Factory cybersecurity has never been so important. However, in recent years, the attack on this “hole” has become prominent, and its importance has rapidly increased. What are the connections between the two that have not been thought about in the past, such as manufacturing sites and cybersecurity? Learn why factory cybersecurity has become so important and what to do.
Why factory cybersecurity became so important
Why is factory cybersecurity so important now? There is a reason why the world’s flow is making a big difference even in the manufacturing industry.
The changing state of a “factory”
Many factories have made “making good things” a top priority as a manufacturing site. The main purpose of the PCs used in the factory site was to use parts lists and in-house software, and in many cases, the company used a personal computer in the office for external interactions. In this way, factories have been in a closed environment in a network.
However, IoT has changed this dramatically. The global trend of IoT introduction is also pouring into manufacturing sites, and information obtained from all devices and sensors is becoming involved in environments connected to the Internet.
For example, visualization using IoT and smart factories that convert the entire factory into IoT are representative examples of factories using IoT. Nowadays, many factories are aware of IoT, and it is natural to connect with the outside world.
Awareness of cybersecurity
Even before the factory was connected to the outside world, it was natural that the office had an external connection. That’s why awareness of cybersecurity was ingrained early on in the office. However, unlike such an office environment, factories that have operated on the assumption that they are not connected tend to have a weak perception of cybersecurity.
A PLC (programmable logic controller), also known as sequencer, has been a central part of factory automation (FA). It can be said that the idea that PLC is a control-only machine that only sends instructions to the equipment is deep-rooted, and the idea that security is necessary for PLC is not pervasive.
In addition, in the field where there is no mechanism to grasp and record the overall configuration due to frequent line changes, there are cases where security awareness has not reached. In order to prioritize continued operation, the strong sense of refusal to stop is also considered to be a weakness.
What happens when cybersecurity is targeted?
As it is, ioT has spread and cybersecurity issues have surfaced as it permeates various parts of the factory. Here are some examples that actually existed.
In-time investigation by Trend Micro
How many cybersecurity measures do you actually need in today’s world?
To find out the answer, trend micro, a leading security product company, investigated factory cyberattacks. The investigation is to create a “decoy factory” that appears to exist, and to investigate how often and what kind of attacks are being carried out there.
We used actual equipment such as Siemens, Rockwell Automation, and Omron for the “ottori factory”, and prepared a website as a company and a list of employees. It also reproduces the condition that the PLC remains in its default settings and allows external connections for remote support, as is common in real factories.
When the “manri factory” was put into operation, there were 30 attacks in 240 days, six of which were similar to affecting the productivity of the factory. The study found that factories can also be cyberattacked and their production activities themselves can be damaged.
Global metals giant infected
There have been cases where cyberattacks have impacted productivity on a global scale.
In March 2019, a production facility management system was infected with malware at Norsk Hydro, a leading global aluminum company, affecting locations around the world. Massive damage and shutdowns occurred at 170 locations in 40 countries around the world.
It is estimated that this caused about 8.25 billion yen. This attack is called ransom-driven ransomware. The company announced that it did not intend to comply with the ransom demand, and the system was restored by backup, and some of the damage was filled with the insurance it had subscribed to.
11 factories suspended production, in-house systems disabled
On June 8, 2020, a cyberattack on Honda’s internal network system caused extensive damage. Production was halted due to failures at 11 plants in the U.S., Turkey, India, Brazil, and other plants. More than 30% of the world’s 30 factories have been shut down.
The company has announced that it has also affected its internal and e-mail systems for inspecting finished vehicles. In the 2010s, the insulity of working from home has spread even greaterly due to the inehestible access to files and the ine available emails.
Ransomware, designed to pinpoint the company’s core systems, is also attracting attention for the possibility that there may be a group of ransom targets directly at companies. The incident also highlighted the increased cyber risk as remote work increases.
Many companies do not have cybersecurity departments
In 2019, A U.S.-Japan consulting firm and IT company jointly researched the cybersecurity departments of control systems. According to this report, 26% of listed companies in Japan and unlisted companies with sales of 40 billion yen or more do not have jurisdiction.
Before cybersecurity measures were taken, the reality that large companies often did not even have departments that take cybersecurity measures came to light.
To increase security
In this way, cyberattacks on factories are actually occurring, and cybersecurity measures are urgently needed. We must catch up and overtake ioT, which is already widespread to some extent. What is necessary as a cybersecurity measure for factories?
Recognize the difference between security importance and the office
Keeping an idea of the status quo is a very important gateway to addressing security issues. In particular, you should be aware that factory and office security measures must be done in different processes.
In factories that cannot be stopped from operation, it is very difficult to immediately disconnect terminals that are likely to be problematic, which is very different from the measures taken in the office. By understanding which parts are detachable, what os is introduced in which parts, and what kind of network is built, it is possible to take measures from another direction.
Understand and manage external connection points
Banning the bringing of personal computers and connecting USB memory sticks is common sense measures that are natural for IT companies that are always conscious of cybersecurity. However, these basic measures may not be pervasive in factories.
It is important to manage these external connection points and to have a firm understanding of the environment in which you can connect to the Internet.
From a business continuity plan (BCP) perspective, it is easy to think that limiting connectivity reduces business continuity, but it is not the original BCP only because it increases risk. It is very dangerous to think about keeping the storage and connection locations more acceptable.
It is also a countermeasure to consider rebuilding the control system that is completed in the field so as not to connect to the outside, or to realize a limited operating environment by introducing edge computing. These measures and risk aversion lead to an actual BCP.
Establish specialized teams and create countermeasure flows with a sense of risk
It is also important to know what kind of cybersecurity damage it actually can lead to, including those in charge of the field.
After assuming and understanding the risks, we will set up a department in the jurisdiction of cybersecurity and establish a specialized team. Create a daily management flow and a response flow in the event of a problem, and set up an expert to consult to avoid hitting a dead end in emergency response. You must also set how much the problem will be asked by an external expert when it reaches.
In an era where factories are exposed to cybersecurity challenges
We introduced the importance and size of the risk of cybersecurity at the factory, the examples that were actually met and the necessary measures.
Many manufacturing sites have already introduced IoT, and it is not possible to reduce external connectivity to zero. The use of IoT is creating significant productivity, but when we look at the entire manufacturing industry, cybersecurity measures have not caught up with ioT penetration. Because it is a factory where continuous operation is a priority, it is necessary to reconsider cybersecurity.