Internet.
From a business continuity plan (BCP) perspective, it is easy to think that limiting connectivity reduces
business continuity, but it is not the original BCP only because it increases risk. It is very dangerous to
think about keeping the storage and connection locations more acceptable.
It is also a countermeasure toconsiderrebuildingthe control systemthat is completedinthe fieldso as
not to connect to the outside, or to realize a limited operating environment by introducing edge
computing. These measures and risk aversion lead to an actual BCP.
Establish specialized teams and create countermeasure flows with a sense of risk
It is also importantto knowwhat kindof cybersecuritydamage itactuallycan leadto, includingthose in
charge of the field.
After assuming and understanding the risks, we will set up a department in the jurisdiction of
cybersecurity and establish a specialized team.Create a daily management flow and a response flow in
the eventof aproblem,andsetupanexperttoconsulttoavoidhittingadeadendinemergencyresponse.
You must also set how much the problem will be asked by an external expert when it reaches.
In an era where factoriesare exposedto cybersecuritychallenges
We introducedthe importance andsizeof the riskof cybersecurityatthe factory,the examplesthatwere
actually met and the necessary measures.
Many manufacturing sites have already introduced IoT, and it is not possible to reduce external
connectivity to zero. The use of IoT is creating significant productivity, but when we look at the entire
manufacturingindustry,cybersecuritymeasureshave notcaught up withioTpenetration.Because itisa
factory where continuous operation is a priority, it is necessary to reconsider cybersecurity.
Simple and secure edge computing