Speaking at RSA 2018 in San Francisco Ed Cabrera, chief cybersecurity officer at Trend Micro, examined the attack surface of smart factories and industrial robots.
Cabrera explained that for smart factories increased automation, increased connectivity and increased complexity, combined with the increased attack sophistication of adversaries, lead to increased risk.
To outline the real-life threats that smart factories face as a result, he considered the likelihood and impact of five attack scenarios that are possible when the weaknesses in smart factories and robot architectures/implementations are exploited.
The first is plant disruption, something that we saw in 2017 with the Mirai botnet attacking South America and countries in Africa.
The second is digital extortion, something that has become very prevalent with the number of ransomware families growing greatly over the last few years. “There’s definitely a return on investment going on in the digital underground with digital extortion,” Cabrera said, “and this is a scenario that is only going to grow.”
The third attack scenario that he considered is that of physical damage, and whilst this is perhaps less likely or frequent than other scenarios, “the impact can be very high with loss of life, property disruption, etc.”
Next is production line process interference, and from a motivational perspective this is an attack scenario that would appeal to hacktivist groups and criminal enterprises.
Lastly is sensitive data exfiltration, “that is attacks going after sensitive data for corporate espionage or nation state [motives]. The likelihood of that is high and activity does happen.”
To conclude, Cabrera discussed ways to mitigate and defend against these types of risks, suggesting that increased visibility, prevention, detection, response and collaboration will result in risk reduction.
To achieve that, he advised taking the following three steps:
- Framework first: align IT/OT risk management with business goals, strategies and objectives
- Design a sound framework: understand CIA AIC = risk resilience, red teaming exercises, prevention through IT/OT security configuration and architecture, detection through joint SOC/NOC fusion centers, response through joint IT/OT IR teams and collaboration
- Partner early and often