Cyber Attacks: What Should Manufacturers Do?

As the use and dependence on computers and software grow, so do the threats facing businesses of being hacked or becoming a victim of ransomware, where a company is locked out of a system until they pay a ransom. In some cases, even if a company pays the ransom, it may still experience irreparable damage to its systems, network and reputation.

According to the Federal Bureau of Investigation’s Cyber Crime Compliant Center (IC3), ransomware is one of the biggest and most frequent threats to businesses in the United States. In addition, the number of complaints and financial losses is staggering. In 2021, IC3 received 847,376 complaints, a record number and a 7% increase from the previous year. Of these complaints, top cyber-attack categories were ransomware, business email compromise (BEC) schemes and criminal use of cryptocurrency. To say cybercrime is a real threat is an understatement.

Of the 847,376 complaints mentioned above, IC3’s BEC complaints alone totaled an estimated $2.4 billion lost. In those that had a ransomware attack, studies have shown that 50% to 80% of organizations pay the ransom, and some entities fall victim again. Even if a company does not pay directly for cyber attacks, there are undoubtedly indirect costs—tasks become more manual, systems being down lead to operational downtime and production volume is decreased. Like a domino, this can affect everything down the supply chain.

Even after implementing cybersecurity measures, periodic reviews and evaluations are always recommended.

Cybersecurity incidents increase as industries add real-time data capabilities and electronic devices to their network. Adding more devices and capabilities all come with risks and additional vulnerabilities. When more personnel can access information on a network, it makes it easier for cybercriminals to find entry points into a system. Each new device on a network means another entry point for the criminal.

Another common vulnerability is human error. Starting with detailed cybersecurity processes and procedures can help lower this risk.

Also, many manufacturing facilities operate with outdated systems. These have built-in vulnerabilities because they may no longer be supported. Some programmable logic controllers (PLCs) and control systems may not be secure by design. Facilities must either build security or protect the programs with other controls. 

Each vulnerability gives cybercriminals easy access to systems, leading to more risk.

Creating a cybersecurity plan starts with developing a framework plan. It should allow for flexibility for future changes and assess your risk. Interstates often begins development of a cybersecurity plan based on industry frameworks. We also work to modify existing IT security policies to fit within the OT (operations technology) environment.

Once this framework is ready, consider these six practical items to help implement your cybersecurity practices:

Cybersecurity is an ongoing journey. Completing these six steps can lead to more robust security, but companies should review it regularly. Facilities need to continually be on the lookout and not become complacent regarding cyber protection.

Cybersecurity Resource Information

Brandon Bohle is a Cybersecurity Systems Analyst and team lead at Interstates, a certified member of the Control System Integrators Association (CSIA). For more information about Interstates, visit its profile on the Industrial Automation Exchange.

The new technology that is making cars easier for criminals to steal, or crash

Sydney, Aug 10 (The Conversation) There is much talk in the automotive industry about the "internet of vehicles" (IoV). This describes a network of cars and other vehicles that could exchange data over the internet in an effort to make transportation more autonomous, safe and efficient.

The IoV could help vehicles identify roadblocks, traffic jams and pedestrians. It could help with a car's positioning on the road, potentially enable them to be driverless, and provide easier diagnoses of faults. It's already happening to some extent with smart motorways, where technology is used with the intention of managing motorway traffic in the most effective manner.

A more sophisticated IoV will require even more sensors, software and other technology to be installed in vehicles and surrounding road infrastructure. Cars already contain more electronic systems than ever, from cameras and mobile phone connections to infotainment systems.

However, some of these systems might also make our vehicles prone to theft and malicious attack, as criminals identify and then exploit vulnerabilities in this new technology. In fact, this is already happening.

Security bypass Smart keys are supposed to protect modern vehicles against theft. A button on the key is pressed to disable the car's immobiliser (an electronic device that protects the vehicle from being started without a key), allowing the vehicle to be driven.

But one well-known way to bypass this requires a handheld relay tool that tricks the vehicle into thinking the smart key is closer than it is.

