1 Smart Attack Can Spawn a Zillion Dumb Attacks

The advantages of plant connectivity are prompting manufacturers to network out to their customers and suppliers, but that makes everyone vulnerable to attack.

Rob Spiegel

July 13, 2016

4 Min Read
1 Smart Attack Can Spawn a Zillion Dumb Attacks

While cybersecurity has become a nasty headache for manufacturers, the value of connectivity is too advantageous to ignore. The benefits of connectivity just grow with time: improved time-to-market, cash-saving efficiencies on the plant floor, and enhanced customer and supplier relations when they are brought into the network loop. Yet the dangers are also growing. With your customers and suppliers connected, an attack can risk damage to the entire supply chain. This is part one of a two-part article.

This diagram shows the range of cybersecurity protections required for plant and enterprise safety.
(Source: Siemens)

At the Siemens Automation Summit last month in Las Vegas, Pranav Saha, a cyber security expert from Booz Allen Hamilton, explained the benefits and the dangers of plant connectivity. “Cyber matters, and it matters well beyond automation,” Saha told Design News. “So you need protection on the lowest level of the plant floor and up into the network layer of the plant, even out to multiple plants.” Although that implies vulnerabilities to attacks, Saha believes connectivity is still a must for companies. “Cyber connectivity enables innovation. It enables gains such as increased revenue and reduced costs -- that’s why we’re doing it.”

One of the difficulties in developing cyber protection over manufacturing networks is the language barrier of cybersecurity. “Cyber is a different language from manufacturing. It’s the IT language of routers and firewalls,” said Saha. “Cyber fits into the business language of risk management, including mitigating risk with insurance. This is not the network language of sensors and drives.” That means IT has to get involved in plant networks and that typically clashes with the plant’s control team.

ATX Minn logoYour Data. Get It. Protect It. Practical information on embedding sensors in 3DP, automation & inventory control, big data as a diagnostic tool, cloud storage and security risks, and more in the Industry 4.0: Smart Strategies for Data Collection and Protection track at Automation Technology. Sept. 21-22, 2016 in Minneapolis. Register here for the event, hosted by Design News’ parent company UBM.

Saha noted that cyber protection for manufacturers has grown far beyond a firewall around the plant. “The cyber security problem is an ecosystem. We’ve been protecting the laptops and protecting the server room. Then we started to think about hardening the network,” said Saha. “It has always been an issue in the IT system but now it’s also an issue in the plant.”

You’re Connected. Now What?

Not very long ago, the plant was a silo, separated from the business network. The only way to attack was through USB sticks or via employees who used plant laptops to go out to the Internet for music. That’s changed. “We’re looking at the manufacturing environment and it is beginning to look more and more like a network,” said Saha. “The plant is in the scope of cyber attackers because we’ve connected it for just-in-time inventory and analytics. The connectivity increases our efficiencies and our reach to suppliers and customers, but it also makes us vulnerable.”

Saha noted that excessive security is not necessary if the plant is not connecting to the outside world. Yet more and more, plants are connecting outward. “You shouldn’t do security for security’s sake. You should do security because you want to be a business that’s connected,” said Saha. “You connect to be close to your customer. You connect so you can do speed-to-market faster than your competitor. You really want to think about manufacturing advances when you create a network. Then that requires security.”

One Brilliant Attack Can Multiply

It takes a brilliant hacker to crack a protected network, but it can be done. The real danger is when that savvy hacker sells the brilliant program to anybody -- smart or dumb -- on the Internet. “Only one person has to invent the attack, and then it gets packaged,” said Saha. “Not all attackers have to be brilliant, only the first one. Then the hack gets duplicated and sold on the Internet. The attack gets easier to use by those who are not as skilled.”


In many ways a plant network breech is more dangerous than a compromised enterprise network. “With IT, the hacker may be able to get corporate information, but if the hacker can crack into the industrial control system, that hacker can shut the plant down or change the color of the paint on automotive vehicles,” said Saha.

Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.

About the Author(s)

Rob Spiegel

Rob Spiegel serves as a senior editor for Design News. He started with Design News in 2002 as a freelancer and hired on full-time in 2011. He covers automation, manufacturing, 3D printing, robotics, AI, and more.

Prior to Design News, he worked as a senior editor for Electronic News and Ecommerce Business. He has contributed to a wide range of industrial technology publications, including Automation World, Supply Chain Management Review, and Logistics Management. He is the author of six books.

Before covering technology, Rob spent 10 years as publisher and owner of Chile Pepper Magazine, a national consumer food publication.

As well as writing for Design News, Rob also participates in IME shows, webinars, and ebooks.

Sign up for the Design News Daily newsletter.

You May Also Like