Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis

Smart manufacturing systems can be seen as the modern implementation of the totally integrated automation (TIA) concept that has been developed by Siemens since 1996. But such is the complexity of smart manufacturing systems that it is difficult, if not futile, to provide any “crisp” definition of them. From a security research standpoint, it is challenging to obtain access to a sufficiently generic, fully functioning system, deployed within realistic conditions, because the concept of a “generic” or “reference” smart manufacturing system does not really exist. Therefore, any security analysis — including this one — must be interpreted with a grain of salt: It is easy to jump to conclusions such as, “All smart manufacturing systems are unsecure,” or, worse, to view attack scenarios as ready-to-use best practices on “how to secure smart manufacturing systems.” In this research, our aim is to provide food-for-thought examples and use cases intended for concerned organizations and individuals to carefully contextualize in their specific settings.
Defending a smart manufacturing system is challenging because the environment itself is complex. Focusing on “keeping attackers out” is clearly important, but this has been the usual advice for decades, regardless of the system. Such an approach is not future-proof because there is a tendency toward increased connectivity and dynamic setups with modular plants that can be reconfigured as needed, as opposed to the classic, static deployments. This has an impact on security policies, which should be moving away from the assumption that every endpoint or machine within a manufacturing plant is trusted, leaving the floor open to a more granular approach. As we will show, network traffic coming from an industrial robot — to take just one example — may not be coming from trustworthy software because it might be malicious or it could have been exploited. The challenge is that there are currently no simple ways of authenticating and signing the software and data flowing into these complex systems, essentially because not all systems support such security requirements.

A photo of Industry 4.0 Lab, the system that we analyzed during this research

We will describe the scope of our analysis (an actual smart manufacturing system deployed in an Industry 4.0 research laboratory), the methodology we used during our research (a holistic, hands- on driven approach), the research angle we employed (focusing on concrete attack vectors in the hands of a forward-looking attacker), and some background concepts needed throughout this research paper.
Sponsored by Trend Micro
More resources by Trend Micro on our website here . 
Federico Maggi:
With more than a decade of research experience in the cybersecurity field, Federico Maggi is specialized in doing threat and security analysis on virtually any system. Federico has analyzed...