TXOne Networks
Software : Operational Technology : Cybersecurity
Never trust, always verify. TXOne safeguards your OT operation with OT-native solutions, protecting assets for their entire life cycle.
Assembly Line
๐๐ In-Depth Analysis of Cyber Threats to Automotive Factories
We found that Ransomware-as-a-Service (RaaS) operations, such as Conti and LockBit, are active in the automotive industry. These are characterized by stealing confidential data from within the target organization before encrypting their systems, forcing automakers to face threats of halted factory operations and public exposure of intellectual property (IP). For example, Continental (a major automotive parts manufacturer) was attacked in August, with some IT systems accessed. They immediately took response measures, restoring normal operations and cooperating with external cybersecurity experts to investigate the incident. However, in November, LockBit took to its data leak website and claimed to have 40TB of Continentalโs data, offering to return the data for a ransom of $40 million.
Previous studies on automotive factories mainly focus on the general issues in the OT/ICS environment, such as difficulty in executing security updates, knowledge gaps among OT personnel regarding security, and weak vulnerability management. In light of this, TXOne Networks has conducted a detailed analysis of common automotive factory digital transformation applications to explain how attackers can gain initial access and link different threats together into a multi-pronged attack to cause significant damage to automotive factories.
In the study of industrial robots, controllers sometimes enable universal remote connection services (such as FTP or Web) or APIs defined by the manufacturer to provide operators with convenient robot operation through the Control Station. However, we found that most robot controllers do not enable any authentication mechanism by default and cannot even use it. This allows attackers lurking in the factory to directly execute any operation on robots through tools released by robot manufacturers. In the case of Digital Twin applications, attackers lurking in the factory can also use vulnerabilities in simulation devices to execute malicious code attacks on their models. When a Digital Twinโs model is attacked, it means that the generated simulation environment cannot maintain congruency with the physical environment. This entails that, after the model is tampered with, there may not necessarily be obvious malicious behavior which is a serious problem because of how long this can go unchecked and unfixed. This makes it easy for engineers to continue using the damaged Digital Twin in unknown circumstances, leading to inaccurate research and development or incorrect decisions made by the factory based on false information, which can result in greater financial losses than ransomware attacks.
๐ Digital Twins: The Benefits and Challenges of Revolutionary Technology in Automotive Industries
With the advent of Industry 4.0, an increasing number of organizations have implemented digital twin technology to optimize their performance, enhance their educational initiatives, or facilitate advanced maintenance. Even the automotive industry has readily embraced this transformational technology. However, organizations must acknowledge that the adoption of digital twin technology may simultaneously expose them to potential cyber threats. Thus, securing digital twins within an organization should be viewed as an essential priority, on par with their implementation.
One of the challenges of implementing digital twin technology is maintaining consistency between the physical and virtual twins. In the case of a model corruption attack, it can be difficult to detect the issue, as developers may not notice the problem until they inspect the repository or run jobs on an infected digital twin. Running an infected digital twin not only leads to inconsistencies, but it can also compromise the CPS, as the malicious code sent by the infected twin may cause additional harm.
๐๐ฆพ Anatomy of Robots: Cybersecurity in the Modern Factory
In highly networked modern factories and complex robotsโ operating modes, attackers have the opportunity to use more diverse methods to carry out cyberattacks on robots, particularly in the case of manufacturers who do not take product cybersecurity issues seriously. This complacency creates opportunities for attackers that break into a factory to easily compromise these devices. When robots are successfully attacked, in addition to directly causing the factory to halt the manufacture of products, this tampering will also affect the safety of peopleโs lives due to the nature of close cooperation between co-bots and humans. With this in mind, using past and current robotics cybersecurity literature and research as reference, we will analyze the following potential attack scenarios for robots.