The Internet of Things (IoT) has evolved dramatically since its conception, and our world alongside it. The advancement of the IoT—including its subset the Industrial Internet of Things (IIoT)—has given way to the latest industrial revolution: Industry 4.0.
Industry 4.0 is the convergence of technological advancements like the IIoT, Artificial Intelligence (AI), and Machine Learning (ML). Inherent in Industry 4.0 is its connectedness, which comes from the IIoT—Add in the increasing adoption of AI and ML and you get the sophisticated, smart factories of today. This industrial revolution has seen an unprecedented increase in productivity and efficiency of manufacturing facilities, but it’s also created new opportunities for cybercrime.
Smart factories are a prime target for cybercriminals
As the technology that powers Industry 4.0 grows in sophistication, so do the attacks that target it. Manufacturing companies are at particular risk for cyberattacks by private hacking groups and nation-states alike, with expensive and potentially dangerous consequences.
In 2019, Norsk Hydro, a Norwegian-based aluminum manufacturer, was hit with the ransomware virus known as LockerGoga, which stalled operations company-wide. The company opted to not pay the ransom, and took weeks relying on manual processes to get back up and running before their files could be recovered. The attack was so extensive, that the S&P points to it as a significant supply chain disruption in 2019.
The expenses associated with recovering from a ransomware attack, especially when organizations follow the FBI guidelines of not paying the attackers in an effort to discourage them, are not unique to the ransomware attack suffered by Norsk Hydro.. In fact, ransomware attacks cost the U.S. an upwards of $7.5 billion in 2019 alone.
Of course, extorting money through ransomware isn’t the only goal for cyberattacks. Smart factories have increasingly become targets of cybercriminals who intend to cause physical damage and harm to the facilities they target. In 2014, an unnamed German Steel Mill suffered a spear phishing attack which compromised industrial control systems, causing a blast furnace to shut down improperly, resulting in massive physical damage to the furnace. Though the extent of the damage was never confirmed and no loss of life occurred, attacks targeting industrial control systems creates a dangerous scenario that puts lives at risk.
The inherent interconnectedness of Industry 4.0 leaves manufacturing sites more vulnerable than ever to cyberattacks, the consequences of which run the gamut from financial loss to potential loss of life. The increasing number of internet-connected devices presents an increasing number of opportunities for attackers to exploit software vulnerabilities in those systems.
Artificial intelligence and machine learning increase cybersecurity dangers
The same principles behind AI and ML that make them great when used as intended, make them even more dangerous when used maliciously. AI can be used by attackers to make sophisticated, intelligent attacks that are adaptable, self-propagating, and extremely difficult to detect. AI has been used by attackers to conceal malware codes, resulting in attacks that lie dormant for months after a system is infected, only becoming active when the impact of the attack would be maximized.
While AI can be beneficial in the cybersecurity sphere to detect and counteract cyberattacks, that same technology is being used by attackers to subvert cybersecurity measures in place. For example, attackers with some AI knowledge could create a malware that injects code containing false data that is then read by a security system using AI. When that data is fed into the AI algorithm, the pattern that the system is using to learn from is disrupted, meaning the bad instruction that the attackers carry out would be seen as perfectly normal to the security system.
It’s not just scary to think about attackers using AI/ML to execute attacks, it’s also scary to think about how they can hijack AI/ML machines to do their binding within a smart factory. As argued by Marcus Comiter in his paper for the Belfer Center for Science and International Affairs at the Harvard Kennedy School, the terrorists of tomorrow won’t need guns or bombs to cause damage and commit violence, they’ll just need a little bit of cyber know-how. Comiter points to the adoption of autonomous vehicles as a growing and tangible threat in which attackers can use AI within the vehicle to “poison” the system and install a backdoor, allowing the attacker to manipulate the system as they please.
Industry 4.0 requires a defense-in-depth approach
No single security solution is a catch-all. To deliver security, safety, and privacy to Industry 4.0, a defense-in-depth cybersecurity approach is necessary. Preventing attacks like LockerGoga from causing any damage requires organizations to look for solutions starting at the hardware-level, including measures like tamper protection and secure boot. From there, companies typically layer on software-based cybersecurity solutions, such as compartmentalization, encryption, and signature-based virus scanning.
However, these software layers may not be securing your systems as much as you may think. Because, as with all software, they contain bugs that attackers can exploit.
Fortunately, this can be solved by implementing an Enforcement-level solution, like Dover’s CoreGuard.
CoreGuard protects Industry 4.0
Dover’s CoreGuard technology is a hybrid hardware/software cybersecurity solution that is specifically designed to prevent the exploitation of software vulnerabilities. CoreGuard enforcement hardware acts as a bodyguard to embedded systems, monitoring every instruction executed to ensure they comply with a set of software-based security, safety, and privacy rules. If an instruction violates a rule, CoreGuard stops it from executing before any damage can be done.
CoreGuard's base set of micropolicies (Stack, Heap, and RWX) protects against the most common and severe types of software vulnerabilities, including 100 percent of buffer overflows and overreads, as well as code injection attacks.
In the case of a ransomware attack like LockerGoga, a CoreGuard-protected system would stop the ransomware attack in its tracks with our RWX micropolicy. This micropolicy works by blocking the execution of attacker-supplied instructions by labeling regions of memory as readable, writable, and executable. By labeling the region of memory that receives data from the network as non-executable, the RWX micropolicy would be able to stop the ransomware payload from being executed.
Additional micropolicies can be layered on top of CoreGuard’s base set to address the specific security concerns of Industry 4.0. For example, CoreGuard’s AI Integrity micropolicy provides protection against attackers who target the closed-loop controls present in AI-embedded systems. Let’s take a look at an autonomous vehicle within a smart factory.
Autonomous forklifts and cranes, often used in smart factories to shuttle pallets of supplies or products on the factory floor, have several closed-loop AI learning algorithms managing different systems, like the system responsible for speed and maintaining a safe distance between itself and other objects within its path. This closed-loop system takes encrypted data in the form of radar and/or lidar readings of the nearby objects, where the data is decrypted and fed into an AI algorithm, which then sends commands to the accelerator in the forklift to either speed up or slow down. As the data is decrypted, the AI system will perform digital signature checking, which ensures the data can be trusted.
In order to achieve their goal of causing damage to the forklift and those around it, a malicious attacker could exploit any common software vulnerability such as a buffer overflow to intercept that decrypted data before it can undergo the digital signature checking process. Once the attacker has access to the data, it can manipulate it in any way they want, such as changing the distance-related readings going into the algorithm—essentially manipulating it from a closed-loop to an open-loop system.
CoreGuard’s AI Integrity micropolicy prevents this from happening by ensuring that only trusted data can be written into the system. This is done by labeling data leaving decryption (after digital signature verification) as trusted. As data is copied to and from the memory of the system, this same trusted label is copied to the destinations of that data. CoreGuard enforces that only data with the “trusted” label is able to write instructions to and from the AI system.
If there is any attempt to write data without a trusted label, CoreGuard can send the entire system into a safe-mode and the malicious instruction will not be executed.
Industry 4.0 needs defense-in-depth
CoreGuard is just one of the cybersecurity mechanisms necessary to secure smart factories. To address all of the unique cybersecurity challenges of Industry 4.0, it is essential to use a defense-in-depth approach.
If you’d like to learn more about the different cybersecurity methods that support a secure Industry 4.0, download our white paper, The Cybersecurity Stack: How to Protect Embedded Systems with a Defense-in-Depth Approach