This document discusses cyber security challenges in the manufacturing industry. It provides background on the growth of internet connectivity and cyber attacks over time. Key points mentioned include that digitalization is driving industry 4.0 but also increasing security risks. Manufacturing is now one of the most frequently hacked sectors, with nearly half of all cyber attacks targeting small businesses. The document examines past significant cyber attacks like Stuxnet and those targeting Ukraine's power grid. It also notes that the majority of industrial organization's networks remain vulnerable to remote hackers. Finally, it raises important questions manufacturing executives should consider around protecting industrial control systems and networks from internet threats.
3. Digitalization is the basis …
Industry 4.0
... for the intelligent networking of business processes, things,
plants, components and people and is the key to future success.
6. World Wide Web was invented in 1989
The first-ever website went live in 1991
Facts
7. World Wide Web was invented in 1989
The first-ever website went live in 1991
Today there are more than 1.2 billion websites
Facts
8. World Wide Web was invented in 1989
The first-ever website went live in 1991
Today there are more than 1.2 billion websites
Data volumes online will be 50 times greater in 2020 than they were in 2016
Facts
9. World Wide Web was invented in 1989
The first-ever website went live in 1991
Today there are more than 1.2 billion websites
Data volumes online will be 50 times greater in 2020 than they were in 2016
A business will fall victim to a ransomware attack every 14 seconds by 2019,
increasing from every 40 seconds in 2017
Facts
10. World Wide Web was invented in 1989
The first-ever website went live in 1991
Today there are more than 1.2 billion websites
Data volumes online will be 50 times greater in 2020 than they were in 2016
A business will fall victim to a ransomware attack every 14 seconds by 2019,
increasing from every 40 seconds in 2017
The 5 most cyber-attacked industries in 2015-2018:
Healthcare, Manufacturing, Financial Services, Government, Transportation
Facts
11. World Wide Web was invented in 1989
The first-ever website went live in 1991
Today there are more than 1.2 billion websites
Data volumes online will be 50 times greater in 2020 than they were in 2016
A business will fall victim to a ransomware attack every 14 seconds by 2019,
increasing from every 40 seconds in 2017
The 5 most cyber-attacked industries in 2015-2018:
Healthcare, Manufacturing, Financial Services, Government, Transportation
The manufacturing industry is now one of the most frequently hacked sectors
Facts
12. World Wide Web was invented in 1989
The first-ever website went live in 1991
Today there are more than 1.2 billion websites
Data volumes online will be 50 times greater in 2020 than they were in 2016
A business will fall victim to a ransomware attack every 14 seconds by 2019,
increasing from every 40 seconds in 2017
The 5 most cyber-attacked industries in 2015-2018:
Healthcare, Manufacturing, Financial Services, Government, Transportation
The manufacturing industry is now one of the most frequently hacked sectors
Nearly half of all cyberattacks are committed against small businesses
Facts
14. Stuxnet: Targeting critical infrastructure
Quelle: ibtimes
First detection in 2010
Infected around 100.000 industrial
plants worldwide
Targeted to Iranian nuclear industry
Spread over service laptops, USB and
network
Attack routine only install and initiated
on certain Siemens PLC setups
Attacked PLC directly by changing
values
All changes are invisible to operators
Quelle: newscientist
https://en.wikipedia.org/wiki/Stuxnet
15. BlackEnergy trojan strikes again: Attacks
Ukrainian electric power industry
http://www.welivesecurity.com/
On December 23rd, 2015, around half
of the homes in the Ivano-Frankivsk
region in Ukraine (population around
1.4 million) were left without electricity
for a few hours.
Prykarpattya Oblenergo, a power
distributor that serves 538,000
customers, says 27 of its substations
went dead.
http://money.cnn.com/
http://money.cnn.com/2016/01/18/technology/ukraine-hack-russia/
http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/
16. CYBER THREAT LANDSCAPE IN UKRAINE
2014-2016
https://boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report
17. ICS SECURITY: 2019 IN REVIEW
73 percent of industrial organizations’
networks are vulnerable to hackers
(Positive Technologies testing in 2018),
Most vulnerabilities detected can be
exploited remotely without needing to
obtain any privileges in advance.
The research revealed 175,632 ICS
components accessible online.
https://www.ptsecurity.com/ww-en/about/news/
20. Internet-Facing Industrial Control Systems
https://www.shodan.io/
Rather than to locate specific content on a particular search
term, SHODAN is designed to help the user find specific nodes
(desktops, servers, routers, switches, etc.) with specific content
in their banners
22. Network security - Industrial vs Office IT
Preference Industrial IT Network Office IT Network
Priorities order
(availabilitiy, integrity, confidentiality)
Life Cycle (years)
Data communication (delays accepted, real
time?)
Network availability (losses accepted?)
Patch management (updates frequency)
Location of security hardware (decentralized
vs centralized)
IT security implementation level (low – high)
23. Network security - Industrial vs Office IT
Preference Industrial IT Network Office IT Network
Priorities order
(availability, integrity, confidentiality)
1. Availability
2. Integrity
3. Confidentiality
1. Confidentiality
2. Integrity
3. Availability
Life Cycle (years) 10 -20 years 3 - 5 years
Data communication (delays accepted, real
time?)
Real time Delays accepted
Network availability (losses accepted?) 24/365 Losses accepted
Patch management (update frequency) Infrequent Frequent
Location of security hardware
(decentralized vs centralized)
Decentralized Central
IT security implementation level (low – high) Low or none High
24. Is our Industrial Control Systems
(ICS) environment protected from
the Internet and how have we
validated that?
Industrial IT Security
Important questions
25. Who is the manager ultimately
responsible for cybersecurity or
do we rely on third-party support?
Industrial IT Security
Important questions
26. Do we have remote access to our
ICS network? If so, why do we need
it, and how is it protected and
monitored?
Industrial IT Security
Important questions
27. Industrial IT Security
Estimated costs of security failure
1 Data loss:
Suddenly, your entire data is lost. What would be the costs for reconstructing the data?
Euro _______
2 Loss of know-how:
Your competitor gains access to your confidential data (characteristic data, construction plans etc.). How great would
the damage be for You? Euro _______
3 Downtimes:
Due to a security problem, the production site stands still for several hours. How much would that cost You?
Euro _______
4 Employees' working hours:
How many working hours of your employees would You have to invest to compensate for the results of a security
failure? Euro _______
5 Hijacking of your computers:
How great would the communication effort be if a stranger used your (!) computer to spy on or attack a third party?
Euro _______
6 Reputation:
How great would the damage to your reputation be if your customers would not trust You any longer?
Euro _______
Total: Euro _______
https://icsmap.shodan.io/
Want to do your own analysis of the data and get a historic picture of publicly accessible ICS devices? All the data used for the above image is made available as a download below:
Bacnet (port 47808)
DNP3 (port 20000)
EtherNet/IP (port 44818)
Niagara Fox (ports 1911 and 4911)
IEC-104 (port 2404)
Red Lion (port 789)
Modbus (port 502)
Siemens S7 (port 102)