It involves two people working together, one standing at the vehicle and the other close to where the key actually is, such as outside its owner's house. The person near the house uses the tool that can pick up the signal from the key fob and then relay it to the vehicle.

Relay equipment for carrying out this kind of theft can be found on the internet for less than £100, with attempts often being carried out at night. To protect against them, car keys can be placed in Faraday bags or cages that block any signal emitted from the keys.

However, a more advanced method of attacking vehicles is now increasingly being adopted. It is known as a "CAN (Controller Area Network) injection attack", and works by establishing a direct connection to the vehicle's internal communication system, the CAN bus.

The main route to the CAN bus is underneath the vehicle, so criminals try to gain access to it through the lights at the front of the car. To do this, the bumper has to be pulled away so a CAN injector can be inserted into the engine system.

The thieves can then send fake messages that trick the vehicle into believing these are from the smart key and disable the immobiliser. Once they have gained access to the vehicle, they can then start the engine and drive the vehicle away.

Zero trust approach With the prospect of a potential epidemic in vehicle thefts, manufacturers are trying new ways to overcome this latest vulnerability as quickly as possible.

One strategy involves not trusting any messages that are received by the car, referred to as a "zero trust approach". Instead, these messages have to be sent and verified. One way to do this is by installing a hardware security module in the vehicle, which works by generating cryptographic keys that allow the encryption and decryption of data, creating and verifying digital signatures in the messages.

This mechanism is increasingly being implemented by the automotive industry in new cars. However, it is not practical to incorporate it into existing vehicles due to time and cost, so many cars on the road remain vulnerable to a CAN injection attack.

Infotainment system attacks Another security consideration for modern vehicles is the onboard computer system, also referred to as the "infotainment system". The potential vulnerability of this system is often overlooked, even though it could have catastrophic repercussions for the driver.

One example is the ability for attackers to use "remote code execution" to deliver malicious code to the vehicle's computer system. In one reported case in the US, the infotainment system was used as an entry point for the attackers, through which they could plant their own code. This sent commands to physical components of the cars, such as the the engine and wheels.

An attack like this clearly has the potential to affect the functioning of the vehicle, causing a crash – so this is not just a matter of protecting personal data contained within the infotainment system. Attacks of this nature can exploit many vulnerabilities such as the vehicle's internet browser, USB dongles that are plugged into it, software that needs to be updated to protect it against known attacks and weak passwords.

Therefore, all vehicle drivers with an infotainment system should have a good understanding of basic security mechanisms that can protect them from hacking attempts.

The possibility of an epidemic of vehicle theft and insurance claims due to CAN attacks alone is a scary prospect. There needs to be a balance between the benefits of the internet of vehicles, such as safer driving and an enhanced ability to recover cars once they are stolen, with these potential risks. (The Conversation) AMS

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

Cybersecurity for Small to Mid-Sized Manufacturers

Cybersecurity is not just a concern for large industrial organizations. Though such companies may be the initial target of cyber-attacks, the proliferation of malware puts every company at risk.

To help address the cybersecurity needs of small and mid-sized manufacturers with limited resources and budget, Industrial Defender has developed Phoenix, an all-in-one system specifically designed for environments with up to 200 endpoints. According to Industrial Defender, Phoenix provides an automated view of all operation technology assets and endpoint information including:

Phoenix combines passive means with agentless and active discovery methods for a more comprehensive dataset. Phoenix also enables security event management by providing event log data, network analytics through network monitoring and visibility into communication flows, and enterprise integration with flexible APIs (application programming interfaces).

“Attackers are increasingly targeting operational technology, and smaller organizations are especially vulnerable due to their limited resources,” says Jay Williams, CEO of Industrial Defender. “Smaller organizations often believe they won’t be targeted, but all users of operational technology are at risk of cyberattacks, whether they are the intended target or just caught in the blast radius.”

Industrial Defender notes that Phoenix can also scale into a network of enterprise-grade systems to support the user company’s future growth.