At the Black Hat security conference held in Las Vegas this week, one of the hot topics was cyber-vulnerabilities of manufacturing and processing plants across the country. As more and more companies increasingly automate their plants and factories, the possibility of cyber attacks increases exponentially which could lead to who factories of automated workers turning on their employers.
The rise of automation and use of robots in industries across the board is public knowledge. Boston Consulting Group has predicted that in the next ten years, greater than 1.2 million industrial robots will occupy factories everywhere, and that number is in addition to the robots used in factories already. Some analysts predict that automation in the pharmaceutical and chemical industry could increase the amount of materials that goes through processing by 20% annually and reduce energy consumption by about 8%.
At the security conference, Ken Westin, a senior security analyst at Tripwire, expressed his concerns regarding this trend. “A lot of businesses see value in automating a lot more of the processes when it comes to manufacturing. They’ll actually let a lot of these people go, like engineers. And they’ll focus on the automation. What they fail to do is look at the increased risk that that poses to the organization.”
For example, Westin pointed out that very old automated systems connected to an Internet network could spell disaster. They simply are not designed to withstand cyber attacks. “These systems were designed decades ago. They’re using protocols that are pretty ancient. They were designed for reliability and efficiency. Security was not a part of that. The security occurred on the physical end, protecting people who came in and out of these physical systems. Once you connect that to a corporate network? What happens is the corporate network now gets connected to the manufacturing plant, which was never designed to be connected to the Internet at all. When you have that connection, that increases risk to the organization. That’s something that’s not assessed in their analysis of risk.”
Because companies are increasing automation in their factories and are laying off workers such as engineers and maintenance crews, there may not be help to arrive when a malfunction occurs and robots go haywire. Westin refers to this combination as “a perfect storm in a lot of ways.” The compromise that companies are putting themselves into could result in injuring or killing its workers. Westin points out that “It will be something where se a loss of life. That’s going to change everything.”