Top 7 Cybersecurity Threats: #1 Equipment Sabotage

American manufacturers face many cybersecurity threats, but a few rise to the top as the most insidious.

Top 7 Cybersecurity Threats: #1 Equipment Sabotage

In a new series of articles, MxD will identify the Top 7 cybersecurity threats and suggest tactics manufacturers can implement to mitigate the risks of each.  

Making the Top 7 list: equipment sabotage, insider threats, data theft, malware, phishing attacks, ransomware, and supply chain attacks. 

First in the spotlight:  Equipment Sabotage 

In this type of cyber-sabotage, attackers target factory equipment with the goal of controlling it, stopping it, or destroying it.

The objective is not to get access to a company’s data but to access the industrial controllers that regulate the factory equipment. 

The best-known example of equipment sabotage was the Stuxnet worm, or malware, attack unleashed on an Iranian nuclear facility and detected in 2010. Stuxnet went after the control system at the Natanz nuclear plant, causing centrifuges to spin wildly and fail while plant operators were unaware anything was wrong.

It’s believed that a trusted contractor carried the worm into the facility on a removable drive, setting Stuxnet loose when that drive was plugged in.

Twelve years on, machinery far-less sophisticated than centrifuges is still being targeted by cybercriminals exploiting vulnerabilities.

Factory-floor equipment is built to last, often for decades. And that longevity creates risk. 

For instance, equipment from the 1970s or ‘80s may still be running fine. But it was built before manufacturers were worried about cybersecurity and before all of the network connectivity that makes digital transformation possible. As those machines hum, cybersecurity for operational technology (OT) may be less of a priority than security for information technology (IT) systems, with companies not realizing the peril they face.

The best way to minimize risk and prevent such attacks is with a defense-in-depth strategy. This tactic involves multiple levels of security so that if cybercriminals get through one layer, they still face many more barricades.

One place to start is with physical protection of the factory floor. That’s done by strictly controlling who is allowed onto the premises. No one can use an infected USB for an attack if they can’t get near the equipment. 

Other safety steps include locking the server room, installing a firewall, blocking ports on that firewall to limit access, and ensuring that the only way for people to access the network is with a username and password. Creating subnetworks is another way to halt or slow an attack. If networks are segmented, cybercriminals may bring down one factory line but won’t disable the entire factory.

Like infected USBs, phishing attacks (in which individuals are tricked into clicking a bad link that releases malware) are among cybercriminals’ top weapons. Training and testing employees on ways to avoid falling victim to such ruses is critical.

MxD’s virtual factory floor tour features two demonstration areas that illustrate what these attacks may look like and detail identification, protection, prevention, detection, response, and recovery strategies. 

The Cyber Wall tour, also featured in MxD’s virtual tour, looks at OT vulnerabilities. One example it shows is how protected (with allow listing software) and unprotected programmable logic controllers (PLC) react when an infected USB drive is inserted into the network. The Cybersecurity Process Manufacturing Test Platform (or Cyber Platform) on the virtual tour demonstrates how a security breach can cause cross-contamination in a process manufacturing plant and what to do when that happens.